SharePoint for Intranets - Digital Workspaces, Portals, Records Management (EDRMS) and Office 365

Brightwire has a track record in digital transformation design and delivery. We build Intranets and portals based on SharePoint 2013+ and Online, maximising your SharePoint investment and delivering applications that make a real difference to organisations-increasing productivity, engaging users, improving business processes, fostering collaboration and improved processes and working practices.


  • Intranets and web portals
  • Document and records management
  • Digital workspaces for teams
  • Workflows & automation
  • Integration-capable
  • Access and authentication
  • Supports internal communications
  • Improves collaboration and information sharing
  • Highly customisable
  • Responsive and highly usable


  • Increase user adoption - make SharePoint compelling and visually appealing!
  • Improve communication
  • Foster collaboration in people and teams with SharePoint
  • Role-based model targets relevant content
  • Streamline and automate business processes using workflows
  • Quick and easy access to content with sophisticated search
  • Fully customisable interface can be impressive and visually appealing
  • Bring disparate SharePoint sites together to improve central administration
  • Easily manage security and user permissions
  • Migrate data from existing SharePoint environment and network file shares


£675 per person per day

  • Free trial available

Service documents

G-Cloud 10



Clare Millar

0131 541 2159

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to SharePoint consulting and custom development; business transformation and internal communications consulting.
Cloud deployment model Hybrid cloud
Service constraints Clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
System requirements
  • SharePoint Licences
  • Recommended but not essential: up to date MS Office packages
  • Recommended but not essential: up to date web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based on priority levels. Response times are the same at weekends though an out-of-hours support agreement is required for out-of-hours cover.

Priority 1: Urgent and essential
Response: within 1 business hour.
Investigation: within 2 business hours.
Action: within 3 business hours.
Priority 2: Non-urgent operational matters
Response: within 3 business hours.
Investigation: within 4 business hours.
Action: within 7.5 business hours.
Priority 3: General enquiries
Response: within 7.5 business hours.
Investigation: within 2 business days.
Action: based on agreement with the Client
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use third party live chat tools which allow two way messaging - if there is a specific requirement to use a tool which is specifically WCAG compliant then we would be happy to implement this.
Web chat accessibility testing We use third party live chat tools which allow two way messaging - any assistive technology testing is done by the live chat provider. As above, if there is a specific requirement to use a tool which is specifically WCAG compliant then we would be happy to implement this.
Onsite support Onsite support
Support levels Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation.
User guides: these can either be documented or video guides for users and contain quick tips and handy reference information.
Online training: we can provide online training if required - typically to larger groups of users.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft PowerPoint
End-of-contract data extraction All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
End-of-contract process The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 A
Accessibility testing SharePoint is compliant with WCAG 2.0. Whether compliance is A or AA varies by feature and this is based on client need.
What users can and can't do using the API A variety of functions can be performed using the Web API and these depend on client need. This allows users to work with content, media, and users via a REST API.
API documentation Yes
API documentation formats
  • HTML
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation SharePoint can be extensively customised to suit client needs. A range of areas can be customised - ranging from simple to complex workflows, triggers and notifications (as examples).


Independence of resources There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.


Service usage metrics Yes
Metrics types Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability For Microsoft SharePoint and 365 licensing the Microsoft guarantee for service level uptime is 99.9%. Should the service fall below this in a given month then a credit will be given against the applicable month's subscription fee.
Approach to resilience Microsoft 365and SharePoint offerings are delivered by highly resilient systems that help to ensure high levels of service. Service continuity provisions are part of the 365 system design. These provisions enable 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable). The Microsoft 365 and SharePoint Online service is designed to provide a high degree of security, continuity, and compliance—service goals that are derived from the Microsoft Risk Management program.
Outage reporting Administrator dashboard with alerts and notifications (email and online).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI - see website for Office365- Certificate Number IS 552878
ISO/IEC 27001 accreditation date 15/10/2016
What the ISO/IEC 27001 doesn’t cover In scope: The management of Information Security Management System (ISMS) for Microsoft Office 365 Services development, operations, support, and protection of personally identifiable information.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are working towards ISO 27001 certification and as such we follow industry standard best practices for information security. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the Technical Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:
Request: Initiation of a change with a request for change (RFC);
Classification: Assigning a priority to the change after assessing its urgency and impact;
Authorisation: Processing the RFC through to the change advisory board;
Development: Developing the change, release management;
Release Management: Releasing the change for testing;
Review: Conducting post-deployment review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have an account lockout process whereby after 15 attempts, an account will automatically be locked as suspicious activity would be assumed. We track and monitor invalid login attempts via standard Windows event logging mechanisms. We respond based on the SLA times as detailed earlier in this section.
Incident management type Supplier-defined controls
Incident management approach Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. For outage incidents with SharePoint/Office 365 that are Microsoft related, the administrator will receive alerts and be able to raise issues using the administration dashboard. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other


Price £675 per person per day
Discount for educational organisations No
Free trial available Yes
Description of free trial A vanilla free trial (i.e. without customisations) is available for a duration of 30 days.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑