Cisilion Limited

Microsoft 365 Cloud Services

Microsoft 365 provides organisations a collaboration & productivity platform delivered as SaaS solution, delivered on Windows 10 and 11. Secured by leading edge Security and Compliance tools delivered through Office 365 and EM+S.
Cisilion is a Microsoft Gold Partner who specialise in providing consultancy, migration, implementation and support services.

Features

• Microsoft 365 Services & NCE Licensing
• UK hosting within Microsoft UK Data centres
• Multi-region hosting and load-balancing for global corporations
• Hybrid connectivity and hosting
• 3rd Party interconnectivity including Voice and Video
• Flexible scaling and deployment options
• Full range of security and regulatory compliance for cloud services
• Full User Adoption and Onboarding Services
• Cloud Consultancy, including Microsoft 365
• Change management and training for Microsoft 365

Benefits

• Harness the power of Microsoft Cloud
• Support the strategic move to the Cloud
• Hybrid deployment options to suite business requirements
• Range of complimentary services such as backup and archiving
• Flexible per user per month model for cost management
• Access to Fast Track Migration Services to speed up adoption
• Platform development and customisation of Microsoft 365
• Windows 10 and 11 readiness and migration design, planning ,scoping
• Microsoft Enterprise Mobility, Security and Compliance readiness workshops
• Comprehensive Support Services to complement your team

£1 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

123386391460391

Contact

Debbie Richardson
01372 201145
drichardson@cisilion.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None
• System requirements:
  • Microsoft compatible hardware
  • Internet browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 will be responded to immediately when logged by phone as recommend
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: SLAs can be customised on request to match business needs
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full user support and adoption services can be requested from Cisilion
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: At the end of a subscription data can be extracted before the services are deleted
• End-of-contract process: The subscription is marked as closed but can be reactivated for a set period of time before final deletion

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: HTML5 based screens
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Documented on the Microsoft websites for each specific service API
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Each type of license can be customised with a base license and addons. All variants are documented on the Microsoft website

Scaling

• Independence of resources: Microsoft manages demand through its internal processes to maintain end user SLAs

Analytics

• Service usage metrics: Yes
• Metrics types: Microsoft provide online reports and service information
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via a browser or file copy process
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Microsoft SLAs are available on their website
• Approach to resilience: Microsoft SLAs are available on their website
• Outage reporting: Microsoft SLAs are available on their website

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Microsoft Active Directory is utilised for M365 services details are available on their website
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 19/08/16
• What the ISO/IEC 27001 doesn’t cover: Everything is covered under the IT Systems Integrator certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Microsoft trust centre carries a full set of documentation on security processes

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Microsoft SLAs are available on their website
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Microsoft SLAs are available on their website
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft SLAs are available on their website
• Incident management type: Supplier-defined controls
• Incident management approach: Microsoft SLAs are available on their website

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We continually strive to reduce our carbon impact year on year, initiating additional projects and activities that will further reduce our impact locally and globally, and contribute towards global UN carbon offsetting initiatives. Our commitment to the environment extends to our customers, our communities, our employees, our suppliers and other countries in which we operate. Our Carbon Reduction Plan is based upon the following principles: 1. Comply with, and exceed where practicable, all applicable legislation, regulations and codes of practice; 2. Integrate environmental and sustainability considerations into all our business decisions; 3. Endeavor to reduce our environmental impact year on year; 4. Ensure that all employees are fully aware of our Environmental and Sustainability Policy; 5. Ensure all employees are committed to implementing and improving our policy; 6. Ensure clients and suppliers are aware of our Environmental and Sustainability Policy, and encourage them to adopt sound sustainable management practices; 7. To review, annually report, and to continually strive to improve our environmental and sustainability performance. 2. Commitment • Cisilion are committed to reducing our impact on the environment and to achieving our goal of becoming net zero by 2050. • We will partner with Ecologi, a Carbon Avoidance organization. • We will plant 7,500 trees throughout Financial Year 2024 (“FY24”).

  Covid-19 recovery

  Cisilion External Statement Cisilion are closely monitoring the developments both at home, and around the globe with respect to the COVID-19 outbreak. In addition to our commitments to supporting our customers, Cisilion views as one of its highest priorities the health and wellbeing of its employees. Because of this, we have a clear business continuity plan and sickness procedure which the Company will continue to adopt in the pandemic situation, following the World Health Organisation (WHO) pandemic level definitions for triggering our response. In accordance with government guidelines issued on the 23 of March, and previously as the situation developed, we have initiated a program where our employees are able to continue to work from home in isolation. The measures that we have taken are designed to ensure that there is the minimum of disruption to services to our customers as well as minimising the risk to our staff at this difficult time. We ask our customers to understand that despite this, there is an increase in demand on parts of our services. We are prioritising the support of our customers with services which are vital to the efforts to contain the pandemic. This may mean that there could be some minor delays in responding to issues and project work, although we are working to keep this to a minimum. Due to the current situation with enforced social distancing, project and engineering work requiring site visits, is having to be risk assessed on a case by case basis. Our own infrastructure which is used to support our clients continues to operate as normal. As a flexible organisation, all internal systems are accessible to our employees from remote locations. We have facilities in place already to ensure all employees have the equipment needed, to work from alternative locations seamlessly.

  Tackling economic inequality

  Learning and development plays a huge part in Cisilion’s culture. This includes our induction and awareness training, as well as creating platforms for unlearning and unconscious bias. Cisilion conduct all learning and development via LearnAmp, our online Learning Management System. As part of our induction process, we include Diversity and Inclusion Training, along with enhanced Grievance procedure outlines and Anti-Harassment training. Employees are then required to complete refresher training every 6 months. Diversity and inclusion play a key role in Cisilion’s core business objectives and values. Cisilion recognise that as a Company, more can be done to improve our diversity and inclusion practices and this will continue to be a working directive through the organisation, to support underrepresented groups. The recruitment teamwork within our People function at Cisilion and therefore liaise continuously to ensure proactive recruitment identifies a diverse set of candidates and supports those throughout the interview processes. While we understand that not all individuals feel comfortable in disclosing their identity, we continue to monitor and track our performance against self-created targets for LGBTQIA+, gender and ethnicity within the recruitment processes and within our workforce, where at all possible. Cisilion engage with current employees from underrepresented groups, who feel comfortable in doing so, to address any other areas of suggested improvement, and to include their voice in future initiatives.

  Equal opportunity

  Invest in our economy to provide equal opportunities for employment, innovation and growth. Each month, a mixture of the HR, People and Recruitment team members alongside the Cisilion management team, will provide a mixture of 2 hour workshops and 1 hour long one to one sessions. The workshops will be run by our Recruitment team, covering topics such as interview best practice, CV formatting and job hunting tools available. Individuals will also be able to register for one to one advice with a member of our management team as a coaching session and more personal advice related to the unemployed persons experience so far. Cisilion have been running apprenticeship and graduate schemes for the past 5 years and partner with 3 specialist recruitment and training providers who are experts in finding work for and training unemployed young people. Cisilion are a Microsoft and Cisco gold partner, who are keen supporters of assisting young people into work. Cisilion often engage with Cisco and Microsoft for support with apprenticeship programmes and are familiar with other employment initiatives that we will be able to share with the unemployed people during the workshop sessions. Cisilion are also aware of and understand the current Quick Start government scheme of which we will be able to provide details and guidance to unemployed individuals

  Wellbeing

  Cisilion operate a robust health and wellbeing programme, partnering with Vitality Health and Medicash. On an annual basis, all 160 employees on our scheme conduct an Online Health Review, giving employees an understanding of specific areas of health that they need to improve upon, i.e. cholesterol, blood pressure, alcohol intake, physical activity levels and blood glucose level. If employees do not know the figures for these key areas, they can take a free health assessment to provide them with this data. Vitality Health offer their Member Zone to all members, giving access to videos, tips and our monthly Vitality calendar covering a range of topics from women’s health to mental health and nutrition.

Pricing

• Price: £1 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Microsoft demo licenses and trials are available on their website

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.