Cloud Email and Collaboration Office 365
Microsoft Office 365 delivers the power of cloud productivity to businesses of all sizes, helping save time, money, and free up valued resources. Office 365 combines the familiar Microsoft Office desktop suite with cloud-based versions of Microsoft’s next-generation communications and collaboration services. Fifosys have completed 50+ migrations since 2015.
- Highly resilient cloud hosted email platform
- Real-time co authoring
- Work anywhere from any device
- Easily share documents internally and externally
- Up to date versions of software
- Team chat applications
- Manage projects with planner and workflows
- Highly secure using encryption and built in anti virus
- Fifosys experiences to share and reduce the risk of migrations
- Manage and update content on the move
- Remove the need to spend time maintaining internal systems
- Collaborate with internal and external users
- Access email and manage content from multiple devices
- Protect data with built in security and compliance controls
- Seamless integration with other solutions and office suite
- Flexible solution and services that can be added as required
- Having completed 50+ migrations we reduce the risk of failure
- Can support change from a user perspective and provide training
£0.00 to £30.80 per user per month
- Education pricing available
6 5 9 0 7 3 4 8 5 5 7 2 0 1 9
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
Support for Office 365 is limited to Microsoft Office versions of 2010 or higher. Certain features are only available with Office 2013 or higher.
Planned maintenance is regular Microsoft-initiated service updates to the infrastructure and software applications. Planned maintenance notifications inform customers about service work that might affect the functionality of an Office 365 service. Customers are notified no later than five days in advance of all planned maintenance through Message Center on the Office 365 Admin Portal
|Email or online ticketing support||Email or online ticketing|
|Support response times||The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.
We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships.
This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.
|Support available to third parties||Yes|
Onboarding and offboarding
We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required. We have a large repository of user documentation that we share on how to use the various elements of the service, including instructional videos produced by the software provider.
The migration to this service is treated as a project and as such there will be several phases. During the discovery phase, the impact to the users will be assessed and we will work with the customer to determine a communication and training plan.
Following the cutover i.e. when the service is live, we will have an onsite engineer to assist with any queries and provide initial training to the users.
|End-of-contract data extraction||
Data can be extracted manually by the users in the forms of PSTs for email and normal files for data stored in SharePoint or OneDrive. However we recommend that we are instructed to provide all of this data on removable media. This limits the amount of work required from the individual user and ensures that all data is captured, as dependant on permissions a user may not have access to all data or systems.
If we are exporting the data the user must supply or agree to the costs of Fifosys supplying the media. Once all data has been exported we will perform a verification comparing the exported data to the original source data and once confident that all data has been captured we will arrange
for the data to be removed from the Office365 source systems and the account closed.
Extracting the users live data is included in the price of the contract as are all termination fees. Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf.
The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported. All licencing provided as part of the Office365 subscription remaining the property of Microsoft and therefore we cease to be valid at the end of the contract.
Upon expiration or termination of your Office 365 subscription or contract, you, by default will be provided with additional limited access for 90 days to export your data
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Mobile applications are provided by Microsoft and provide the majority of features of the full desktop versions. However they are scaled to fit the mobile device. Navigation is normal performed via scrolling and input via an on-screen keyboard on the device rather than using a mouse and keyboard.
Some advanced features such as adding embedded objects, recording macros, checking grammar, adding or updating citations, restoring or merging revisions and real time co-authoring are not available on the mobile version.
|Description of service interface||The Office 365 portal website allows access to the majority of Office365 features and applications. Online versions of mail, Word, Excel, Powerpoint and many of the other featues within the Office365 are all available through the web portal. Administration tasks can also be performed via the portal. Full details available on request.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Information available on request|
|What users can and can't do using the API||
Integrate Office 365 data into your own apps
You can create custom solutions that access and interact with all the richness of a user’s Office 365 data—and you can build those solutions across all mobile, web, and desktop platforms. The Office 365 APIs enable you to provide access to Office 365 data, including their mail, calendars, contacts, files, and folders. All right from within your app itself.
Create a FileHandler add-in to control how Office 365 displays and interacts with your custom file types, including custom file type icons, file preview within the Office 365 UI, creating and opening the file type in a custom editor. And since FileHandler add-ins host their data and logic remotely, you can develop your add-in using the language, tools, and web development stack of your choice.
Add your app to the app launcher to give it visibility and make it accessible right from the Office 365 home page. Take advantage of Azure AD single sign-on to provide seamless access to your app for authorised users
Access the Reporting web service to build reporting dashboards, charts, and graphs to help their organisation manage their subscription usage.
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Description of customisation||
All elements of the Office365 environment can be customised. Dependant on the requirements of the user, difference licences and features can be added such as Skype, Conference Bridges, calling plans, Email archiving, copies of Office, themes, compliance, amounts of storage, security settings, ability to share, disclaimers, data retention. Branding can also be applied to various elements such as SharePoint sites, Meeting invites and control panels.
Dependant on the features chosen the costs per user will change.
Users can customise certain features such as themes and look and feel directly from within the Office suite or through the Office 365 portal. However other elements of customisation are controlled centrally through policies.
The central policies can be updated by any designated admin. As this is being provided as part of a managed service, normally we would take responsibility for making these changes after receiving instruction from the user. However if the client wishes to nominate a suitable individual to be granted admin rights, this can be accommodated.
|Independence of resources||
The cloud environment is highly and easily scalable. Load across the environment is constantly monitored for performance issues and additional resources can be quickly brought on-line to cope with any peaks in demand. Access to services is load-balanced across multiple databases, network links and servers to ensure users are not affected by the demand placed on the systems by others.
Bandwidth limits are in place for any activity that could saturate network connections and have a negative impact on other users such as large file transfers or mass mailbox migrations.
|Service usage metrics||Yes|
Metric show how people in your business are using Office 365 services.
Reports are available for the last 7 days, 30 days, 90 days, and 180 days.
Email apps usage
Office 365 groups
OneDrive for Business user activity
OneDrive for Business usage
SharePoint site usage
Skype for Business Online activity
Skype for Business Online conference organized activity
Skype for Business Online conference participant activity
Skype for Business Online peer-to-peer activity
Yammer device usage
Yammer groups activity report
Microsoft Teams user activity
Microsoft Teams device usage
|Supplier type||Reseller providing extra support|
|Organisation whose services are being resold||Microsoft|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft or Fifosys in the following ways:
Exchange Online data, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Vanity domain names such as client.com can be removed by following the Domain Removal instructions in Office 365 Help.
Metadata can be exported using PowerShell
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
The SLA on the Office365 platform is 99.9%
Financial backing is provided at part of the commitment to achieve and maintain the service levels for each service. If these are not achieved and the the service level maintained the service levels, then you are eligible for a credit towards a portion of your monthly service fees.
Downtime is defined as: Any period of time when Office applications are put into reduced functionality mode due to an issue with Office 365 activation.
Monthly uptime percentage is calculated as - ((User Minutes - Downtime) / User minutes) x 100
If the uptime falls below the SLA then the following service credits apply:
<99.9% = 25% service credit
<99% = 50% service credit
<95% = 100% service credit
|Approach to resilience||
Data resiliency means that no matter what failures occur within Office 365, critical customer data remains intact and unaffected.
Within Office 365 production environments, peer replication between datacenters ensures that there are always multiple live copies of any data.
Protection against corruption of mailbox data in Exchange Online is achieved by using Exchange
Native Data Protection, a resiliency strategy that leverages application-level replication across multiple servers and multiple datacenters along with other features that help protect data from being lost due to corruption or other reasons.
Every mailbox database in Office 365 is hosted in a database availability group (DAG) and replicated to geographically-separate datacenters within the same region. The most common configuration is four database copies in four datacenters.
To help prevent corruption from occurring at the file system level, Exchange Online is being deployed
on Resilient File System (ReFS) partitions to provide improved recovery capabilities. ReFS is a file system in Windows Server 2012 and later that is designed to be more resilient against data corruption thereby maximizing data availability and integrity
Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process.
Users would be continuously updated on progress of the issue until resolved.
A public dashboard is also available for the service status at: https://portal.office.com/servicestatus
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Only authorised individuals from our organisation can manage the system and strong authentication is in place. The management layer is segregated from the service networks to prevent any issues affecting service.
The operational processes that govern access to customer data in Microsoft business cloud services are protected by strong controls and authentication, which fall into two categories: physical and logical.
Both us and Microsoft perform regular audits (as well as sample audits) to attest that any access is appropriate.
|Access restriction testing frequency||At least once a year|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||04/10/2017|
|What the ISO/IEC 27001 doesn’t cover||Microsoft's own cloud - This is covered by their own accreditation|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Plus|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure.
Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation:
Information Security Organisation
Classifying Information and Data
Controlling Access to Information and Systems
Processing Information and Document
Purchasing and Maintaining Commercial Software
Securing Hardware, Peripherals and Other Equipment
Detecting and Responding to Incidents
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Requirement for a change is identified by Fifosys or a supplier, customer or partner.
The pre-approved change list should be checked to confirm whether this change can be implemented without further review. If the engineer is happy to implement the pre-approved change without further approval they should log, implement and manage the change as a standard service request/support ticket or in a project task.
If the change is not on the pre-approved list or if the engineer feels that there are risks with this change that require additional consideration, the change should be logged and managed on the change board.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans.
We patch our and our clients servers every week using our automated patch management service.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus.
Data is also proactively monitored for RansomWare attacks through our backup solution.
When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket.
We respond to these incidents within 15 minutes
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request.
We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks.
Users can report incidents via phone, email or online portal.
Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.00 to £30.80 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||No|