Jisc Services Ltd

Managed Microsoft 365

Jisc offers the full range of apps and services within the Microsoft 365 portfolio with pricing models for government, business, education and the third sector. Our managed service optimises your use of O365 licensing, maintains a secure environment, and provides access to Microsoft Premier Support when you need it.

Features

• Best-in-class technology advice, engineering and support
• Full management of your Microsoft Office 365 environment
• User administration including Office 365 Exchange groups and SharePoint sites
• Expert support and guidance via telephone and email
• Predictable monthly spend with full visibility of Office 365 utilisation
• Elastically flex Office 365 licensing according to needs and demand
• Office 365 SaaS approved for use at OFFICIAL category
• Easily access Microsoft Office 365 from multiple devices and locations
• Unified communications with Microsoft Teams
• Microsoft Cloud Solution Provider, Microsoft Gold Hosting Partner

Benefits

• Expert ITIL aligned management of your Office 365 business applications
• Boost productivity with familiar Microsoft Office 365 applications
• Improve collaboration with Microsoft SharePoint, Yammer, OneDrive and Teams
• Increase flexibility with always-on access to Office 365 from anywhere
• Easy integration with existing services such as Microsoft Active Directory
• Enable unified communications and mobile device management
• Trusted technology advisor and ally of the public sector
• Comprehensive connectivity solutions including Janet, PSN and Azure ExpressRoute
• Transform the way you work with Microsoft Office 365 applications
• Anywhere, anytime, flexible working with Microsoft Office 365 applications

£7.50 to £48.10 a user a month

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

556314183415777

Contact

Jisc Services Ltd

Jisc helpdesk

03003002212

help@jisc.ac.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Any current web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 mins, 60 mins or 2 hours depending on priority, Monday to Friday, 8.00am to 6.00pm (excluding bank holidays).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: All service requests and change requests can be raised via web chat.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: We provide a single support level and an Enhanced Security service option. For details and costs, please see the service definition and pricing documents in our listing. All our managed services are supported by a team of cloud support engineers, backed up by specialist subject matter experts covering fields including networking, security and applications.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Microsoft 365 specialist will work with you to understand the scope and nature of the required services, including: Office 365 features required, the deployment process, any integration requirements of legacy services/applications, end users, segmentation and associated security profiles. Details include agreeing reporting requirements and scheduling, formats and transportation. This will normally take place prior to contract award. We will provide user guides, both online and in crib card format as part of user activation. Onsite training can also be provided as an additional charged item.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
• End-of-contract process: A termination plan will be produced and agreed with you. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities. Production of this tailored plan is included within the service price.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: If you're using at least iOS 10.0 we recommend using the Office for iPad apps instead. You'll find them in the Apple app store. If you're using an older version of iOS then Safari is the best browser for Office Online on iPads, but some features may not be available. There are currently no browsers on Android that are officially supported with Office Online. We recommend using the Office for Android apps instead. You'll find them in the Google Play store.
• Service interface: Yes
• Description of service interface: All features of the service are available through the service interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Please see https://docs.microsoft.com/en-us/Office365/ and https://products.office.com/en-gb/business/compare-more-office-365-for-business-plans for more information on Office 365 options.

Scaling

• Independence of resources: A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Analytics

• Service usage metrics: Yes
• Metrics types: Office 365 usage reports are available for your administrators in the Office 365 admin center. Please see https://support.office.com/en-us/article/activity-reports-in-the-office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263 for more information.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Other data at rest protection approach; ; Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848

Availability and resilience

• Guaranteed availability: Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
• Approach to resilience: Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560
• Outage reporting: Office 365 includes a service status portal for tracking any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Office 365 allows for creation and management of administration roles, please see https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification International
• ISO/IEC 27001 accreditation date: 10/05/2018
• What the ISO/IEC 27001 doesn’t cover: Our certificate covers the information security of the technology solutions, covering the network, premises and supply chain management, supporting all of our cloud and hosting services, cloud-based application development, identity and access management, license negotiation and professional services offerings provided to customers.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 11 August 2015
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: All Jisc cloud solutions are covered.
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Supplier to Government
  • CHECK
  • CESG PGA
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Jisc is certified as compliant with ISO27001:2005 (Certificate CI/12868IS) by a UKAS accredited certifying body. Services that we have designed, implemented and operate have been subject to risk assessment including ITHCs and penetration testing by independent CHECK providers. We are able to supply our Information Security Policy subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Jisc is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure. Jisc's management tool incorporates an automated Change Management Database (CMDB) at the heart of its operation, with all service support and delivery modules linked to the CMDB to ensure a complete and accurate view of customer estates. A CAB team exists within the services department and liaises closely with all other teams to ensure changes are successful and our infrastructure is maintained and accurately modelled within the CMDB.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We rely on vendor support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities by them.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Jisc makes use of cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. A real-time analytics engine is used to correlate events, logs and performance metrics across your cloud and on-premise infrastructure. A comprehensive suite of highly configurable rules allow alerts to be sent in response to malicious activity and performance-impacting events, all of which is included as standard in the service.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our ITIL-aligned Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. Customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. For Major Incidents, once the Incident has been resolved, the Incident Manager will ensure an Incident Review Meeting is held and a Major Incident Report is created and distributed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Joint Academic Network (JANET)

Pricing

• Price: £7.50 to £48.10 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)