Fifosys Limited

Cloud Email and Collaboration Office 365

Microsoft Office 365 delivers the power of cloud productivity to businesses of all sizes, helping save time, money, and free up valued resources. Office 365 combines the familiar Microsoft Office desktop suite with cloud-based versions of Microsoft’s next-generation communications and collaboration services. Fifosys have completed 50+ migrations since 2015.


  • Highly resilient cloud hosted email platform
  • Real-time co authoring
  • Work anywhere from any device
  • Easily share documents internally and externally
  • Up to date versions of software
  • Team chat applications
  • Manage projects with planner and workflows
  • Highly secure using encryption and built in anti virus
  • Fifosys experiences to share and reduce the risk of migrations


  • Manage and update content on the move
  • Remove the need to spend time maintaining internal systems
  • Collaborate with internal and external users
  • Access email and manage content from multiple devices
  • Protect data with built in security and compliance controls
  • Seamless integration with other solutions and office suite
  • Flexible solution and services that can be added as required
  • Having completed 50+ migrations we reduce the risk of failure
  • Can support change from a user perspective and provide training


£0.00 to £30.80 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 5 9 0 7 3 4 8 5 5 7 2 0 1 9


Fifosys Limited

Mitesh Patel


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Support for Office 365 is limited to Microsoft Office versions of 2010 or higher. Certain features are only available with Office 2013 or higher.

Planned maintenance is regular Microsoft-initiated service updates to the infrastructure and software applications. Planned maintenance notifications inform customers about service work that might affect the functionality of an Office 365 service. Customers are notified no later than five days in advance of all planned maintenance through Message Center on the Office 365 Admin Portal
System requirements
  • Windows10, Windows8.1, Windows8, Windows7 Service Pack 1
  • 2 GB RAM
  • 3 GB Disk Space
  • Monitor Resolution of 1024x768
  • Up to date browser, Edge, Internet Explorer, Chrome, Safari, Firefox
  • 1GHz or faster x86 or 64bit processor

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.

We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships.

This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.
Support available to third parties

Onboarding and offboarding

Getting started
We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required. We have a large repository of user documentation that we share on how to use the various elements of the service, including instructional videos produced by the software provider.

The migration to this service is treated as a project and as such there will be several phases. During the discovery phase, the impact to the users will be assessed and we will work with the customer to determine a communication and training plan.

Following the cutover i.e. when the service is live, we will have an onsite engineer to assist with any queries and provide initial training to the users.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted manually by the users in the forms of PSTs for email and normal files for data stored in SharePoint or OneDrive. However we recommend that we are instructed to provide all of this data on removable media. This limits the amount of work required from the individual user and ensures that all data is captured, as dependant on permissions a user may not have access to all data or systems.

If we are exporting the data the user must supply or agree to the costs of Fifosys supplying the media. Once all data has been exported we will perform a verification comparing the exported data to the original source data and once confident that all data has been captured we will arrange
for the data to be removed from the Office365 source systems and the account closed.
End-of-contract process
Extracting the users live data is included in the price of the contract as are all termination fees. Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf.

The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported. All licencing provided as part of the Office365 subscription remaining the property of Microsoft and therefore we cease to be valid at the end of the contract.

Upon expiration or termination of your Office 365 subscription or contract, you, by default will be provided with additional limited access for 90 days to export your data

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile applications are provided by Microsoft and provide the majority of features of the full desktop versions. However they are scaled to fit the mobile device. Navigation is normal performed via scrolling and input via an on-screen keyboard on the device rather than using a mouse and keyboard.
Some advanced features such as adding embedded objects, recording macros, checking grammar, adding or updating citations, restoring or merging revisions and real time co-authoring are not available on the mobile version.
Service interface
Description of service interface
The Office 365 portal website allows access to the majority of Office365 features and applications. Online versions of mail, Word, Excel, Powerpoint and many of the other featues within the Office365 are all available through the web portal. Administration tasks can also be performed via the portal. Full details available on request.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Information available on request
What users can and can't do using the API
Integrate Office 365 data into your own apps

You can create custom solutions that access and interact with all the richness of a user’s Office 365 data—and you can build those solutions across all mobile, web, and desktop platforms. The Office 365 APIs enable you to provide access to Office 365 data, including their mail, calendars, contacts, files, and folders. All right from within your app itself.

Create a FileHandler add-in to control how Office 365 displays and interacts with your custom file types, including custom file type icons, file preview within the Office 365 UI, creating and opening the file type in a custom editor. And since FileHandler add-ins host their data and logic remotely, you can develop your add-in using the language, tools, and web development stack of your choice.
Add your app to the app launcher to give it visibility and make it accessible right from the Office 365 home page. Take advantage of Azure AD single sign-on to provide seamless access to your app for authorised users
Access the Reporting web service to build reporting dashboards, charts, and graphs to help their organisation manage their subscription usage.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
All elements of the Office365 environment can be customised. Dependant on the requirements of the user, difference licences and features can be added such as Skype, Conference Bridges, calling plans, Email archiving, copies of Office, themes, compliance, amounts of storage, security settings, ability to share, disclaimers, data retention. Branding can also be applied to various elements such as SharePoint sites, Meeting invites and control panels.

Dependant on the features chosen the costs per user will change.

Users can customise certain features such as themes and look and feel directly from within the Office suite or through the Office 365 portal. However other elements of customisation are controlled centrally through policies.

The central policies can be updated by any designated admin. As this is being provided as part of a managed service, normally we would take responsibility for making these changes after receiving instruction from the user. However if the client wishes to nominate a suitable individual to be granted admin rights, this can be accommodated.


Independence of resources
The cloud environment is highly and easily scalable. Load across the environment is constantly monitored for performance issues and additional resources can be quickly brought on-line to cope with any peaks in demand. Access to services is load-balanced across multiple databases, network links and servers to ensure users are not affected by the demand placed on the systems by others.

Bandwidth limits are in place for any activity that could saturate network connections and have a negative impact on other users such as large file transfers or mass mailbox migrations.


Service usage metrics
Metrics types
Metric show how people in your business are using Office 365 services.

Reports are available for the last 7 days, 30 days, 90 days, and 180 days.
Metrics include

Active Users

Email apps usage

Office 365 groups

OneDrive for Business user activity

OneDrive for Business usage

SharePoint site usage

SharePoint activity

Skype for Business Online activity

Skype for Business Online conference organized activity

Skype for Business Online conference participant activity

Skype for Business Online peer-to-peer activity

Yammer activity

Yammer device usage

Yammer groups activity report

Microsoft Teams user activity

Microsoft Teams device usage

Email activity

Mailbox usage

Office activations
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft or Fifosys in the following ways:
Exchange Online data, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Vanity domain names such as can be removed by following the Domain Removal instructions in Office 365 Help.
Metadata can be exported using PowerShell
Data export formats
Other data export formats
  • PST
  • Flat files (.docx, .xlsx, txt, jpg)
Data import formats
Other data import formats
  • PST
  • Flat files (docx, jpg, xlxs)

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The SLA on the Office365 platform is 99.9%

Financial backing is provided at part of the commitment to achieve and maintain the service levels for each service. If these are not achieved and the the service level maintained the service levels, then you are eligible for a credit towards a portion of your monthly service fees.

Downtime is defined as: Any period of time when Office applications are put into reduced functionality mode due to an issue with Office 365 activation.

Monthly uptime percentage is calculated as - ((User Minutes - Downtime) / User minutes) x 100

If the uptime falls below the SLA then the following service credits apply:
<99.9% = 25% service credit
<99% = 50% service credit
<95% = 100% service credit
Approach to resilience
Data resiliency means that no matter what failures occur within Office 365, critical customer data remains intact and unaffected.

Within Office 365 production environments, peer replication between datacenters ensures that there are always multiple live copies of any data.

Protection against corruption of mailbox data in Exchange Online is achieved by using Exchange
Native Data Protection, a resiliency strategy that leverages application-level replication across multiple servers and multiple datacenters along with other features that help protect data from being lost due to corruption or other reasons.

Every mailbox database in Office 365 is hosted in a database availability group (DAG) and replicated to geographically-separate datacenters within the same region. The most common configuration is four database copies in four datacenters.

To help prevent corruption from occurring at the file system level, Exchange Online is being deployed
on Resilient File System (ReFS) partitions to provide improved recovery capabilities. ReFS is a file system in Windows Server 2012 and later that is designed to be more resilient against data corruption thereby maximizing data availability and integrity
Outage reporting
Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process.

Users would be continuously updated on progress of the issue until resolved.

A public dashboard is also available for the service status at:

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised individuals from our organisation can manage the system and strong authentication is in place. The management layer is segregated from the service networks to prevent any issues affecting service.

The operational processes that govern access to customer data in Microsoft business cloud services are protected by strong controls and authentication, which fall into two categories: physical and logical.
Both us and Microsoft perform regular audits (as well as sample audits) to attest that any access is appropriate.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Microsoft's own cloud - This is covered by their own accreditation
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure.
Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation:
Information Security Organisation
Classifying Information and Data
Controlling Access to Information and Systems
Processing Information and Document
Purchasing and Maintaining Commercial Software
Securing Hardware, Peripherals and Other Equipment
Fifosys Personnel
Detecting and Responding to Incidents
Business Continuity

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Requirement for a change is identified by Fifosys or a supplier, customer or partner.
The pre-approved change list should be checked to confirm whether this change can be implemented without further review. If the engineer is happy to implement the pre-approved change without further approval they should log, implement and manage the change as a standard service request/support ticket or in a project task.
If the change is not on the pre-approved list or if the engineer feels that there are risks with this change that require additional consideration, the change should be logged and managed on the change board.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans.

We patch our and our clients servers every week using our automated patch management service.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus.

Data is also proactively monitored for RansomWare attacks through our backup solution.

When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket.

We respond to these incidents within 15 minutes
Incident management type
Supplier-defined controls
Incident management approach
Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request.

We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks.

Users can report incidents via phone, email or online portal.

Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0.00 to £30.80 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑