Vohkus Limited

Office 365

Design, implementation and support of O365


  • Online provision of Microsoft Office, Email and Services
  • Simplified subscription licensed service
  • Cloud based


  • Fully managed design, implementation and support service
  • Simplified managment of users, use and licensing


£3.80 a person a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at merlin.stuart@vohkus.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 3 6 5 9 3 0 0 5 9 6 2 2 6 5


Vohkus Limited Merlin Stuart
Telephone: 0345 647 3000
Email: merlin.stuart@vohkus.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Microsoft Office 365
Cloud deployment model
Public cloud
Service constraints
Software provision is subject to the Terms and Conditions outlined by Microsoft
System requirements
Microsoft IE 8+, Mozilla Firefox 10+ or Google Chrome 17+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response within 30 minutes, follow-up dependant on severity of issue
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
1. Remote reactive support (standard) Monday - Friday 9-5 Helpdesk based reactive support Monday - Friday 9-5 2. Remote reactive 24 * 7 Helpdesk based reactive support 24 * 7 3. Costs for all service will vary significantly depending on customer requirements
Support available to third parties

Onboarding and offboarding

Getting started
Our fully managed service will provide ongoing user support from commencement including onsite training if required and online support and full documentation
Service documentation
Documentation formats
End-of-contract data extraction
Vohkus will work collaboratively with you in order to define and establish the required data extraction strategy, including assistance with data migration to another platform.
End-of-contract process
Because Microsoft Office 365 is a public, subscription based service, usage is perpetual as long as the subscription is maintained. Once service subscriptions cease, the user will have the option to migrate to another platform and data will be available for a defined period to accommodate this process (please see providers terms for details). Once the period has elapsed the service will be automatically wiped from the platform and data will no longer be available.

Support for the physical migration to another platform would incur an additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
No difference
Service interface
What users can and can't do using the API
The Office 365 REST API is publically available for manipulation of the service. Refer to Office 365 online documentation for existing limitations.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Please refer to the Microsoft Office 365 online documentation for available customisations.


Independence of resources
Service is provided via the Microsoft Cloud.


Service usage metrics


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Outlook, through creation of a pst file. Other Office 365 applications through normal file transfer routines.
Data export formats
Other data export formats
  • Excel, *.xls files
  • Word - *.doc files
  • Outlook *.pst files
  • Powerpoint *.ppt files
  • Other microsoft applications in file medium dictated by application
Data import formats
Other data import formats
  • Excel - *.xls files
  • Word - *.doc files
  • Outlook *.pst files
  • Powerpoint *.ppt files
  • Other applications in file medium dictated by Microsoft Application

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Other encryption methodologies can be employed bespoke to client requirements.
Data protection within supplier network
Other protection within supplier network
Tokenisation and kerberos are used on premise.

Availability and resilience

Guaranteed availability
We guarantee at least 99.9% uptime delivered through multiple data centre replication. Service credits are offered for contractual breaches not remedied
Approach to resilience
Our service is delivered through multiple replicated data centre resilience.
Outage reporting
Microsoft will communicate via a number of public dashboards and email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Strict role based access control is employed.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Microsoft have all the accreditations listed above

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Vohkus adheres to both the principles and intent of the policies and law relating to Data Protection in business. In practice this means that we take our responsibilities regarding the maintenance, security and accuracy of our data seriously. We utilise 3rd parties for supplementary systems and offsite backup. Whilst selecting those parties their compliance with the Data protection Act was a major consideration.
Vohkus adheres to the principles of The Data Protection Act which controls how your personal information is used by organisations, businesses or the government. Our commitment to quality business process and management is further demonstrated, through external recognition. We are continually working towards industry recognise standards such as our attainment of the ISO: 9001:2008 certification. In the specific context of Data Protection, one of the key changes to the ISO: 9001 standard when it was revised in 2008, was the inclusion of personal data within the context of ‘customer property’ (clause 7.5.4). That clause requires ‘organisations to exercise care with customer property whilst it is under the organisation’s control or being used by the organisation’ this is fully audited as part of the certification process.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We operate a formal configuration, validation and change management process captured within our CMDB which is subject to both client and internal sign off.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The threat management strategy is a composite of identifying a potential threats intent, capability, and probability of successful exploitation of a vulnerability. The controls used to safe guard against such exploitations are heavily founded upon security standards ISO 27001/27002 and NIST 800-53 controls implemented by Microsoft.
To make Microsoft defence more effective is commonly referred to as “Assume Breach” and assumes that a breach has already happened in the environment and is simply not known. With this mindset, the security teams are continuously attempting to detect and mitigate security threats that are not widely known.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Microsoft continue to invest in systems automation that helps identify abnormal and suspicious behavior and respond quickly to mitigate security risk. Microsoft are also continuously evolving a highly effective system of automated patch deployment that generates and deploys solutions to problems identified by the monitoring systems—all without human intervention. This greatly enhances the security and agility of the service. Microsoft regularly conduct penetration tests to enable continuous improvement of incident response procedures. These internal tests help our security experts create a methodical, repeatable, and optimized stepwise response process and automation.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Microsoft approach is referred to as “Respond to Breach.” This approach is used to mitigate the effects if a component is compromised. A diligent incident response process, standard operating procedures in case of an incident, ability to deny or stop access to sensitive data and identification tools to promptly identify involved parties helps ensure that the mitigation is successful.
Users can report incidents via the Service Desk, which will be escalated to Microsoft on the user's behalf. Incident reports are provided by Microsoft.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3.80 a person a month
Discount for educational organisations
Free trial available
Description of free trial
All inclusive service design, implementation and operation fees provided free of charge representing a Proof of Concept environment for a maximum of 3month (Scope of PoC is strictly subject to provider terms and service design limitations).

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at merlin.stuart@vohkus.com. Tell them what format you need. It will help if you say what assistive technology you use.