Fordway

Fordway IT as a Service

Fordway IT as a Service is a comprehensive, IT service provision that helps identify the IT improvements your organisation needs; works with you to transform them; then ensures they stay operational and secure. You’ll free up resources, access new capabilities, take back control to use IT in an innovative way.

Features

• Comprehensive IT service for all Cloud, on premise services
• 3 stage process to optimise your IT; Decide; Transform; Operate
• Decide: help define architecture and ensure your business approves it
• Transform: work with you to effectively implement target architecture
• Operate: help run, manage and secure services 24x7x365 manned response
• 6 technology streams: Public Cloud; On premise/private Cloud;
• End user computing; Connectivity and Access; Security Management;
• Application/Service Availability and Resilience
• You concentrate on delivering digital transformation and business improvement
• We ensure the IT you need is suitable and operational

Benefits

• Customers focus on business improvement; we ensure IT supports this
• All services charged on consumption, only pay as you use
• ITaaS delivers ITIL; all services accredited to ISO20000
• All services secured to ISO27001 and Cyber Essentials Plus
• Optimises use of MS365, Azure and hybrid cloud infrastructures
• Every element has defined controls for OFFICIAL-SENSITIVE
• We work with you to define and implement ideal state
• And take away the hassle of running and managing it
• Guaranteed security is part of the package
• Assurance of services through testing and audit

£350.00 to £975.00 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

106982193702540

Contact

Richard Blanford
01483 528200
tenders@fordway.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft 365 Enterprise Desktop E3, E5, A3, A5, N3, F3; Microsoft Azure Virtual Desktop; Microsoft Windows 365 Cloud PC; Microsoft Azure IaaS
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: The service runs active/active across multiple Cloud availability zones, within Azure or locally hosted. There is no requirement for planned downtime of the underpinning service infrastructure, it is available 24x7x365. In normal running, due to operating from a fully resilient and virtualised environment there is no requirement for planned downtime. Depending on the specific services and applications being managed, there may be limited requirement for authorised downtime
• System requirements:
  • Caters for All Windows and most Linux derivations
  • Will operate and manage any/all components of IT infrastructure
  • In Cloud, on-premise or hybrid
  • Microsoft 365 subscription
  • Microsoft Azure subscription

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 incident 24 x 7, 15 minute response. ; Priority 2 incident 24 x 7, 1 hour response Priority 3 incident 12 x 5, 4 hour response.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Tested integration with JAWS for visually impaired users
• Onsite support: Yes, at extra cost
• Support levels: All service components in ITaaS have specific SLAs with an overall service availability dependent on the services selected and integrated. All services are monitored and secured with manned support and response 24 x 7 x 365 from our UK SOC. Core services are supported with a Service Delivery Manager plus technical account management where applicable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Fordway will discuss the detailed requirements with the customer and agree SLA's and operational processes. These will be managed and reviewed against performance. With regular meetings and direct interaction between the customer and Fordway staff. The full details will be finalised in the Project Initiation Document.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Fordway have an exit procedure where we work with the customer to exit or migrate away from this service, depending on the configuration of the solution. This exit procedure will include any data, performance statistics and service records as described within the contract along with any associated costs. Exit process is detailed in the Service Description.
• End-of-contract process: Fordway have an exit procedure where we work with the customer to exit or migrate away from this service, depending on the configuration of the solution. This exit procedure will include any performance statistics and service records as described within the contract along with any associated costs. Process requirements are detailed in the Service Description.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None apart from formatting due to screen size
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Web based dashboard and on-line real time reporting, with regular reporting
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Tested with Microsoft Teams and Windows capabilities
• API: No
• Customisation available: Yes
• Description of customisation: ITaaS is fully customisable to fit what the customer requires from an IT service. Fordway can take over all or part of the IT function for a company based on their inherent skills. This will be explored during the Project Initiation phase.

Scaling

• Independence of resources: Users are guaranteed scalability through solution design and Fordway's ISO27001 accreditation on their service structure

Analytics

• Service usage metrics: Yes
• Metrics types: Fordway will provide metrics on server, storage, network performance with dashboards and reporting. Alerts will be sent through via email if thresholds are exceeded. If security is included full security and audit logs, along with identity and authentication issues will be included. Regular meetings will be held with the customer and a Service Delivery Manager optionally may be assigned (depending on customer requirements)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data on request and in an agreed format depending on their requirements
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Native application file format
  • Export to OneDrive, Dropbox or other hosted file storage
  • Export to portable hard disk
  • Azure Blob storage, Azure Files
  • AWS S3, AWS File, AWS Glacier
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Native application file format
  • Azure Blob storage, Azure files
  • AWS S3, AWS files
  • Portable hard disk
  • OneDrive, Dropbox or other hosted file service

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Disclosed on request
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Disclosed on request

Availability and resilience

• Guaranteed availability: Fordway provide a standard SLA with availability of 99.95% measured annually; 99.9% any quarter. Fordway recompense users with a credit of 2.5% of the monthly service contract value for each working hour the service has not met the SLA up to a maximum of 20% of the monthly service charge
• Approach to resilience: Fordway use inherent resilience within Azure, with customer data located in different availability zones and regions as necessary.; ; All elements of the service are operated and secured to ISO27001 under Fordway’s existing certification. Fordway is accredited to manage OFFICIAL-SENSITIVE classifications.
• Outage reporting: The service provides service updates which are notified into the client dashboard in their portal and can be configured to send email alerts if desired. The service operates under Fordway's standard SLA and any service outages will be reported as per the SLA which can be tailored to the customer's requirements.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: None
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 14/03/2022 (recertification) original certification March 2008
• What the ISO/IEC 27001 doesn’t cover: ISO27001/27017/27018 Statement of Applicability disclosed on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • List N (Nuclear Industry)
  • PSN Code of Conduct and Compliance
  • NHS IGSoC for N3/HSCN certification
  • PAS555
  • ISO27017
  • ISO27018
  • GCloud Assured

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: These are defined and audited as part of Fordway's ISO27001 certification, with regular senior management review. Details and supporting documentation will be made available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Fordway change and configuration process aligns with ITIL v3.0 and ISO27001 and ISO20000
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Fordway's risk management aligns with ISO27001
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Fordway's security incident and event monitoring conforms to ISO27001 and DPA requirements. Any incident will be assessed for risk and prioritised accordingly.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Fordway incident management process complies to ISO27001:2013 and aligns to ITIL best practise and ISO20000. Incident management and reporting is defined within Fordway's standard SLA and tailored to customer requirements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Fordway is ISO14001 accredited for all our operations. We have three key initiatives running for fighting climate change.; 1) Datacentre footprint reduction plan - we are consolidating datacentres into energy efficient public cloud environments; 2) Reducing office footprint - we are downsizing our offices to reduce their carbon consumption ; 3) Hybrid working - this is now our standard working practice to reduce commuting and travel emissions.; We have the following in place to assist fighting climate change:; • Reducing Carbon Footprint; o Fordway Environmental Support Group; o ISO14001 accredited Environmental Management System; • Efficient use or resources; o ISO14001 accredited Environmental Management System; o On-line Environment awareness training; • Monitoring energy use and waste consumption; o ISO14001 accredited Environmental Management System; • Promoting sustainable practises; o ISO14001 accredited Environmental Management System; o On-line Environment awareness training; • Encouraging environmental care across the supply chain; o Supplier Relationship Policy; o Service Charter; Customers ; • Reducing Carbon Footprint; • Efficient use or resources; • Monitoring energy use and waste consumption; • Promoting sustainable practises; • Encouraging environmental care across the supply chain
• Covid-19 recovery:

  Covid-19 recovery

  Fordway have a formal Covid-19 recovery policies in place. We continue to offer testing to staff and have implemented formal hybrid/work from anywhere policies that is now our standard working practice. When on a customer site we will adhere with their Covid-19 policies, where they require additional measures and will offer to wear masks in any face to face situations.
• Tackling economic inequality:

  Tackling economic inequality

  Fordway assist in tackling economic inequality by employing, promoting and supporting apprentices, we have a formal policy of recruiting apprentices where possible. We work with Godalming college to identify potential apprentices and are members of both the Microsoft and Cisco Apprenticeship schemes.; Fordway have the following in place to tackle economic inequality:; Local; • Employees:; o Staff Liaison Committee to promote Mental Health and Well-Being; o Environmental Support Group; o Cycle to Work Scheme; o Remote/Home Working; o ISO14001 accreditation; o Fordway Environmental Policy; o Fordway Social Care Policy; o On-line awareness training; • Supply Chains; o Supplier Relationship Policy; o Customer Service Charter; • Local Community and Culture; • Social Integration; • Encouraging Disability and divergence; Customer; • Employees:; • Supply Chains; • Local Community and Culture; • Social Integration; • Encouraging Disability and divergence; A copy of our policies relating to these are available on request
• Equal opportunity:

  Equal opportunity

  Fordway Statement of Commitment to Equal Opportunities; Fair and equitable treatment for all employees and for all applicants for employment. ; The Company regards this as a commitment to make full use of the talents and resources of all employees and to provide an environment which will encourage good productive working relationships throughout the Company. This means affording equal access to any employment opportunities within the Company according to an individual’s ability, free from any arbitrary or unjustified considerations. To this end, the Company’s policy is that all employees will be given equal opportunity without prejudice or discrimination by reason of race, colour, nationality, religious belief, sex, sexual orientation, marital status, age, disability, national or ethnic origin, or any other criteria that cannot be shown to be justifiable. This basic principle applies to all aspects of employment, selection promotion and training.; Overall responsibility of implementing the Company’s Equal Opportunities Policy rests with the Managing Director. The HR Officer is responsible for co-ordinating equal opportunity activities on a day to day basis. This will include:-;  Monitoring the effectiveness of the policy.;  Producing an annual report on the effectiveness of the policy.;  Reviewing the policy and making recommendations for changes and improvements as necessary.;  Communicating the policy to all staff.;  Arranging training for all managers to develop their understanding of the importance of equal opportunities and how to implement the Company’s policy.;  Arranging for positive action to be taken to address any areas where one group may be disadvantaged.;  Ensuring that suitable access and facilities are made available for disabled employees at the Company’s offices, so far as is reasonably practicable.;  Encouraging suppliers and sub-contractors to adopt a similar policy on equal opportunities.
• Wellbeing:

  Wellbeing

  Formal health and wellbeing training and assessment is provided to all Fordway staff. Wellbeing is monitored through regular staff check-ins with management and HR, formal and anonymous reporting and feedback plus all staff are members of our company private health insurance which covers mental health and wellbeing as well as other medical issues.; Specific policies implemented to manage well-being include:; • Working conditions; o Staff Liaison Committee to promote Mental Health and Well-Being; • Training; o Organisational induction training; o Skill training aligned to role; o On-line Environment and Well Being training; • Counselling and well being; o Staff Liaison Committee to promote Mental Health and Well-Being; o Focus within HR Department; o On-line Environment and Well Being training; o Qualified Mental Health First Aid Trainer; o Eikon Charity – working with troubled teenagers; Customer; • Working conditions; • Training; • Counselling and well being

Pricing

• Price: £350.00 to £975.00 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.