Daisy Corporate Services Trading Limited

Daisy CloudBridge Microsoft Office 365

Microsoft Office 365 is a cloud-based service that provides the tools to bring collaboration, communication and by extension, productivity to each individual in an enterprise. Office 365 services include Exchange Online, OneDrive, SharePoint, Microsoft Teams and Security and Compliance to name but a few.

Features

  • Mobility – Access office apps and data anywhere, any time
  • Any Device – Desktop, laptop, tablet, smartphone and Mac
  • Evergreen – Software always up to date.
  • Flexible – Monthly subscription for the Microsoft license
  • New features and functionality continually added
  • Productivity – Collaborate more effectively

Benefits

  • Provides flexibility, scalability and security
  • Allows you to flex cost according to demand
  • Enables greater agility, better service and lower costs
  • Work smarter, faster and more cost effectively
  • Opex model reduces stress on capital budgets
  • Quality of service is assured by SLAs
  • Provides better levels of service to your users
  • Supports a flexible or mobile working policy
  • Reduces complexity and risk of transitioning to a new service

Pricing

£0.04 to £460.69 a unit a month

Service documents

Framework

G-Cloud 12

Service ID

8 2 1 7 0 0 3 2 2 3 2 4 3 5 0

Contact

Daisy Corporate Services Trading Limited Andy Riley
Telephone: 07540 203 303
Email: publictenders@daisygroup.com

Service scope

Service constraints
Appropriate connectivity from customer site into our Data Centres must be in place
System requirements
  • 1 Mb (or higher) internet connection
  • Microsoft Windows, Red Hat Linux or Android
  • Microsoft Internet Explorer 7 or Android

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support levels Priority Response Update Frequency Resolution Time Description Priority 1 All incidents categorised as security incidents are treat as P1 Within 15 minutes Every 30 minutes unless otherwise agreed with customer In accordance with the availability within a service line, as defined in service credits With a target resolution of 2 hours Cloud specific: critical business impact, such as all users are unable to function within a service line Priority 2 Within 15 minutes Every 2 hours Within 4 hours Cloud Specific: high business impacts, such as all users at single site unable to function within a service line
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Essentials, Enterprise, Enterprise Plus
Support available to third parties
No

Onboarding and offboarding

Getting started
On boarding activities are discussed at the start of a project. We have an extensive set of professional servcies available to help a smooth transition to cloud environments.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Microsoft Cloud services are provided on a subscription basis and follow the standard Microsoft Cloud subscription terms. Data can be extracted at any point while resources are provisioned through a valid subscription using the various tools provided by Microsoft.
End-of-contract process
Microsoft Cloud services and hardware support will be ended once the contract term has been fulfilled and subscriptions deleted. Customers are able to transfer management and licenses to other providers as required.

Using the service

Web browser interface
Yes
Using the web interface
Look at billing and account information, raise support tickets, manage elements of the environment
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Via a web browser. Access is via a named account and password
Web interface accessibility testing
None
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Microsoft 365 Services are provided as a shared service model which automatically scales on global service demand. Microsoft provide a number of SLAs as well as local and regional resiliency, load-balancing and geo availability services.
Usage notifications
No

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft as well as our own

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Data
  • Virtual Machines
  • System information
Backup controls
Backup controls This enterprise-class solution enables Daisy to provide a unified backup and recovery platform spanning all our customers’ solutions today, while also ensuring that new applications, operating systems and databases will be supported on release, without the need to undertake changes to the back-end infrastructure in the future.
Datacentre setup
Multiple datacentres
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Microsoft provide a secure backbone for their Cloud Services. External connectivity can be secured through Microsoft ExpressRoute or Site-to-Site VPN connections. Consumer access to Microsoft Cloud services can be secured through RMS encryption, risk based conditional access and Multi-Factor Authentication services
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Extensive security systems in place in the Daisy core network

Availability and resilience

Guaranteed availability
SLAs for Microsoft Cloud Services are available from Microsoft depending on the cloud service selected and the level of availability chosen during configuration. Some variations exist across different regions
Approach to resilience
Microsoft Cloud Services can be configured across different regions (geo load-balancing) and can be established in defined primary locations. Microsoft have multiple Data Centres across each region for resilience.
Outage reporting
Email and SNMP

Identity and authentication

User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Where access to customer infrastructure is required, Daisy uses a secure backup and admin connection to components for monitoring, support and backups. All traffic across this connection is secure and segregated.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
13/09/2013 original certification
What the ISO/IEC 27001 doesn’t cover
Scope is all Daisy sites and services requiring security
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Through the establishment of a comprehensive security framework, Daisy shall demonstrate a commitment to protect all assets that support the delivery of business objectives and address all legal, regulatory and contractual obligations. The following ISO27001 Group clause & objectives are referenced within this document: Clause 5, & Control objectives: A6, A9, A11, A13.2, and A14 Data Protection Policy Site Security Policy CCTV Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Daisy’s ITIL v3 aligned service management tool meets ISO 27001 guidelines, governing core ITIL processes including, but not limited to, incident, problem, change, release, configuration, service level management and service catalogue functions
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability scanning is included in the Daisy security framework, to help monitor the effectiveness of existing security controls and identify any weaknesses. The IT security Manager in consultation with Head of Compliance shall coordinate vulnerability scanning activities including: • identifying the scope of testing • monitor manufacturer and vendor sites for information updates regarding vulnerabilities Should the vulnerabilities be assessed as not posing an immediate threat to operations, security patches or code fixes shall be subject
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring of our platforms is done from our segregated and ISO27001 compliant management platforms, we protect the platform itself and its perimeter edge with Daisy owned and operated solutions, not in any way tied to logical customer implementations within these platforms. Each customer as part of a Managed Service has our standard security and monitoring products deployed with pre-agreed alert classifications and thresholds set as part of our typical managed service. Potential compromises are identified in our centralised monitoring solution, with accompanying detailed information of the platform and customer which auto generates an incident in our ticketing systems.
Incident management type
Supplier-defined controls
Incident management approach
Predefined processes are in place for common events Users can report incidents via the web portal or email in the event of an incident Daisy will Issue customer updates as per the agreed frequency on the progress of a resolution or workaround. This may include initiating and leading conference calls, bridges or meetings. Create MI reports where required, validating content is customer appropriate. Issue to service delivery management. Publish the MI report to the customer as defined by the customer SLA.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Organisations that share the same phsical equipment are seperated by VLAN's. Different environments cannot communciate with each other

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£0.04 to £460.69 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents