This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Advanced 365 are still valid.
Advanced 365

Azure Infrastructure as a Service

This service is for the provision of Microsoft Azure Infrastructure as a Service. Advanced is Microsoft Cloud Solution Provider and is able to provide Azure compute and a range of associated support services to help a customer migrate workloads to Azure.

Features

  • Advice and guidance on technical requirements
  • Workload assessment and sizing
  • Monitoring services for Azure workloads and networks
  • ITIL v3 service desk
  • Networking advice, implementation and support
  • Migration services
  • Performance optimisation
  • Capacity planning

Benefits

  • Strength in depth technical resources
  • Quality assured services
  • Hybrid IT support across multiple platforms
  • ISO 27001 assured operational security
  • Consulting service to maximise return on investment
  • ITIL aligned supporting services

Pricing

£0.12 a virtual machine an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bid.Support@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

9 1 6 1 5 0 4 5 4 5 8 0 5 6 2

Contact

Advanced 365 Bid Management
Telephone: 0330 343 4000
Email: Bid.Support@oneadvanced.com

Service scope

Service constraints
Azure IaaS services as defined by Microsoft.
System requirements
  • Customer provides suitably licenced application software
  • Customer installs Application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Calls are answered within 20 seconds. Response times are determined by the severity of the call.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All calls to the Advanced service desk will be answered within 20 seconds. Support service levels are defined within the service definition. Response time are defined based on severity levels as follows: Severity 1: - 30 minutes, Severity 2: - 1 hour, Severity 3: - 4 hours, Severity 4: - 8 hours.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Advanced provide a broad range of optional services to assist customer make best use of their Azure services. Services include workload migration, application installation and testing. Training services in the use of Azure are available is required.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Microsoft Visio
  • Microsoft Project
End-of-contract data extraction
Advanced is able to provide optional service to assist customers remove data from the Azure or alternatively facilitate a transfer of tenancy ownership.
End-of-contract process
Removal of applications and data is the customers responsibility. Advanced can assist or perform these activities if required.

Using the service

Web browser interface
Yes
Using the web interface
Advanced will provision user accounts for approved users. Role based access control will be used to maintain administrative control. Changes will be restricted to authorise users only.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Web interface is governed by Microsoft controls and is accessible through supported web browsers.
Web interface accessibility testing
None.
API
No
Command line interface
Yes
Command line interface compatibility
Windows
Using the command line interface
Users can execute commands through a PowerShell command line. These commands are an alternative to actions which can be taken through the web interface.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
As per the Microsoft Azure service definition.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Synthetic transactions
  • Application monitoring
  • Tenancy status
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft Azure Infrastructure as a Service

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • File data
  • Databases
  • Virtual Machines
  • Applications
  • Mail data
  • Object Storage
Backup controls
Customers can determine a backup schedule, settings for the backup (i.e. exclusions), execute backup jobs and view success or failure of said jobs.

Advanced can provide a managed backup service whereby all of the above is provided by Advanced under a service, governed by SLAs and charged per GB.
Datacentre setup
Multiple datacentres
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.9% is currently guaranteed by Microsoft. Service credits are available from Microsoft based on tiers.
Approach to resilience
Please refer to the services descriptions provided for the Azure Infrastructure as a Service.
Outage reporting
Service outage is reported through a public dashboard. Advanced is able to provide additional services where outage notification can be delivered to email or by phone.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Advanced uses the principles of least privileges and role based access control. This is line with best practice as outlined in ISO 27001 and implemented within the Advanced Information Management System.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bureau Veritas
ISO/IEC 27001 accreditation date
16/02/2015
What the ISO/IEC 27001 doesn’t cover
Nothing, Advanced ISO 27001:2013 certification addresses all Annex A controls.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
30/3/2012
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Azure, Dynamics 365, and Office 365 are all covered by the certification.
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 9001:2015
ISO 14001:2008
Information security policies and processes
Both Microsoft and Advanced are certified to ISO 27001:2013 and Advanced's Information Security Management System implements all mandatory controls and address all 114 Annex A controls of this international standard for information security.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Where Advanced is providing these services on the Azure platform Advanced uses ITIL v3 processes for asset management, change and configuration management. Changes are reviewed through the Advanced CAB, and discussed and agreed with the customer prior to implementation.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The vulnerability assessment process provides visibility into the vulnerability of critical assets deployed in the IT Infrastructure. The process comprises of identifying critical systems, their corresponding owners, vulnerability scanning on regular basis, determining and assessing potential vulnerabilities, documenting and establishing a time line to remediate critical vulnerabilities.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Advanced complies with protective monitoring in line with GPG 13.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management control objectives are defined within our ISO 27001:2013 certified Information Security Management System and the procedures for Incident management are aligned to ITIL v3 industry best practice.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft
How shared infrastructure is kept separate
Service separation is defined by Microsoft within the relevant service description.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£0.12 a virtual machine an hour
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bid.Support@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.