AMDH Services Limited

Office 365 Backup

Office 365 does not come with backup - it comes with a whole load of features but not backup. Our Office 365 backup solution allows you to have peace of mind knowing that if something goes wrong with Office 365 you can still get your data back.

Features

  • Backup for Exchange Oneline, Sharepoint Online, Onedrive for Business
  • Backup for Microsoft Teams
  • Choice of backup location; Azure, AWS or On-Premise
  • Choice of backup retention policies
  • Backup to multiple locations
  • Granular recovery

Benefits

  • Simplified management portal
  • Data encrypted in-transit
  • Data encrypted at rest
  • Per customer encryption keys
  • Unlimited Storage
  • Data Sovereignty Options

Pricing

£56.84 to £225.27 a user a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.horler@amdhservicesltd.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 7 2 5 4 0 5 8 2 9 6 9 5 5 7

Contact

AMDH Services Limited Andrew Horler
Telephone: 01332322588
Email: andrew.horler@amdhservicesltd.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Office 365
Cloud deployment model
Public cloud
Service constraints
Requires customer to be using Office 365 and to have administrative access to the Office 365 subscription.
System requirements
Requires customer to be using Office 365 business or enterprise

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Basic support for Office 365 backup service is provided Free Of Charge.

Response times depend on support package purchased and ticket type:
Critical Incidents
###
Bronze: Initial response in 4 hours, weekdays 9am-8pm
Silver / Gold: Initial response in 1 hours, 24/7

Urgent Incidents
###
Bronze: Initial response in 8 hours, weekdays 9am-8pm
Silver / Gold: Initial response in 2 hours, 24/7

Important Incidents
###
Bronze: Initial response in 12 hours, weekdays 9am-8pm
Silver / Gold: Initial response in 4 hours, 24/7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Depends on our support package:
Bronze: Email support only
Silver / Gold: Chat supported through user logging into our support portal and accessing chat.
Web chat accessibility testing
None at this time.
Onsite support
Yes, at extra cost
Support levels
BRONZE SUPPORT
###
Email only, initial response 4 hours for critical incidents, support available weekdays 9am - 8pm only.

SILVER SUPPORT
###
Email, live chat, telephone and online ticketing tool. Initial response 1 hours for critical incidents, support available 24/7.

GOLD SUPPORT
###
Email, live chat, telephone and online ticketing tool. Initial response 1 hours for critical incidents, support available 24/7. Customizable.

PRICING
###
Pricing for the support options is based on the number of licenses / staff, anticipated number of tickets raised per month, complexity of the tickets, and the number of different products that are being supported. Once this information has been collated support will be provided based on the SFIA rate card staff requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon receiving an order from a customer for Office 365 Backup we would arrange a kick off meeting with the customer to discuss what assistance they require around onboarding. At this meeting we would discuss:
1) What features of Office 365 they use and want to backup
2) Backup and retention policies - including destinations
3) Preparatory Checks
4) Remediation following checks
5) Initial requirements - mainly administrator access
5) Date on which to start backups
6) Training Plan
7) Required ongoing support
Following this we would provide to the customer a quote for the associated professional services to deliver all the above items as required.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
1) Customers can download the data from the solution in the backup format as required or restore it to an Office 365 environment.
2) We would recommend that customers wanting to exit our backup solution setup a new backup solution and get backups working and then cancel our service thus avoiding the need to extract the data.
3) Any assistance from AMDH for data extraction at contract end is a chargable activity.
End-of-contract process
At the end of the contract if the customer stops paying for the service the data will be removed from the backup solution and the customer access deprovisioned.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
There is an administrator portal in which the backups are set up.
Accessibility standards
None or don’t know
Description of accessibility
Via the web. Users can complete all actions via the web portal.
Accessibility testing
AMDH have completed no testing of the interface.
API
No
Customisation available
Yes
Description of customisation
The product is fixed - all features are available but we can customize our support package to meet the customer requirements.

Scaling

Independence of resources
The solution is a managed service - the service is scaled up as the number of clients using the system increases. Customers should not adversely affect each other.

Analytics

Service usage metrics
Yes
Metrics types
Tool reports on successful backups and restorations.

There is also an administrative log.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
NetApp & Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The solution is an Office 365 backup service so the customers can extract the data into a Office 365 environment or to an on-premise data store.
Data export formats
Other
Other data export formats
  • Customer can restore data to Office 365
  • Customer can hold their own copy of the backup data
Data import formats
Other
Other data import formats
  • Backup solution backs up data in Office 365
  • Backup solution stores data in its own format

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The service has an availability SLA of 99.99%.

This only applies to the subscription service not to any support package offered by AMDH.
Approach to resilience
The service is a managed service delivered out of multiple sites in cloud and is designed to be resilient.
Outage reporting
The service has a dashboard view that reports any issues.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Office 365 uses Azure AD as its identity provider. Azure AD / Office 365 supports role based access control and access to the management interfaces is controlled through Azure AD. Further control can be applied using Azure AD Conditional Access and Privileged Identity Manager (PIM) in order to ensure users only access management features when authorized.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Security Incident Reporting can escalate to our Managing Director & CTO.

We have the following policy documents:
- BYOD Policy
- Data Breach Policy
- Devices Policy
- Password Policy
- User accounts policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
**AMDH: Configuration and change management is managed through our change management processes, procedures and policy.

**Microsoft: Configuration and change management is managed through their change management processes, procedures and policy.

**Office365: The configuration and change management of a customer Office 365 subscription will depend upon whether the customer manages it themselves or whether it follows a mixed management process with the customer and AMDH joinly manage the environment. We would anticipate discussing this with the customer in detail prior to commencing the service.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
AMDH: We follow the procedures we have defined around our Cyber Essentials certification.

Microsoft: Microsoft follow the procedures required by the certification requirements of Cyber Essentials Plus and ISO27001:2013 for Office 365.

Office 365 Provider Vulnerability Management: Managed by Microsoft.

Office 365 Consumer Vulnerability Management: Managed by the customer based upon the features they purchase and processes and procedures they put into place. For example enhanced features will be available if the customer uses Office 365 E5, Microsoft 365 E5, Microsoft 365 Business Premium, EMS E3, or EMS E5.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
At present AMDH does not offer any services that require protective monitoring.

Office 365 is monitored by Microsoft for data breaches - this is detailed on the Microsoft website:
https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-breach-office365

Customers can choose to purchase enhanced monitoring using the Advanced Threat Protection (ATP) license options available - but should be aware that they need staff to monitor the outputs of this tool.
Incident management type
Supplier-defined controls
Incident management approach
AMDH: Incidents are either automatically detected or reported by users. Once reported to our service desk they will be managed according to our Incident Management Procedures.

Office 365: Incidents are managed following the Microsoft procedures. These are available on the Microsoft website.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£56.84 to £225.27 a user a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Please contact us to arrange a free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.horler@amdhservicesltd.com. Tell them what format you need. It will help if you say what assistive technology you use.