EntServ UK Ltd part of the DXC Technologies Group

Connected Bank as a Service - Microsoft Dynamics 365 for Banking

DXC's leading Banking service offers a complete end to end solution for any channel, product or department - applicable to retail and commercial banking. The service can be deployed independently of legacy IT and existing programmes.

Features

• Microsoft Dynamics 365 Customer Engagement consultancy, training and implementation
• Temenos Transact (T24) consultancy, training and Implementation
• VeriPark Modules; VeriChannel, VeriBranch, VeriTouch and VeriLoan
• VeriLink Integration
• Customer Insights
• PowerBI
• 1-day Assessment

Benefits

• Customer engagement​
• Acquisition, development, retention and loyalty capability
• 360-degree customer view, mobility apps, unified front end
• Improved ability to bring new products to market
• Efficiencies & reduced risk​
• Redefine your IT operations for the future​
• Solution is architected with Cyber Security built in​
• Paperless, SLA driven, Machine learning driven
• AI based authentication and recognition capabilities​

£1,000 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Framework

G-Cloud 12

Service ID

768513058514795

Contact

DXC Frameworks Team
+44 (0)560 303 1617
ukitenders@dxc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Microsoft does schedule planned maintenance for updates to the application. These are done in conjunction with the customer's requirements
• System requirements:
  • We can reference https://ax.help.dynamics.com/en/wiki/browser-requirements/
  • Microsoft Exchange required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response SLAs vary based on Contract and ticket Priority.; Response is within 1 hour and resolution within 2 hours for premier support under a priority 1 issue.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Synchronous conferencing is available via Microsoft Skype or Microsoft Teams, with dial-in options available.
• Web chat accessibility testing: Not tested by Reseller, but Microsoft are conducting testing and implementing feedback into their Synchronous conferencing packages. This will include screen-reading and navigation capabilities.
• Onsite support: Yes, at extra cost
• Support levels: 3 Levels of Support. Standard (£7,500 p.a.), Enhanced (£15,000 p.a.) and Premium (£60,000 p.a.). Technical Account Manager and Cloud Engineers can be provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a mix of training options for users from onsite user based training, train the trainer, on line user documentation and web based eLearning style training courses. We also provide Masterclasses for ongoing training and exposure to new functionality as it is released.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • DOC
  • DOCX
• End-of-contract data extraction: The users data will be sat in their own personal workspace and this data can be copied to a new location upon termination of the contract
• End-of-contract process: A customer may terminate a Subscription at any time during its Term; however, you must pay all amounts due and owing before the termination is effective. Included in the price of the contract is all the hardware and software as agreed at the time of the contract. What is not included as standard if the integration of the Cloud serice into any on existing on premise or other Cloud solutions the customer may require. This will include API's, bespoke anlaytics or reports, or customisations, The customer is also responsiblle for the connectivity from their own Datacentre to the Microsoft Azure Datacenter.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is based on web browser functionality and so there are no differences between the mobile and desktop service. The form factor of smaller mobile devices such as smart phones don't lend themselves to the solution due to the amount of screen information.
• Service interface: No
• API: Yes
• What users can and can't do using the API: The Web API provides a development experience that can be used across a wide variety of programming languages, platforms, and devices. The Web API implements the OData (Open Data Protocol), version 4.0, an OASIS standard for building and consuming RESTful APIs over rich data sources. The API can be used for tasks such as consuming and creating data in entities, authenticating access and calling business logic.; ; Because the Web API is built on open standards, we don’t provide assemblies for a specific developer experience. You can compose HTTP requests for specific operations or use third-party libraries to generate classes for whatever language or platform you want. You can find a list of libraries that support OData version 4.0 at http://www.odata.org/libraries/.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Service can be customised interms of the look at feel for each customer. The solution is also Modular so each customer can take the components they require initially and then add at a later date. Some self service customisation can be included in some of the modules and this can be explored upon request

Scaling

• Independence of resources: We will survey the users you have and the type of licenses they need. We will also look at the functions they will perform. We will then provide this data to Microsoft in order to properly size the infrastructure required.

Analytics

• Service usage metrics: Yes
• Metrics types: Azure Monitor enables you to consume telemetry to gain visibility into the performance and health of your workloads on Azure. The most important type of Azure telemetry data is the metrics (also called performance counters) emitted by most Azure resources. Azure Monitor provides several ways to configure and consume these metrics for monitoring and troubleshooting. Metrics are a valuable source of telemetry and enable you to do the following tasks: Track the performance of your resource (such as a VM, website, or logic app) by plotting its metrics on a portal chart and pinning that chart to a dashboards.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At all times during the term of Customer’s subscription, Customer will have the ability to access and extract Customer Data stored in each Online Service. Except for free trials, Microsoft will retain Customer Data stored in the Online Service in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Dynamics 365 provides security-hardened infrastructure that Microsoft controls and monitors 24 hours a day, seven days a week. Microsoft uses a variety of technologies to block unauthorized traffic to and within Microsoft datacenters.; Connections that are established between customers and Microsoft datacenters are encrypted by using industry-standard Transport Layer Security (TLS). This establishes a secured browser-to-server connection, which helps provide data confidentiality and integrity between the desktop and datacenter. A redundant network provides failover capability and helps ensure network availability.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Microsoft uses several network security technologies to protect your cloud services and data, and block attacks.; •Firewalls and perimeter firewalls; •Intrusion detection systems/intrusion prevention systems detect and identify suspicious or undesirable activities that indicate intrusion; •Partitioned LANs ; •Multi-tier topology ; •Traffic isolation ; •Cross-premises connectivity enables you to establish connections between a virtual network and multiple on-premises sites, or other virtual networks in Azure, by using VPN gateways or third-party virtual appliances.; •Access Control Lists; •Azure Security Center provides a centralized portal from which you can secure resources you place in Azure

Availability and resilience

• Guaranteed availability: Available via MicrosoftDynanmics365forOperationsCloudServiceOperations.pdf
• Approach to resilience: This is available upon request .
• Outage reporting: https://azure.microsoft.com/en-gb/support/trust-center/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: You can use the Azure AD service to associate your existing Microsoft account with your Microsoft Dynamics user account and achieve single sign-on between the Microsoft Dynamics Web client and Office 365. Also, if you use Microsoft Dynamics in an app for SharePoint, you can use Azure AD to achieve single sign-on between the Microsoft Dynamics Web client and SharePoint. You can still host the Microsoft Dynamics Server instance and Microsoft Dynamics Web Server components on-premises. You do not have to deploy Microsoft Dynamics on Azure to use Azure AD for user authentication.
• Access restrictions in management interfaces and support channels: https://azure.microsoft.com/en-gb/support/trust-center/
• Access restriction testing frequency: At least once a year
• Management access authentication: Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: https://azure.microsoft.com/en-gb/support/trust-center/
• ISO/IEC 27001 accreditation date: https://azure.microsoft.com/en-gb/support/trust-center/
• What the ISO/IEC 27001 doesn’t cover: https://azure.microsoft.com/en-gb/support/trust-center/
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 31/12/2016
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: https://azure.microsoft.com/en-gb/support/trust-center/
• PCI certification: Yes
• Who accredited the PCI DSS certification: https://azure.microsoft.com/en-gb/support/trust-center/
• PCI DSS accreditation date: 31/12/16
• What the PCI DSS doesn’t cover: https://azure.microsoft.com/en-gb/support/trust-center/
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: https://azure.microsoft.com/en-gb/support/trust-center/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: https://azure.microsoft.com/en-gb/support/trust-center/
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: https://azure.microsoft.com/en-gb/support/trust-center/
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: https://azure.microsoft.com/en-gb/support/trust-center/
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: https://azure.microsoft.com/en-gb/support/trust-center/

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)

Pricing

• Price: £1,000 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF