SIMPLEX SERVICES (UK) LIMITED

Microsoft 365

Our Digital Workspace Technical Advisory, Consultancy and Support Services provides:1. Inputs and validation for Greenfield collaboration services and/or integration with legacy infrastructure. 2. Identification, finalisation and governance for medium and large projects. 3. Formulate/validate existing architecture covering business aligned technology vision, principles, policies, standards and roadmap to target cloud architecture.

Features

  • Strategy and Consulting to choose the right Collaboration platform
  • Solution Architecture
  • Compliance and Assurance
  • Packaged Services including software licenses for as-a-service requirements
  • Office, Outlook, Exchange Online, OneDrive for Business, Microsoft Intune
  • Chat-based workspace, online meetings, and more in Microsoft Teams
  • Stream, Yammer, Planner, SharePoint Online, Power Apps, Flow
  • Scheduling Apps – Bookings, StaffHub
  • Business Apps – Outlook Customer Manager, MileIQ, Invoicing
  • Office 365 Advanced Threat Protection, Microsoft Defender Exploit Guard

Benefits

  • Enhanced credibility for your existing strategy
  • Address business needs, maintain quality of outputs and control
  • Align user needs to cloud offerings
  • Tangible outputs conforming to technology framework
  • Diverse skillsets and scalable (up and down) model
  • Self-service password reset for hybrid Azure Active Directory accounts
  • Office 365 Data Loss Prevention
  • Unlimited email archiving
  • Windows AutoPilot, Windows Pro Management
  • Device & App Management

Pricing

£1 a user

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mohit@simplex-services.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 1 8 7 0 8 5 9 3 2 1 8 7 4 0

Contact

SIMPLEX SERVICES (UK) LIMITED Mohit Bajaj
Telephone: +447946789222
Email: mohit@simplex-services.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Third party software for specific customer needs. This will be dependant on the components and services that require enhanced and/or custom capabilities and are not completely met by M365 out of the box solutions/services.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No immediate constraints. The standard constraints can be accessed at https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-service-descriptions-technet-library?redirectedfrom=MSDN.
System requirements
  • Appropriate licensing is procured
  • System requirements are dependent on each individual project and customer

User support

Email or online ticketing support
Yes, at extra cost
Support response times
The response times are defined as per customer's requirements and budgets. We broadly classify our support into three categories: Standard, Important and Critical. Standard: General guidance cases < 24 business hours; system impaired cases < 12 business hours. Important: General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour. Critical: General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour; business-critical system down cases < 15 minutes.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We have not directly done web interface testing for assistive technology users but can work and channelise with partners to bring those testing experience for our clients.
Onsite support
Yes, at extra cost
Support levels
We offer 9am to 5pm or 24/7 support dependent on client needs and can be a combination of on-site and remote support. We have a team of consultants and specialists who are certified in the specific technology and cloud services area. We provide the 1st line and 2nd line support using our in house resources and we leverage on our relationship with the cloud service providers for any 3rd line support. We support three levels titled: Standard, Important and Crticial. We work with clients to understand their business requirements and cost implications and then align workloads to support levels. We have Technical Account Manager and Cloud Specialist to help our clients define these support levels and ensure right fit throughout the contract. This activity is carried during the initial setup and can be altered if our client's requirement changes providing flexibility.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our onboarding services are tailored to customer’s requirements and can be combination of onsite training, online training, and/or user documentation/guides. Our standard methodology is to adopt a train-the-trainer approach. This allows knowledge to cascade throughout the organisation to all users.

The key on-boarding tasks include Governance Model, Requirements and Delivery approach, End User communication and Commercials.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
All the existing and data created in relation to the services in question will remain the property of the customer. The data can be extracted in an agreed format and within agreed timescales.

Microsoft M365 data extraction specific details can be found here: https://docs.microsoft.com/en-us/office365/Enterprise/office-365-data-retention-deletion-and-destruction-overview
End-of-contract process
A contract termination plan will be produced and agreed with the customer. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The core functionalities are available across all platforms. However, some of the services are optimised for mobile, desktop and tablet use and there are differences. See https://support.office.com/en-us/article/Office-Online-browser-support-AD1303E0-A318-47AA-B409-D3A5EB44E452
Service interface
Yes
Description of service interface
Please see https://products.office.com/en-gb/business/office-365-administration
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have not directly done web interface testing for assistive technology users but can work and channelise with partners to bring those testing experience for our clients.
API
Yes
What users can and can't do using the API
Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Various level of customisation can be done. This is subject to customer business requirements and contract discussion.

Scaling

Independence of resources
We provide an agile and scalable service in order to meet the fluctuations in demand for each individual service. These services are underpinned by a set of pre-agreed SLAs with each individual customer, ensuring continuity of the services being provided and are backed by Microsoft's Investment and SLA's.

Analytics

Service usage metrics
Yes
Metrics types
We can provide various levels of metrics and can be customised as per customer's need. Further details can be found here - https://docs.microsoft.com/en-gb/microsoft-365/admin/activity-reports/activity-reports?redirectSourcePath=%252fen-us%252farticle%252fActivity-Reports-in-the-Office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263&view=o365-worldwide
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Multiple. Specific customer, components, services that require custom/enhanced capabilities

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Tailored to customer’s requirements. Further detail can be found at https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365?view=o365-worldwide and https://docs.microsoft.com/en-us/office365/Enterprise/office-365-data-retention-deletion-and-destruction-overview.
Data export formats
  • CSV
  • ODF
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The SLAs can be accessed here - https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement and https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description
Approach to resilience
As your cloud collaboration provider we have partnered with Microsoft to continuously earn our customers trust by providing solutions that function consistently and that our users love.

When any given service is unavailable, this is called downtime. The definition of downtime varies for each Microsoft 365 service, but they commonly focus on any period of time when users are unable to use the essential functionality of the service.

Details of how Microsoft defines and ensures resiliency in the M365 service can be found here: https://docs.microsoft.com/en-us/microsoft-365/enterprise/ebcm-m365-service-resiliency?view=o365-worldwide
Outage reporting
M365 service status portal for tracking any outages are available in a real time basis and can be accessed here - https://status.office365.com/. Customer specific services health status can be accessed here - https://portal.office.com/adminportal/home#/servicehealth

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We support Modern Authentication enables Active Directory Authentication Library (ADAL)-based sign-in for Office client apps across different platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), smart card, and certificate-based authentication.

MFA for Office 365 - users are required to acknowledge a phone call, text, or an app notification on their smartphone after correctly entering their password.

Further details can be found here - https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/user-account-management?redirectedfrom=MSDN
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
To ensure security for our customers, we cover it right from the requirements phase through to implementation supporting the complete Security Development Lifecycle.

We address information security concerns and compliance requirements for our customers by designing the access to the customer’s sensitive data with complete adherence and traceability.
Information security policies and processes
We have designed detailed policies for information security with ultimate responsibility resting with our CISO. We are Cyber Essentials certified. Our associates go through security checks like The BS7858 screening, DBS and any customer specific requirements.

The screening comprises of ID verification check, Address verification check, Right to Work check, Personal/character reference, Full UK credit check (includes bankruptcy/insolvency check, CCJ check and up to date credit score), Five years employment verification, Gap verification and Basic DBS check (criminal record check).

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Simplex is committed to ITIL aligned Change and Configuration Management for effective management and control of their customer's infrastructure.

We work with our customers to align with their Change Management Database (CMDB), service support and delivery requirements to ensure a complete and accurate view of their assets.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Simplex subscribe to vendor support services and in M365 case with Microsoft to ensure the environment is operating in line with the latest recommendations and we make our customers of any potential vulnerabilities. The patch deployment policy is ITIL aligned and undertaken in accordance with customer's security policy. For exceptional and emergency patching, our processes allow proper process to protect customer services from vulnerabilities. Regular notifications are sent to ensure that customers are informed of planned works and all patches are tested before deployment to live.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We makes use of cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. Subsequently, a real-time analytics engine is used to correlate events, logs and performance metrics across customer's cloud and on-premise infrastructure. We configure a comprehensive suite of highly configurable rules to allow the alerts to be sent in response to malicious activity and performance-impacting events.

M365 specific monitoring details can be found here: https://docs.microsoft.com/en-us/office365/enterprise/office-365-monitoring-and-self-healing
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our ITIL-aligned Incident Management process and Service Desk is the first point of contact and manages incidents and escalations until resolution. This ensures that we respond to any reported faults and sets out target response and resolution times to ensure that these are fixed within agreed timeframes.

The customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

Price
£1 a user
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
For latest free trial options, please check - https://www.microsoft.com/en-gb/microsoft-365/try?SilentAuth=1

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mohit@simplex-services.com. Tell them what format you need. It will help if you say what assistive technology you use.