MDS Technologies Limited

Microsoft 365 and Office 365

Microsoft 365 (and Office 365) subscriptions and solutions enhance business working. The Microsoft 365 and Office 365 plans enable your business to work more collaboratively, more productively and from anywhere. We enable organisations of all sizes to take advantage of Microsoft services by managing the licensing, support, provisioning and billing.

Features

  • Full management of your Microsoft environment
  • Easy access to Microsoft services from multiple devices and locations
  • UK hosting within Microsoft UK data centres
  • Expert user support from our UK based helpdesk
  • Bespoke packages available
  • Microsoft Silver Partner
  • PRINCE2 practitioners
  • Microsoft Certified Engineers and Professionals

Benefits

  • One supplier for consultancy, design, implementation and support
  • Improve productivity and business efficiencies with familiar Office 365 apps
  • Support remote working with access to documents and applications anywhere
  • Enhance communication and collaboration with Microsoft Teams
  • Scalability - easily add users as your organisation grows

Pricing

£3.80 to £48.10 a user a month

  • Education pricing available

Service documents

Framework

G-Cloud 12

Service ID

6 4 6 3 9 0 2 9 0 7 6 5 0 2 4

Contact

MDS Technologies Limited Ben Grantham
Telephone: 01225 816280
Email: sales@mds.gb.net

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Customers will require appropriate network connectivity
  • Customer responsible for data security over their connectivity method

User support

Email or online ticketing support
Email or online ticketing
Support response times
Tickets are responded to on a priority basis. We aim to respond to ALL initial questions within 15 minutes during normal business hours (7:30-17:30 Mon-Fri).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
MDS' standard support includes Project Managers, Service Delivery Managers, Technical Account Managers, Support Engineers Monday-Friday between the hours of 7:30-17:30. We aim to respond to ALL incidents and requests within 15 minutes, with a priority on resolving P1 incidents.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customers on-boarding the service with MDS Technologies will need a project which manages their entry or exit, the scope of which will depend on the entry/exit parameters. The price for this will be by application and use the SFIA day rates appropriate to the work being completed. As part of the on-boarding process customers will be provided with the following:
- information on the ordering and invoicing process:
- how to terminate your contract
- after sales support
Service documentation
No
End-of-contract data extraction
Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
End-of-contract process
A termination plan will be produced and agreed with you. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities. Production of this tailored plan is included within the service price.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Minor interface differences to display content appropriately on each device.
Service interface
No
API
Yes
What users can and can't do using the API
Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Please see: https://docs.microsoft.com/en-us/Office365/ and https://products.office.com/en-gb/business/compare-more-office-365-for-business-plans for more information on Microsoft 365 and Office 365 options.

Scaling

Independence of resources
A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Analytics

Service usage metrics
Yes
Metrics types
Office 365 usage reports are available for your administrators in the Office 365 admin center. Please see https://support.office.com/en-us/article/activity-reports-in-the-office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263 for more information.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848

Availability and resilience

Guaranteed availability
Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
Approach to resilience
Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560
Outage reporting
Office 365 includes a service status portal for tracking any outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Office 365 allows for creation and management of administration roles, please see https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
03/11/2017
What the ISO/IEC 27001 doesn’t cover
MDS' risk assessment process has highlighted that the following area of ISO27001 is out of scope: 14.2.7 Information Systems: Outsourced Development
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
28/10/2016
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Nothing
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • PSN Connection Certificate

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Cyber Essentials Plus
Information security policies and processes
We follow the policies and procedures laid down in ISO 27001:2013 standard. In particular, our Information Security Management System contains all of the policies that support our security management approach. Our Information Security Policy provides the highest level policy statements which is supported by a comprehensive Acceptable Use Policy which all staff must sign before being granted any system/Network access. Additional policies cover key areas including Security Incident Management, Management Review, Document Control, Data Protection, Access Control, Business Continuity, Encryption, Patch Management and Auditing. As part of our Service Implementation Process we carry out a pre-handover security audit to ensure that we have met the required MDS Security standards as well as any specific customer security requirements which have been agreed. All of the above is supported by an extensive internal and external (UKAS accredited) Audit programme which ensures that we maintain the high level of security standards laid down in our processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Operational security processes are confidential
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Operational security processes are confidential
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Operational security processes are confidential
Incident management type
Supplier-defined controls
Incident management approach
Operational security processes are confidential

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Pricing

Price
£3.80 to £48.10 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents