QuantiQ Technology Limited

Microsoft Dynamics 365 cloud licence, implementation, managed services and support provider.

QUANTIQ resells Microsoft Dynamics licensing and provides consulting, implementation, support and managed services for cloud-based Microsoft Dynamics 365 business applications. Including, but not limited to Finance, Operations, ERP, CRM, HR, HCM, Talent, Membership, Business Intelligence, Project Services, Field Service, Customer Service, AI, Power Apps and IP across all Public Sectors.

Features

  • Centralized global financial management solution, robust real-time financial analytics
  • Role based workspaces, intelligent automation and Office 365 integration
  • Integration with the greater Microsoft Azure cloud services
  • Empower workforce with device agnostic HTML5 UI; access anytime, anywhere
  • BPM, allows documenting client business process and re-usable training material
  • Integration with 3rd party apps using over 200 connectors
  • Deep integration with Microsoft Dynamics 365 stable of products
  • Scalable architecture, with real-time telemetry, monitoring and escalation
  • Continual monthly updates means latest features are always available
  • Common Data Service PowerApps allows clients to create bespoke Applications

Benefits

  • Device agnostic: Microsoft, Android, Apple devices can access the Application
  • Task recordings can help new users understand processes and behaviour
  • Workflow ensures business restrictions are adhered to and policy policed
  • Workspaces provide users with realtime relevant, engaging decision making data
  • Flexible change tracking capability means historic audit data is available
  • PowerBI allows centralized reporting across multiple datasources for critical insights
  • Mobile App development by end users can simplify business operations
  • Connect sales, procurement, logistics, warehousing for 360 view of supplychain
  • Use Microsoft Office to export, update data quickly and easily
  • Use Management Reporter to create boardroom-quality reports without IT

Pricing

£3.50 per licence per month

Service documents

G-Cloud 11

970841338634711

QuantiQ Technology Limited

Hemraj Tatur

020 7451 1200

hemraj.tatur@quantiq.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Once implemented, the associated service for these cloud licenses requires updating up to 11 times per year (minimum 4). QUANTIQ can provide that support / update management directly for a fee.
System requirements
  • Resilient internet access for all users
  • Internet browser access to the internet from relevant devices
  • Each user must be a named user
  • Each user must have security settings agreed by client

User support

User support
Email or online ticketing support Email or online ticketing
Support response times QUANTIQ provides a full 24x7 support offering and the response times are based on the SLA agreed between the parties. Typical SLA's are categorised on severity of the call from P1 (Critical/~System down) to P4 (Typical training issue)
P1 - 30 mins response
P2 - 1 hrs response
P3 - 4 days response
P4 - next day response

Average time to fix for P1 incident is 27 minutes.

The service is manned 24 hours a day during the week and via ticket and on call at the weekend unless specifically requested and paid for.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 A
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels QUANTIQ provides second line support to the client's IT department and available via phone, email and online forms. An issue or request is captured as ticket and progressed by a support consultant.

QUANTIQ also has direct access to Microsoft Premier Support to get direct support from the software/service publisher.

Support levels are based on severity of the issue ranging from P1 (critical) to P4. Response Times are:- P1 - 30 mins P2- 1 Hrs P3 - 4 Hrs P4 - Next day.

A support consultant is allocated to the issue to resolve, with an ability to call on other resources within the Managed Services department or the wider development, testing, consulting or project management organisations within the company.

We operate various commercial models for support ranging from pure 'Time & Materials' (T&M) through to premium support with a one-off cost for unlimited consumption. Standard T&M hourly support costs are currently £130 per hour plus an annual retainer fee (typically between £5k and £20k) dependent on complexity of solution. Premium support models will need to be priced on an individual bid basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started QUANTIQ typically provides direct training and materials to a client's super-users or training dept. The training is best delivered by users to users.

However, in addition, QUANTIQ can provide guided use training, so that a user is guided through all process in the application giving advice and tips at each stage.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Microsoft provides access to the underlying Dynamics SQL database for data extraction if required by the client. QUANTIQ can assist in that process.
End-of-contract process Microsoft Dynamics licenses provided by QUANTIQ have an initial term of 1 month, thereafter, the user count can be adjusted up or down on a monthly basis

Being a SAAS license, the client can choose to switch to an alternative partner, or end the service with relatively short notice after the initial term. If the license is being transferred to another partner, QUANTIQ can walk the client through the process with Microsoft. Alternatively, if the license is ended, the service will end. The client will lose access to the system and data. QUANTIQ would provide a data backup service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The features and capabilities are designed to be device agnostic and work on multiple device types and the interface is automatically adjusted for the device and screen size.

There are mobile application version for IOS, Android in addition to access through a web browser. This provides a slightly faster user experience.
Service interface Yes
Description of service interface The service interface uses oData in either Json or Soap based formats.
CRUD operations are supported.

Available query options are:
$filter
$count
$orderby
$skip
$top
$expand
$select
The OData service supports serving driven paging with a maximum page size of 1,000.

A 'REST Metadata service' exists which provides an endpoint to provide metadata information for elements. It can return labels and available data entities within the current implementation.

This provides 3rd party applications with the details needed to consume the D365 oData endpoints and deliver system to system integration.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing The following assistive technologies have been tested with the D365 application:

Windows Narrator and keyboard-only access - every field and control has a label and description. A screen reader can read the label and description.

Shortcuts for the most frequently performed actions - Shortcuts have been created to help "jump" around the screen.

Navigation search - Any page accessible from the navigation pane is also available in the "search" box.

Actions search for keyboard-only users or for heads-down data entry - every action that is provided on a page can be accessed from a keyboard

Tab sequence - An Enhanced tab sequence option is available as well as windows narrator support to access all fields on forms.

Form patterns - A small number of form patterns are used, this means users can easily learn the system

Responsive layout - users can zoom into a magnification of 200 percent (and potentially larger) and still use the application effectively. The application is designed to work on a wide variety of form factors from the smallest to the largest screens.
API Yes
What users can and can't do using the API Users can import/export data and perform business actions using API. APIs such as OData allows them to perform CRUD operations on data while business events allow them to extract real-time information as and when an event occurs in the system.
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Microsoft platform is designed to allow system administrators and users the flexibility of customising and configuring the system to meet their specific needs. Any changes in the organisation can be easily accommodated making this application scalable and extensible.

The main requirements for customisation are the right/privileges to make changes (based on security role and permissions), understanding of the business process, familiarity with the application architecture, a structured methodology for implementation.

Some of the most common types of customisation include customising forms, views and charts, the schema, automation using workflows and dialog, customising reports and dashboards and creating web resources

Scaling

Scaling
Independence of resources Production environments are continuously monitored by the Microsoft DSE (Dynamics Service Engineering) team that reach out to clients whenever the telemetry surface the requirements to scale an application.

Analytics

Analytics
Service usage metrics Yes
Metrics types Microsoft provide a portal directly to the client with usage metrics. QUANTIQ also has access to the same data through a Partner Center Portal.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Microsoft Dynamics 365 uses a framework called "Data management" to import and export information. This information is moved using a concept called "data entities" which allow users to move data using oData feeds or file based integrations
Data export formats
  • CSV
  • Other
Other data export formats
  • XLSX, XLS
  • PDF
  • SQL Azure
  • JSON
  • XML
  • OData
Data import formats
  • CSV
  • Other
Other data import formats
  • XLSX, XLS
  • TXT
  • XML
  • OData

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Dynamics 365 has a 99.9% uptime SLA. If SLAs are not met, Microsoft operates a discount system.
More information here: https://www.microsoft.com/en-us/licensing/product-licensing/products?lc=1033

QUANTIQ provides second line support to the client's IT department and available via phone, email and online forms. An issue or request is captured as ticket and progressed by a support consultant.

Support levels are based on severity of the issue ranging from P1 (critical) to P4. Response Times are:- P1 - 30 mins P2- 1 Hrs P3 - 4 Hrs P4 - Next day.

A support consultant is allocated to the issue to resolve, with an ability to call on other resources within the Managed Services department or the wider development, testing, consulting or project management organisations within the company.

We operate various commercial models for support ranging from pure 'Time & Materials' (T&M) through to premium support with a one-off cost for unlimited consumption. Standard T&M hourly support costs are currently £130 per hour plus an annual retainer fee (typically between £5k and £20k) dependent on complexity of solution. Premium support models will need to be priced on an individual bid basis.

Users are not charged for a remedial service if the SLA is not met.
Approach to resilience Microsoft provide a high availability solution based on several data centres and real-time replication. Data is backed up in real-time and can easily be restored.

Microsoft provides the cloud-based service. QUANTIQ provides the license to access the service.

Microsoft services have been designed around specific resiliency principles:

First, hardware and infrastructure protections were significant. This meant having datacenters with 99.99% reliability required significant power and network redundancy, and servers were implemented with hardware-based clustering, dual power supplies, dual network interfaces, and the like.

Second, process was paramount. Operations teams maintained rigorous procedures, change windows were employed, and there was often significant project management overhead.

Third, deployment took place at a glacial pace. Deploying code without owning the source meant waiting for patch releases, and major version releases involved hardware replacement and significant capital outlay. Moreover, the only way to correct a problem was to rollback. Thus, most IT organizations would deploy only major releases to avoid the work to keep up-to-date.

Finally, the scale of deployed systems, as well as the level of their interconnectedness was historically much smaller than it is now.
Outage reporting Microsoft Service health status is a public dashboard with service updates and outages.
Email alerts for every type and size of outage can be configured and are sent automatically.
An API exist to gather information about system outages

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The service has extensive security features that require a user to be explicitly granted access to any function.

The default access is NIL.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Microsoft
ISO/IEC 27001 accreditation date 01/11/2017
What the ISO/IEC 27001 doesn’t cover Microsoft have comprehensively accredited the entire solution set.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 07/02/2017
CSA STAR certification level Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover In line with ISO 27001 all aspects of the service are continually monitored.
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes QUANTIQ provides a license to the Microsoft Cloud which takes advantage of the cloud service infrastructure and built-in security features to keep data safe using security measures and mechanisms to protect data. In addition, Microsoft Cloud provides efficient data access and collaboration with data integrity and privacy.

QUANTIQ has a detailed GDPR data policy and security policy and is currently commencing an ISO9001 and ISO27001 project.

The policy states that any data breach must, upon discovery, be reported without delay to the QUANTIQ CIO who is also the Data Protection Officer.

The policy further states that upon receiving such a notice the CIO must initiate an investigation to determine the scale and reach of such a breach as well as keeping the QUANTIQ management and board informed. CIO also must inform where appropriate the client/s affected and the ICO.

Finally the CIO is expected to close the loophole that allowed a breach and re-evaluate the overall security stance of the company.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Microsoft follows NIST guidance regarding security considerations in software development in that information security must be integrated into the SDLC from system inception. Continual integration of security practices in the Microsoft SDL enables early identification and mitigation of security vulnerabilities and misconfigurations; awareness of potential software coding challenges caused by required security controls; identification of shared security services and reuse of security best practices tools which improving security posture through proven methods and techniques; and enforces Microsoft's already comprehensive risk management program.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The Microsoft Azure trustworthy foundation uses a process of continuous security improvement with its Security Development Lifecycle (SDL) and Operational Security Assurance (OSA) programs using both Prevent Breach and Assume Breach postures. Prevent Breach works through the use of ongoing threat modeling, code review and security testing; Assume Breach employs Red-Team/Blue-Team exercises, live site penetration testing and centralized security logging/monitoring to identify and address gaps, test security response plans, reduce exposure to attack and access from a compromised system, periodic post-breach-assessment and clean-state. Azure validates services using testing based upon the OWASP top ten and CREST-certified testers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Dynamics 365 leverages the Microsoft Cyber Defense Operations Center (CDOC), which brings together security response experts from across the company to help protect, detect and respond 24x7 to security threats against our infrastructure and services in real-time. Informed by trillions of data points across an extensive network of sensors, devices, authentication events and communications, the CDOC teams employ automated software, machine learning, and behavioral analysis and forensic techniques to protect all endpoints, better detect attacks, and accelerate our response.
Incident management type Supplier-defined controls
Incident management approach If a security incident has occurred, you will be notified promptly. The Dynamics 365 CXP Communications team identifies any relevant regulations that
might apply to affected tenants. The Dynamics 365 CXP team uses the appropriate
communication channel defined in applicable regulations to notify the appropriate tenant contact. Notification
will include detailed information about the incident, such as a description of the incident, the effect on customer
data, if any, actions taken by Microsoft, and/or suggested actions for customers to take to resolve the issue and
prevent recurrence. Notification will be delivered to the designated administrator(s) of the Dynamics 365 tenant.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3.50 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Time limited access to a full version of the software with minor configuration provided by QUANTIQ solution consultants.
Link to free trial https://signup.microsoft.com/Signup?OfferId=bd569279-37f5-4f5c-99d0-425873bb9a4b&dl=DYN365_ENTERPRISE_PLAN1&Culture=en-gb&Country=gb&ali=1

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑