Microsoft SharePoint Electronic Document and Records Management (EDRM)

TSG have successful experience delivering EDRM projects using Microsoft SharePoint. Electronic document and records management solutions are designed to store documents & records using associated metadata, which is then categorised within a classification scheme and enabled for search optimisation for all users to retrieve records. Linked to HMS systems,


  • Enterprise level Document & Records management solution
  • Enterprise level search functionality
  • Enterprise Content Management & Information Governance
  • Integration with Office, Exchange, AD and line of business applications
  • Ongoing support of the delivered solution
  • Sector specific EDRM for Housing Providers
  • Aligns to information management policies and principles
  • Mobile and Offline Working
  • Migration from legacy systems
  • Evergreen platform using Microsoft Office 365


  • Proven track record delivering successful EDRM projects
  • Experts in supporting Housing Associations and Local Authority Housing Providers
  • Flexible project delivery
  • Secure, cloud-based service with robust access management control
  • Scale licenses up/down
  • Enabalise use of other Office 365 tools ie PowerApps, Flow
  • Remove cost of legacy applications and utilise existing O365 licenses
  • 10 x MS Gold accreditations
  • Skills transfer to internal staff including training and project management
  • Consistent and measurable improvement in everyday business processes


£950 to £950 a unit a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 8 7 1 8 9 2 9 4 3 9 4 3 4 5


Telephone: 03332200777

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
May need O365 licences, anti-virus software & back up to be in place if company doesn't already have Office 365.
Reliable Internet connection must be in place
Devices meet the minimum system requirements for the product
System requirements
  • Internet Explorer, Edge, Mozilla Firefox, Google Chrome or Apple Safari
  • Office 365 Licenses
  • Internet access
  • Anti-Virus and Back up

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 - 30 mins - P1 = Critical issue affecting multiple users
Priority 2 - 1Hr - P2 = Critical issue affecting single user
Priority 3 - 4 Hours = P3 = Minor issue affecting one or more users. Priority 4 - 1 day
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
TSG provide System Care support for EDRM projects built in SharePoint on-line. Contracts are built on a number of hours support to be used over the contract period.
These hours can be used on the support desk to cover telephone, remote support and on-site consultancy where required. (A lead time may be experienced for requested consultancy)
Support is delivered by our dedicated Office 365/SP team.
Our clients also have access to a dedicated technical account manager
Support available to third parties

Onboarding and offboarding

Getting started
TSG provide full project delivery from initial discovery sessions, scope of works, set up, data import, configuration, training, go-live assistance and project management. Generally all training is delivered on site although remote sessions can be arranged where appropriate.
Service documentation
Documentation formats
End-of-contract data extraction
O365 licenses re-occur until cancelled, should a contract be cancelled and data extraction required this will be assessed on a case by case basis and a methodology agreed and any related costs provided.
A case can be logged and a copy of the database downloaded.
End-of-contract process
O365 licenses renew unless cancelled, end of contract scenarios can be discussed and agreed on a case by case basis, access to the service will be lost at the end of a contract unless renewed, after a period of time the data will be deleted.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Screens will render to provide device friendly views with a fully responsive interface.
There is parity of functionality and service between mobile and desktop.
Service interface
What users can and can't do using the API
As our EDRM solution is built upon SharePoint in Office 365 API provision is via Microsoft service.
More information can be found here:
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Customisations can be made using the Microsoft API's, more information can be found here:


Independence of resources
We leverage Microsoft Online Services which in turn utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage. More information on request.


Service usage metrics
Metrics types
Office 365 has in-built usage reports. More information available on request.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
MS Gold partner reselling Microsoft licensing & professional services

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Protecting data at rest
Other data at rest protection approach
Microsoft SQL Server transparent data encryption (TDE)
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can extract data using various techniques including integration with Office clients and Microsoft API's. More information available on request.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Encrypted at rest with SQL encryption using a customer controlled encryption key.

Availability and resilience

Guaranteed availability
MS Monthly Service Levels:
1. The Service Level is 99.9%.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:

Monthly Uptime Percentage = Total number of minutes in a given calendar month minus Total number of minutes of Downtime in a given calendar month.

More information available on request.
Approach to resilience
Microsoft Azure environment, further information on request
Outage reporting
Hosting is on Microsoft Azure, further information available on request

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access is permission driven and data access is controlled in the same way
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
TSG have internal controls in place to ensure security governance, departmental access, device encryption policies, password policies, conditional access policies all form part of this.
Information security policies and processes
TSG follow our own Information Security policy, more info available on request.
Ultimate responsibility for ensuring Information Security rests with TSG’s Senior Management Team. They are responsible for ensuring a culture where Information Security is taken seriously by all employees and third parties acting on behalf of TSG.

Responsibility for securing specific IT systems rests with the Head of IT, the Group Applications Director and the Service Delivery Director depending whether the systems are internal to TSG or are hosted on behalf of a customer.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The components of services are tracked through their lifetime
Services are defined in conjunction with customer requirements at the point of initial engagement and as part of the onboarding process. During this definition of service, change management and service lifecycle management processes are designed around customer requirements and specific service needs.

Changes are assessed for potential security impact
All service changes are evaluated by a technical resource with focus on service performance, availability and security impacts.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Annual penetration tests carried out by a verified tester.
We have an industry std Anti-Virus package deployed, utilise std tools such as threat management tools, anti ransomware etc.
TSG also have a documented Disaster recovery policy.
Patches are deployed weekly to end user devices/servers after been through internal testing.
TSG have bespoke reporting and management software to assist in identifying potential threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All devices have a monitoring agent on them which can identify potential issues and report back to our service desk.
If an issue is identified we have an internal 4HR SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. The internal SLA on a P1 is 30 minutes.
Incident management type
Supplier-defined controls
Incident management approach
TSG have a pre-defined incident process for common events.
Users can report incidents via the Support desk.
Incident reports are also provided via Support desk and/or Account management team.

The benefits of a robust Incident Management process include:
• Higher end user satisfaction through improved resolution time and quality of services.
• Better performance against agreed service levels through higher service availability.
• Higher efficiency and productivity for the customer due to fewer hours lost to interruptions to IT service.
• Better alignment and collaboration between internal TSG departments.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£950 to £950 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.