FCO Services

FCO Services - Microsoft Office 365

FCO Services managed Office 365 is a secure Public Cloud-based collaboration solution. It provides, email, document management, file storage, Instant messaging and advanced security and integration features. The solution is suitable for OFFICIAL communication.

Features

  • Support for Government Security Classification OFFICIAL
  • Includes, Email, Instant messaging Skype for Business and Yammer
  • Includes OneDrive, Word, Excel, PowerPoint, Outlook, OneNote and SharePoint
  • 1Tb Cloud Storage per user
  • Integrate with range of networks including PSN
  • Migration services to move you to Office 365
  • Training for end users and administrators
  • FCO Services UK telephone email and online support
  • Assistance in configuring advanced security, SOC, DMARC and DKIM

Benefits

  • Access email and data securely aligned to government assurance
  • Optional Single Sign On access - one login to remember
  • UK government OFFICIAL customisations tailored to UK government needs
  • Indepth pre migration analysis ensures smooth onboarding
  • FCOS uniquely understands the needs of other UK government departments
  • Collaborate faster by Co-editing files and sharing your screen
  • Training ensures Office 365 benefits are optimised for all users
  • A one stop shop for Office 365 support and guidance

Pricing

£2.60 to £15.00 per user per month

Service documents

G-Cloud 10

817092272202402

FCO Services

Elizabeth Arneill

01908 515789

LizArneill.Gcloud@fcos.gov.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Cirrus360 or as a stand alone service, or integrated service.
Cloud deployment model Hybrid cloud
Service constraints No
System requirements An internet connected device with a modern browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Level 1 - P1 incidents have a response target of 30 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing Users are invited to pilot the web chat feature and provide early engagement.
Onsite support Yes, at extra cost
Support levels Standard support is included in the standard price and includes email and phone support 9-5 Monday to Friday.

Enhanced support is available to cover 24 hours and day 7 days a week support.

Technical account management, Service Delivery management and Cloud support engineers are accessible for customers choosing enhanced support and bespoke support contracts.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Discover
Alpha
Beta
Live
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Customer data can be extracted at any time, during the term of the agreement, across the network using a remote administrative access device.

If a physical copy of the data is required, then the customer would need to raise a Service Request via the FCO Services’ Global Support Centre Service Desk. The data would be made available to the customer within five working days and would be presented as a virtual HDD, such as a VMWare vmdk file or files, on appropriate media.

All physical data extraction/removal is a chargeable service, priced at time of request.
End-of-contract process Off boarding is available as an additional cost. To off board the customer should raise a Service Request via the FCO Services’ Global Support Centre Service Desk.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile access can be made through a mobile web browser or native App supplied through the Apple App store or Google play store.

Desktop access can be made through a modern browser or a Windows or Mac install able client.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Office 365 applications on various platforms are designed with the requirements of EN 301 549, WCAG 2.0 AA and US Section 508 in mind, Microsoft work with partners to verify conformance to accessibility standards.
API Yes
What users can and can't do using the API Microsoft provide full details.

https://msdn.microsoft.com/en-us/office/office365/api/api-catalog
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Additional Office 365 modules can be purchased adding storage, features, users and applications.

Scaling

Scaling
Independence of resources The service uses Microsoft elastic public Cloud infrastructure to ensure that demands can be met through on going monitoring and automated service provisioning.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data in a range of standard Microsoft formats, including: .xls, csv, doc, pdf, ppt
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability This service is delivered with an availability of 99.9%.
Approach to resilience Detailed service is design is available on request.
Outage reporting Email alerts are provided through Service Delivery Manager contact points.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Limited access over dedicated link, enterprise or community network, assured by independent testing of implementation.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Security policies are based on ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach FCO Services have a fully defined ICT Operations Change Process. The Change Management process ensures that IT and the business can be kept aligned with optimal efficiency and minimal disruption, re-work and risk by means of the consistent and effective management of the necessary changes needed to maintain alignment to ISO9001. The FCO Services are managed via standard ICT Operations Configuration Management policies (fully documented, audited and available) ensuring configuration is visible and understood by all parties.
Vulnerability management type Undisclosed
Vulnerability management approach Regular vulnerability scans are conducted and remediation activity conducted. Identified vulnerabilities are added to the risk register if not remediated.

FCO Services can share more detail on vulnerability management on request (and subject to clarificiation of requesting entity).
Protective monitoring type Undisclosed
Protective monitoring approach Protective monitoring is aligned to HMG Good Practice Guide 13 (GPG13).

FCO Services can share more detail on vulnerability management on request (and subject to clarificiation of requesting entity).
Incident management type Undisclosed
Incident management approach FCO Services manages Incident Management according to ITIL V3 framework, this distinguishes between Incidents (Service Interruptions) and Service Requests (standard requests from users, e.g. password resets).

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £2.60 to £15.00 per user per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑