Ergo Services

Microsoft Dynamics 365 CRM Services

CRM implementation services to help organisations deliver exceptional levels of service using Microsoft Dynamcs 365 (CRM). Process Improvement, KPI Reporting and Data Consolidation are key components of a solution delivered by Ergo


  • An enterprise scale Customer relationship management system
  • Automates Sales forces, Marketing campaigns and service desk
  • Subscription model allows costs to be spread monthly
  • An easy to use experience across any device
  • Processes automated via work flow steps in a visual way
  • Measuring performance and presenting results is easy
  • Available across multiple platforms: online or offline mode.
  • Customsiable platform which can adapt to specific business needs
  • Extensive Reporting and Dashboard capability
  • API allows for integration with other corporate systems


  • Workforce management features standardises processes, reducing overall cost of activity
  • Integrated marketing functionality maximises return from campaigns
  • Automated service desk features enable customer satisfaction
  • Performance measuring allow processes to be modified
  • Real time reporting and dashboards drive effective decision making
  • Customer service tools help drive better client retention
  • BI features allow greater insight to activity and trends
  • Subscription model frees up working capital
  • Microsoft platform allows integration with other products (email, ERP, etc.)
  • Custom services maximise productivity of the platform


£595 to £1295 per person per day

Service documents

G-Cloud 9


Ergo Services

Richard Birchall


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Microsoft Dynamics 365
Microsoft Office 365
Microsoft SharePoint
Microsoft PowerBI
Microsoft Azure
Cloud deployment model Public cloud
Service constraints Microsoft have a 99.9% SLA in place on their public cloud platform that we leverage.

For more information see:
System requirements
  • PC/Laptop with up to date OS and web browser
  • Internet connection
  • Microsoft Dynamics 365 license and/or subscription

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Agreed Service Level Agreements (SLAs) will have varying levels of support available depending on category of issue or question logged.

Full 24 * 7 support options are available.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing All support modes are typically tested before go-live (e.g. Microsoft Skype for Business).
Onsite support Onsite support
Support levels Support levels are customised based on customer requirements and budget. They range from Monday-Friday, 9AM to 5:30PM. Hours covered extend to full 24*7, 365 days a year agreements.

Costs are based on the Service Level Agreement, as well as the scope of services and functionality covered.

Support agreements will automatically include Account Management. They can also include dedicated Technical Account Management or specific Cloud skillsets subject to the overall solution supported and agreed budget.

Services can be provided remotely via our contact centre, on-site at the customer location, or a hybrid model of both.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our services would follow a standard application development lifecycle (including Agile). This typically includes upfront analysis and design, through development, test and rollout. Rollout options will include the preferred training methods agreed with the customer. User adoption can also be delivered as a specific service post go-live. Training courses and/or material (both remote and onsite) can be provided.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft PowerPoint
  • Video training
End-of-contract data extraction Data can be extracted and outputted to a SQL database, Microsoft Excel or CSV format.
End-of-contract process Specific contract schedules will include provisions for end of contract process and pricing. Transition of services to a new provider at end of contract can be included where required (and are costed in line with the scope of effort identified and agreed at time of contract initiation).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Rendering of screens is responsive to mobile device OS. Mobility and Desktop features and functionality are comparable.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing All support modes are typically tested before go-live (e.g. Microsoft Dynamics etc.).
What users can and can't do using the API Given appropriate security credentials via the API, users can interact fully with the service. This includes the creation, read, update and deletion of records. Data can also be imported and exported from the service via the API.

For more information on the API, please refer to:
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our services include the ability to fully customise the Dynamics 365 platform based on user requirements. This is typically delivered through initial requirements gathering and design phases.

Individual users with appropriate security permissions can also further modify or customise form and page layouts, reports and dashboards.


Independence of resources Microsoft Dynamics 365 is a multi-tenant platform that scales automatically to user numbers and demand.


Service usage metrics Yes
Metrics types Service usage metrics are typically determined for each implementation. They are defined with the customer during an initial scoping/analysis phase based on business and reporting requirements. Typical metrics could include: user activity, records created/deleted, record values, aggregate values. System metrics could include storage used, data table size and records counts.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be extracted and outputted for export to Microsoft Excel or CSV formats. For an entire data extract, a SQL database snapshot can be provided.
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • SQL server database
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Excel
  • Programmatic import (coded as part of our services)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Microsoft have a 99.9% SLA in place on their public cloud platform that we leverage.

For more information see:
Approach to resilience Microsoft Dynamics 365 offerings are delivered by highly resilient systems that help to ensure high levels of service. Service continuity provisions are part of the Dynamics 365 system design. These provisions enable Dynamics 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable).
Outage reporting There is a public dashboard available. Email alerts can also be set up as part of the service notification process.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to specific platform management areas/functionality are rights-controlled (based on accepted credentials, such as username and password, including MFA where required).
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Microsoft platform security accreditations include EU Model clauses, HIPPA, SOC1/2
  • It also includes ISO27001, ISO27018, CSA STAR.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes Ergo employs best practise methodologies on processes and procedures relating to authentication (Role Based Access, User-specific user accounts, for example), Monitoring (Availability, Capacity, Performance and security audit recording) and risk mitigation in accordance with our annual security reviews, assessments, gap analysis and continuous remediation improvements.

We are currently in the process of attaining ISO27001 and working towards the implementation of reporting structures aligned with the standard, with the associated roles fulfilled through our existing team members. We have an identified individual responsible for the implementation of Information Security (Keith McAvinue, Senior Engineer). We also have a senior manager responsible for oversight and approval of the InfoSec Programme (Steve Blanche, CTO). Executive ownership lies with our Managed Services Managing Director, Jimmy Sheahan.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change Management at Ergo adheres to ISO9001 standards and ensures that methods and procedures are used for efficient handling of changes, in order to minimize impact of change and assess for potential security impact. Change Management controls in place ensure that changes are recorded and evaluated, authorised, prioritised, planned, tested, implemented, documented and reviewed in a controlled manner. Changes are managed from the same system that manages incidents, problems and that houses our asset database (CMDB). A Change Approval Board is in place for regular submission and approval/rejection of proposed changes based on the business justification and potential impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability identification process adheres to the following frequency cycles:
• External vulnerability scans (Annually)
• Internal vulnerability scans (Monthly)
• External Penetration Test (Annually)
• Internal Penetration Test (Monthly)

Patching is administered by WSUS manged via Microsoft SCCM (System Center Configuration Manager).

Typically, the patch release to implementation cycle of security patches on relevant infrastructure is completed within one month of GA.

Potential threats are identified by our Managed Service security team in collaboration with industry sources, research tools and specific clients.
Protective monitoring type Supplier-defined controls
Protective monitoring approach To detect unauthorised or malicious activity on our network we have a Firewall-based Intruder detection system and (IDS) and Intruder prevention system (IPS). We also use systems monitoring, Advanced Threat Analytics and Rapid7 Nexpose to assess vulnerability of servers, clients and network elements.

We review logs for IDS, routers, firewalls and servers in real-time. We follow standard procedure for handling High Priority Incident Management aligned to ITIL. Incidents are responded to within agreed SLAs driven by incident severity.

Post-incident reports are provided depending on severity, with details on risk assessment, impact and the resolution implemented.
Incident management type Supplier-defined controls
Incident management approach Yes, we have agreed pre-defined processes for handling common events, in line with standard our ITIL-based practice. Where we become aware of any failure or significant malfunction which would impact the provision of services, loss of data or potentially adverse effect on the system, we notify the relevant stakeholders in writing immediately after becoming aware of the incident. We also obtain evidence about the relevant incident, and will conduct a Root Cause Analysis (RCA). An Incident Report (or Major Incident Report) is issued post-resolution.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £595 to £1295 per person per day
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 days free trial option including Proof of Concept modelling.
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑