ADDIN365 LIMITED

Power Platform Pack

The Addin365 Power Platform Pack gives you a set of pre-packaged automated forms and flows to solve common scenarios that organisations are trying to solve such as content approval, document approval and amplifying news in Microsoft 365.

Features

• Provides pre-built automated solutions to common business problems
• Product lives alongside Microsoft 365 out of the box components
• Monthly product updates enhancing existing and net new capabilities
• Pre-built applications can be tailored for each organisation
• Applications are hosted in your tenant's Power Platform environment
• All data remains within your tenant
• Solution can be installed into any of your internal environments

Benefits

• Push news and content to teams, individuals and Viva Engage
• Empower employees to provide feedback on matters important to them
• Automates content, document and news approval from your SharePoint intranet
• Conduct easy to complete surveys using the Addin365 survey form
• Empower employees to keep their profile data up to date
• Activity logs create an audit of document changes and signoff

£1,500 to £7,500 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@addin365.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

157693519638401

Contact

Suzy Dean
07759040258
hello@addin365.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: App packages for Microsoft 365
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Tbc
• System requirements:
  • Microsoft 365
  • Appropriate Microsoft licenses assigned to all required users

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours. A unique support SLA can be negotiated.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Microsoft Teams for chat support which meets WCAG 2.1 AA standards.
• Onsite support: Yes, at extra cost
• Support levels: Addin365 will provide fixes to defects reported that can be replicated by the Addin365 production team. Addin365 will not provide fixes for Microsoft 365 defects. These need to be reported by the organisation or their service partner to Microsoft Support. Addin365 use a ticketing platform called Freshdesk to support incident resolution, as well as a dedicated client Teams channel. Within 24 hours of a defect being reported to Addin365 a response will be issued to confirm receipt. Addin365 will investigate the defect. Addin365 aim to investigate issues and respond with a target fix date within 3 days. However, if the defect is complex it may take longer. If the defect can be reproduced Addin365 will issue a target fix date for the defect. The priority given to fixing a defect is dependent on the severity of the defect. Priority 1 defects will be resolved as a minor patch of the current release. Priority 2 and 3 defects will be fixed and delivered in the next major release. Major releases are monthly.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once the Power Platform Pack has been purchased, Addin365 install the product for you. You will need to have a Microsoft 365 tenant and licenses for those you wish to use the platform.; A workshop is ran to identify teams and scenarios for each pack item. These are prioritised and training is scheduled accordingly.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Video
  • Gif
• End-of-contract data extraction: Addin365 do not hold customer data.
• End-of-contract process: To off-board from Addin365 products at the end of the contract term, you will need to delete the power capabilities from the Power Platform service. This fully removes them from your tenant. Existing SharePoint pages will lose the Addin365 power capabilities (the power capabilities will no longer be available to use). The data within the page remains, and the audit experience remains. ; ; There are no off-boarding charges following the end of a subscription purchase.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: User experience elements reside withing the SharePoint Online (Modern)experience
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The user interfaces are checked using screen reading technology JAWS
• API: No
• Customisation available: Yes
• Description of customisation: Branding is customisable as are user configuration choices and layouts.

Scaling

• Independence of resources: Check

Analytics

• Service usage metrics: Yes
• Metrics types: Product metrics
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: No need to export data as it all lives in the customer tenant (your tenant).
• Data export formats: Other
• Other data export formats: No need to export data. It lives in customer tenant
• Data import formats: Other
• Other data import formats: No need to important data. It lives in customer tenant

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: The services is hosted within SharePoint Online within your Power Platform environment, therefore Microsoft's standards apply.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Since the solution is based on the Microsoft 365 platform, Microsoft provide a financially-backed guarantee of 99.9% availability for their Microsoft 365 platform - with service credits for non-availability beyond this threshold. Please see SLA documents at https://www.microsoft.com/licensing/docs
• Approach to resilience: Since the solution is based on the Microsoft 365 platform, full relevant details can be found here - https://www.microsoft.com/en-gb/trust-center
• Outage reporting: Since the solution is based on the Microsoft 365 platform, full relevant details can be found here - https://status.office365.com/

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Azure ID managmed identity with 2-factor authentication
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus. Information security based on • International Standard ISO27001 – Information Security Management System • International Standard ISO27002- Code of practice for Information Security Controls • EU General Data Protection Regulation • UK Data Protection Act 2018 • Compliance with other appropriate UK and International Legislation as appropriate.
• Information security policies and processes: Our CTO is our DPO and is for responsible for IT security, and for implementing our information security policy. Our CEO is responsible for implementing our Business continuity plan. We follow industry recognised threat and risk assessment methodologies and undertake risk assessments as necessary, at a minimum annually for the overall organisation. Risk Assessment tools include but are not limited to – • Risk Register • DPIA (Data Privacy Impact Assessment) We base our information security policy on the recognised industry standards and laws applicable to Addin365’s information assets as follows: • International Standard ISO27001 – Information Security Management System • International Standard ISO27002- Code of practice for Information Security Controls • EU General Data Protection Regulation • UK Data Protection Act 2018 • Cyber Essentials • Compliance with other appropriate UK and International Legislation as appropriate. We are Cyber essentials plus accredited. We update our information security policy annually, and ensure all contents are communicated to staff, and that staff receive adequate awareness training at hire and at least annually. Staff have to acknowledge that they have read and understood our information security policies and procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes that could transform, alter, or modify the operating environment or standard operating procedures of any system or service that has the potential to affect the stability and reliability of the infrastructure or disrupt the business shall be carried out through a formal change control process and supporting business justifications are documented. The CTO (Chief Technical Officer) is responsible for change management of all Addin365 systems.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We only use platforms which are SaaS so do not have an operational requirement to do operating system and firmware patch management. The Addin365 software development process includes a gated ring deployment config which includes a pipe step for vulnerability discovery and remediation
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We are Cyber Essentials Plus accredited. We have effective controls to both prevent and detect the execution of malicious application code that could impact the confidentiality, integrity, or availability of Addin365 capabilities. Controls are implemented to prevent, detect, and remove malicious code from business systems and applications. Anti-virus/Anti-malware/Anti-ransomware software is installed and running on all of Addin365 computing assets. Email messages and attachments are scanned for viruses and other malicious code prior to being accessed by staff. Unauthorised software is not accessed or installed on Addin365 systems or devices by any member of staff.
• Incident management type: Supplier-defined controls
• Incident management approach: Addin365 will ensure information security incidents are identified, managed, and reported in an effective manner to protect the confidentiality, integrity, and availability of Addin365 capabilities. This is supported by the following policy, procedure and supporting documents – Breach/Incident Procedure Subject Access Request Procedure Risk Register Data Protection Policy

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Addin365 regularly donate to the Watford foodbank. The Watford Foodbank is part of the Trussell Trust network, which distributed 3 million food parcels from April 2022 to March 2023, a 37% increase from the previous year. Addin365 is one of the largest donors to Watford Foodbank. Our regular foodbank donations, totalling 1,500kg (Feb 2024) of food, have directly stopped people from going hungry. The Watford Foodbank is providing an important community contribution and helping many people in need. Addin365 believe everyone's needs should be met and that is why helping the Watford foodbank is important to us.

  Equal opportunity

  Despite the fact that only 26% of the UK tech workforce are women, according to the Women in Tech Survey 2023, we are determined to change this. Our social impact strategy includes support initiatives that empower women to enter and thrive in the tech industry. From early career days for female graduates to back to work programmes for new mothers and guidance for female entrepreneurs seeking funding for growth, we are actively working to create a more inclusive and equitable tech industry. At Addin365 we are looking to make a difference through multiple avenues. We participated in a roundtable hosted by WM People focusing on foregrounding best practice in SME recruitment and retention. This event was a valuable opportunity to learn from other SME leaders and to contribute to the ongoing conversation on how to create a more sustainable, inclusive and innovative SME sector. We were also a speaker at the "Scaling Up Your Business and Exercising a High Growth Mindset" event. Our CEO, Suzy Dean had the privilege of sharing her knowledge and experience with entrepreneurs, especially women, as to how to scale their businesses. We were also able to provide a portion of the tickets for this event to Everywoman, whose mission is to contribute to a more diverse, energised and profitable tech sector. We have also participated in STEM events, and were able to sponsor the Everywoman Tech Forum Early Careers Day and share our insights and experiences with aspiring female STEM graduates.

Pricing

• Price: £1,500 to £7,500 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@addin365.com. Tell them what format you need. It will help if you say what assistive technology you use.