Levett Consultancy Ltd

Microsoft 365 Frontline

Microsoft 365 frontline, empower your frontline workforce with productivity apps and cloud services that allow them to do their best work. Application and services included are: Office 365, Enterprise & Mobility Suite (EMS) and Windows 10 Enterprise.

Features

• Office 365 Productivity, Email, Teams and Collaboration Platform
• Enterprise Mobility, MDM and Cyber Security Solutions
• Win 10 E3 per user includes cloud management/virtualization
• Online meetings, web-conferencing, voice and video
• Includes Office web and mobile
• 2GB OneDrive storage per user
• 2GB Web based Outlook mailbox storage per user
• Tools to support compliance, information protection, privacy, EDRM and GDPR

Benefits

• Simplified IT management
• Keep customer data safe
• Defend against cyberthreats
• Automated processes
• Streamlined workflow
• Works with the apps you already have
• 24/7 email and online support
• Related services provided Levett Consultancy Microsoft Gold Partner

£6.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@levettconsultancy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

148825009937808

Contact

Stepehen Hazle
01279 799256
gcloud@levettconsultancy.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are multiple licensing options for flexibility, and not all services and features are available in every version. For full details, please visit - the following: See https://support.office.com/en-gb/article/Office-365-system-requirements-08def54e-1435-4fad-bc03-974014caf91e
• System requirements:
  • A modern browser
  • Full list of requirement can be found here: https://bit.ly/3yO5w0X

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Monday to Friday 8am to 5pm excluding Saturday and Sundays or UK public holidays. Responses times are described within the G Cloud Support 'Service Definition' document.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: In addition to standard Microsoft support, Levett Consultancy provides enterprise level support as part of our G Cloud Cloud support service. Support is delivered using our internal ITIL Service desk based within the UK. All Levett Consultancy staff are all certified by Microsoft to provide a range of customer support services from dedicated account management to providing enterprise technical support using in house certified Microsoft support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Levett Consultancy is a long-term Google Partner with a proven track record of deploying Microsoft technologies into Central and Local Government, Education, 3rd Sector and Private sector. If required Levett Consultancy at an additional cost, provides a fully comprehensive onboarding support service that is detailed within our optional G Cloud Cloud Support services, that includes consultancy, deployment, training, and support. Levett Consultancy onboarding service enhances the standard Microsoft 365 setup process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customer are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
• End-of-contract process: Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Custom mobile applications are available both for iOS and Android which provide a bespoke user experience tailored to the operating system in question. For other mobile operating systems, web browser support is included which provides an equivalent experience to the desktop environment.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Microsoft 365 is accessed via the portal using a modern web browser from any device.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Microsoft makes accessibility a core consideration from the earliest stages of product design through release. A central accessibility team has a mandate to monitor the state of accessibility of all Microsoft products, further details can be found here: https://www.microsoft.com/en-us/accessibility/
• API: Yes
• What users can and can't do using the API: Microsoft 365 services, such as OneNote, Outlook, Excel, OneDrive, Microsoft Teams, Planner, and SharePoint, are now exposed in Microsoft Graph. Microsoft Graph is a unified API endpoint for accessing data across Microsoft 365, which includes Office 365, Enterprise Mobility, and Security and Windows services. It provides a simplified developer experience, with one endpoint and a single authentication token that gives your app access to data across all these services. More details can be found here: https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Depending on the type of Microsoft 365 license applied will dictate what an organisation can customise within Microsoft 365. Standard customised features allow an organisation to change its theme to match its branding within the Microsoft 365 admin centre. End users can personalise pinned apps and notifications. Microsoft 365 also provides Microsoft Power Apps to allow developers to build applications quickly to innovate and solve problems.

Scaling

• Independence of resources: Microsoft provides a high level of tenant isolation, both for security and for performance. Microsoft data centres are massively scaled and offer dedicated performance. ; ; For more information, please review the latest information below:; https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-tenant-isolation-overview

Analytics

• Service usage metrics: Yes
• Metrics types: You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need a Microsoft 365 license at all. Reports are available for the last 7, 30, 90, and 180 days. Data won't exist for all reporting periods right away. ; ; The reports become available within 48 hours!; ; Full details here: https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: For data at rest, Office 365 deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks.; ; Further information is available here: https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User can export their data by following the guidance here: https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans?view=o365-worldwide
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Docx
  • Xlsx
  • Pptx
  • PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Docx
  • Xlsx
  • Pptx

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Microsoft provides a financially backed uptime SLA. For details, please visit; https://www.microsoft.com/en-us/microsoft-365/blog/2013/08/08/cloud-services-you-can-trust-office-365-availability/
• Approach to resilience: Microsoft offers a high level of resilience using multiple redundant data centres across the UK and the EU. Further details can here: https://docs.microsoft.com/en-gb/Office365/securitycompliance/office-365-data-resiliency-overview
• Outage reporting: Via the service status portal - A tenant-specific 'Service Health' Dashboard is available in the Microsoft 365 Admin Center. Outages are also reported via email to the organisation administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All support can be carried out by specified administration accounts only as required. Only those with granted permissions can access the admin centre and command-line operations. ; ; Administration access is governed using Multi-factor authentication (MFA) and conditional access rules.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 01/11/2019
• What the ISO/IEC 27001 doesn’t cover: Details of items that are included and not included can be found here: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=7c413968-9965-4a68-b59f-c0d106c63e4b&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_ISO_Reports
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ENISA IAF
  • EU Model Clauses
  • EU-U.S. Privacy Shield
  • ISO 27001
  • ISO 27018
  • SOC 1
  • SOC 2
  • FEDRAMP
  • FIPS 140-2
  • NIST 800-171

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: FISMA/FedRamp, EU Model Clauses, HIPAA/HITECH, ISB 1596, ISO 27018, SASE16 SOC1 & SOC 2
• Information security policies and processes: The Microsoft Cloud Security Policy is available via the Service Trust Platform ; ; Microsoft customers and regulators expect independent verification of our security, privacy, and compliance controls. In order to provide this, Microsoft undergoes several independent third-party audits on a regular basis. For each one, an independent auditor examines data centres, infrastructure, and operations. Regular audits are conducted to certify our compliance with the auditing standards ISO 27001, SOC, FedRAMP and PCI/DSS. Audit reports can be found here: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Microsoft 365 has developed formal standard operating procedures (SOP's) governing the change management process. These SOP's cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1/SOC 2, NIST 800-53, and others.; ; Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. OSA combines this knowledge with the experience of running hundreds of thousands of servers in data centres around the world.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built tools, intensive automated/manual penetration efforts, quality assurance processes, software security reviews and external audits. ; ; The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. ; ; The vulnerability management team tracks such issues and follows up frequently until they can verify that the issues have been remediated. Microsoft also maintains relationships and interfaces with members of the security research community.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft uses threat intelligence as protective monitoring of the product vulnerabilities. Threat intelligence gathers indicators or signals from a breadth and depth of sources to understand the threat landscape. As a security leader, Microsoft builds on our vast experience as a global enterprise, ongoing study of the threat landscape, broad scale, strength of signal, and visionary thinking to help understand and mitigate the effects of increasingly sophisticated attacks. ; ; These include zero-day attacks, targeted phishing campaigns, and other novel attack methods. Microsoft employs threat researchers and analytics systems across our global network to implement timely actions in view of the threat.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: If an incident occurs, the security team logs and prioritises it according to severity. Events directly impacting customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Microsoft incident management program is structured on handling incidents.; ; Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information. ; ; Tests consider a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Levett Consultancy is a proud member of the UK Government SME Climate hub where we are part of the business community aiming to halve carbon emissions by 2030 and contribute to net zero by 2050. ; ; As a cloud technology driven business, reducing carbon emissions is built into all of our solutions to maximise a green future i.e. transitioning clients from inefficient on-premises server hardware to efficient Cloud Platforms, implementing hybrid working allowing staff to work from home and have video meetings with clients to cut down on carbon emissions caused by travel.
• Covid-19 recovery:

  Covid-19 recovery

  Levett Consultancy throughout the pandemic was one of the approved Department for Education (DfE) suppliers tasked with deploying Digital Learning Platforms to schools in England that would ensure learning could continue. ; ; Since May 2020 Levett Consultancy has helped more than 40+ schools, academies and Multi-Academy Trust transition to the DfE approved Digital Learning Platforms. ; ; By being an instrumental part of this project we have been able to invest in our local communities through job creation and skilling frontline workers to become confident using cloud technologies that enables them to deliver their services from any location.
• Tackling economic inequality:

  Tackling economic inequality

  At Levett Consultancy we take our community social responsibility very seriously. ; We aim to conduct business in a way that is completely ethical. ; ; This means we take into account the social, economic and environmental impact of everything we do. Where possible we predominantly use local uk suppliers to support our business needs. ; ; We also have established a community and social responsibility program that enables us to give back to the local communities across the UK that have helped our business grow. We provide employment opportunities for those who are often furthest from employment and as an active member of the Defence Employer Recognition Scheme (ERS), we have been awarded the Silver Armed Services Covenant award by demonstrating our support to defence and the armed forces community and our aligned values with the Armed Forces Covenant. ; ; We work with local schools and Academy Trusts to provide work experience opportunities for year 10 and 11 students who are interested in a technology career. We also invest in the National Apprenticeship scheme whereby we provide opportunities for young adults to gain the necessary skills to forge a career within the IT industry. At the end of an apprenticeship we also provide a path for apprentices to work within the company on a permanent basis.
• Equal opportunity:

  Equal opportunity

  Levett Consultancy positively encourages diversity and inclusion at all levels within the organisation, and we are proud to have provided many career development opportunities to past, present and future employees. ; ; We are proud members of the Disability Confident scheme to support disabled people in the workplace helping them achieve their work and life goals. As part of our commitment to the Armed Services we provide opportunities for injured service personnel to gain work experience within the IT industry via the Career Transition Partnership (CTP) who help service personnel and their families transition from service life to civilian life. ; ; We are also recognised as a Living Wage employer since the scheme was established, and invest in local staff and pay wages which meet everyday needs - like the weekly shop, or a surprise trip to the dentist. ; ; We are committed to helping our staff develop and progress their career, to achieve this all staff have individual continuing professional development plans based on the objectives they have set for themselves within their annual performance review. ; ; This approach ensures the employee has full control of their career development whilst being guided by experienced mentors to ensure they maximise their potential and achieve their goals. Our ethos is also passed on to our supply chain who before we formally engage with, regardless of size, we will check that their ethos align to our ethos, this includes meeting and complying with modern slavery laws and standards.
• Wellbeing:

  Wellbeing

  The welfare of all our employees is paramount priority and goes together with our regard to society impact. ; ; All Levett Consultancy employees have access to private health care and 1:1 counselling support 24/7 during their employment. An employee work life balance is very important to Levett Consultancy, which is why all staff work 35 hours per week and have access to flexible working when needed.; ; We have also adopted hybrid work environments to allow staff to work from home when required. This approach allows our staff to be more productive whilst allowing the company to reduce its carbon footprint. We take a community approach to delivery of our services and products, where we have set up a customer advisory board made up of our local community of customers. The customer advisory board sits directly with our executive team, whereby any solutions or services we are looking to provide are first ratified by this board to ensure there is a positive impact on our customers and local communities.

Pricing

• Price: £6.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 30 day free trial is available for Microsoft 365. The trial is only available by registering online and is not subject to G Cloud terms and conditions. In addition, customers can engage with Levett Consultancy for a longer trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@levettconsultancy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.