Storm ID

Microsoft Modern SharePoint Intranet

A Microsoft Modern SharePoint Intranet can increase collaboration and communication across an organisation and improve employee engagement and productivity.

We undertake research to understand employee needs and organisational goals to determine your requirements and then design, deploy, test and provide ongoing support for your intranet solution.

Features

  • Powerful configuration tools enabling rapid implementation and deployment
  • Mobile optimised for smartphone and tablet
  • Robust workflows, permissions and versioning
  • Integrates with O365 enabling real-time document collaboration
  • Integrates with Microsoft Teams
  • Hosted in Microsoft Azure

Benefits

  • Helps employees connect swiftly with co-workers and customers.
  • Increase employee engagement, skills, and satisfaction by minimising context switching.
  • Rich web parts and features for libraries, lists and pages.
  • Advanced search, filtering, bulk editing and file management capabilities

Pricing

£20,000 to £150,000 a unit

  • Education pricing available

Service documents

Framework

G-Cloud 12

Service ID

9 8 2 5 0 1 2 9 2 9 6 6 2 6 5

Contact

Storm ID Craig Turpie
Telephone: 0131 561 1250
Email: craig.turpie@stormid.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Office 365
Microsoft Teams
Cloud deployment model
Public cloud
Service constraints
None
System requirements
No specific requirements

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.

Response times at weekends, public and bank holidays are negotiated separately.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our WebOps Support Desk provides your first line response to support requests. Microsoft Modern SharePoint Intranet is backed by Microsoft Azure services 24x7, 99.99% availability.

Response times are categorised by service request priority:
Urgent: 1 hour;
High: 4 hours;
Medium: 8 hours;
Low: 16 hours.

P1 - Urgent: Complete loss of an entire service for all users or severe degradation resulting in inability to function;
P2 - High: Service functioning improperly resulting in some loss of service/system failure removing service from a number of users;
P3 - Medium: Service functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors;
P4 - Low: Change requests.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To support customers we offer tailored training which can be delivered remotely or on premise.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Approach can be designed to suit customer requirements.
End-of-contract process
Approach can be designed to suit customer requirements. There may be additional costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile experience is fully featured but interfaces are optimised for smaller form factor.
Service interface
No
API
Yes
What users can and can't do using the API
TBC
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customisation requirements are typically informed through early stage work in determining user needs and organisational goals. These requirements are then factored in to the work needed to design, deploy, test and support the intranet.

Further customisations can be considered in response to analytics, user feedback and product enhancements.

Scaling

Independence of resources
Virtualisation technology is used to ensure applications and users sharing the same infrastructure are kept apart.

Analytics

Service usage metrics
Yes
Metrics types
Office 365 Reporting
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Approach can be designed to suit customer requirements.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99.99%
Approach to resilience
Microsoft Azure provides failover capability. More information available on request.
Outage reporting
Public dashboard, API and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
Active Directory Services and Azure AD Connect
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Storm ID is working towards ISO/IEC 27001:2013 (ISO 27001).
Information security policies and processes
Information is an asset that Storm ID has a duty and responsibility to protect.

Our information security management system (ISMS) sets our approach to managing information security and is approved by top management and communicated to employees, contractual third parties and agents.

Top management are committed to protecting the information that we store and process though good information security practices. To achieve this, and comply with regulations, we have established:

an information security policy
a commitment to customer focus and applicable regulatory requirements
information security objectives that are measurable and consistent with the information security policy
an ISMS describing our approach to information security
responsibilities, authorities and communication processes
a management review process
a process to ensure availability of resources
data access and security processes
a business continuity / incident management procedure

Top management believe that a commitment to information security is important in order to:

encourage information and cyber security awareness amongst employees, to develop and a ‘secure by design’ mindset
increase customer confidence, which helps build relationships with and retain customers
reduce our exposure to risk
effectively utilise our resources

Storm ID have Cyber Essentials Plus accreditation and are in the process of achieving compliance with ISO27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management is employed to evaluate, control and minimise risk and cost, and maintain the established standards and quality criteria. Our change management process is incorporated into our ITIL-based continual improvement process, that encompasses business objectives, creates baselines, defines measurements, and plans and implements improvements. Our change controls:

establish the purpose, category and nature changes
determine the potential consequences of changes
assess resource requirements for the changes

We use configuration management to establish and maintain consistency in our software’s performance. This includes configuration management for:

Project/work management
Source control
Build/release pipelines
Packages and artefacts
Azure CSP tenancies, subscriptions and Infrastructure
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Storm ID apply our ISO13485 accredited Quality Management System processes, and Cyber Essentials Plus backed security best practices to the information and IT assets we handle, reducing risk associated with vulnerabilities by being able to identify, classify, prioritise, remediate and mitigate vulnerabilities. Vulnerability scans are run regularly to identify weaknesses in the configuration of systems and to determine if any are missing important patches or software. Remediation or mitigation is undertaken on any vulnerabilities identified according to the class and priority of the vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use ‘always-on’ proactive and protective monitoring to:

monitor the software performance
systematically identify risks
detect software faults when they occur
quickly initiate necessary corrective actions

Our proactive monitoring involves collecting meaningful and practical information. To do this we use tools such as:

Azure App Insights
Azure Log Analytics
StatusCake
Performance analytics
Service reports
Helpdesk calls and tickets
Customer complaints and positive feedback
Incident management type
Supplier-defined controls
Incident management approach
Storm ID’s incident management process requires that all events and suspect events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems, must be reported immediately to top management by email, telephone or in person.

Incidents are centrally recorded, and appropriate management measures, including escalation and notification procedures are in place.

Incident reporting procedures are included in employee training.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Pricing

Price
£20,000 to £150,000 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents