Skip to main content

Help us improve the Digital Marketplace - send your feedback

HSO Enterprise Solutions Limited

Azure Cloud Infrastructure Assessment

HSO - leverage the power of Microsoft to transform the way you work.
Microsoft Azure Cloud reduces on-premises infrastructure. Guaranteed uptime, secure and easily scalable. Implementations involve infrastructure, data, integration, analytics, machine learning, AI, and applications. HSO’s service provides assessment, planning, design, implementation, support, and licensing.

Features

  • Utilise Microsoft Azure Active Directory for Identity management
  • Microsoft Azure infrastructure and application performance monitoring
  • DevOps and Developer tools
  • Architect, design, integrate, govern solutions
  • Microsoft Azure synchronous and asynchronous integration
  • Machine Learning and Cognitive AI (Artificial Intelligence) service
  • Microsoft Azure Gateway connector to on-premises infrastructure
  • Data Lake and Data Factory services for data platform
  • IoT (Internet of things) service platform
  • Manage authentication and authorization for applications with Azure

Benefits

  • Secure organisational data and gain central control
  • Reduce implementation costs compared to on-premises equivalent
  • Avoid expense and complexity of buying / managing physical servers
  • Improve stability with Microsoft Guaranteed up time
  • Gain disaster recovery through multiple data centres for performance
  • Protect, store, back-up and recover data cost-effectively and securely
  • Future-proof by managing increasing/decreasing workloads with auto scale
  • Make informed decisions using machine learning and AI
  • Reduce cost and time to test and build applications
  • Delivered by a Microsoft Inner Circle Partner with ISO27001 accreditation

Pricing

£500 to £1,900 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-GCloud@hso.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 9 3 6 7 8 4 4 2 4 1 9 5 8 6

Contact

HSO Enterprise Solutions Limited Michael Lonnon
Telephone: 07849087668
Email: UK-GCloud@hso.com

Service scope

Service constraints
None - The HSO Support Contract will state what solutions are being supported and the agreed Service Levels.
System requirements
  • Users typically need an Internet connection (some apps work offline).
  • Access to an HTML5 Compliant Web Browser - supports BYOD.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
HSO Support's Response times are dependent on severity of the case, starting from 15 minutes.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
HSO provide various Support Level options, starting from an Essential Agreement which is provided by purchasing blocks of Support hours. Further offerings, both reactive and proactive, are available as fixed price agreements, with the ability to raise unlimited Incidents, with unlimited hours spent to resolve them.

All Customers will be assigned a dedicated Service Delivery Manager who will be responsible for all services delivered under the Support Agreement.

Within these agreements, there is a comprehensive Service Catalogue where customers can choose, and therefore only pay for, the services that they require.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
HSO can either tailor to client requirements or provide a standard, predefined solution, based on ITIL v3 processes and guidelines. Further information on request
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
We agree exit terms and processes at the time of contracting. The exact format turnaround and processes related to data extraction is determined at this point. Further details on demand. Subject to security controls, data can be exported using various methods including inbuilt data export tools and various third-party solutions.
End-of-contract process
HSO will agree end of contract scenarios in advance with the Buyer and either tailored to client requirements or provide a standard, predefined solution, based on ITIL v3 processes and guidelines. Additional costs are determined on a case by case basis, dependent on size and complexities of activities.

Using the service

Web browser interface
Yes
Using the web interface
"The API for Dynamics 365 is comprehensive, however, all API services are typically agreed separately with customers in line with their requirements.

Dynamics 365 unifies the capabilities of CRM business software and ERP systems by providing intelligent applications that seamlessly work together in the cloud. Please see this link for more information regarding Dynamics 365 REST API's::

https://docs.microsoft.com/en-us/rest/dynamics365/"
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
The Windows Software Development Kit (SDK) includes several accessibility testing tools such as AccScope, Inspect and UI Accessibility Checker. These tools can help you verify the accessibility of your app.
API
Yes
What users can and can't do using the API
"The API for Dynamics 365 is comprehensive, however, all API services are typically agreed separately with customers in line with their requirements.

Dynamics 365 unifies the capabilities of CRM business software and ERP systems by providing intelligent applications that seamlessly work together in the cloud. Please see this link for more information regarding Dynamics 365 REST API's::

https://docs.microsoft.com/en-us/rest/dynamics365/"
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script.

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
The service leverages the Microsoft Cloud Service. This is designed to meet the needs of operating a service at scale. Other key components include: robust security, scalability, performance, tenant isolation, serviceability, and monitoring.
Usage notifications
Yes
Usage reporting
  • Email
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Databases
  • Files and Blobs
  • Emails
  • Configuration and Customisations
Backup controls
Users can control, manually perform backups and define schedules through the Azure Portal.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Microsoft guarantees High Availability - 99.9%.
Approach to resilience
The Microsoft datacentres adhere to the Microsoft Business Continuity and Disaster Recovery (BCDR) standard. Detailed information is available upon request.
Outage reporting
Outage reporting methods include, but are not limited to, Public Dashboards, APIs, Mobile App Push notifications and Email Alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
Provided by role-based security model which allows you to control and define what actions a user can perform and what records a user has access to.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau - Certificate Number 212127
ISO/IEC 27001 accreditation date
Initial Certification: 23 April 2018, Latest Issue: 21 June 2021.
What the ISO/IEC 27001 doesn’t cover
N/A - Covers ALL HSO UK trading companies: HSO Enterprise Solutions, HSO CRM Solutions & HSO Customer Service.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
"Cyber Essentials Plus

Note: HSO have answered this section from an HSO (reseller and implementer) only perspective.

Microsoft also holds both these certifications plus many more."
Information security policies and processes
In formulating and implementing HSO security policies, HSO incorporates the following protocols

a. Identified reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information;

b. Assessed the likelihood and potential damage of these threats, taking into consideration the sensitivity of the personal information;

c. Evaluated the sufficiency of existing policies, procedures, customer information systems, and other safeguards in place to control risks;

d. Designed and implemented an Information Security Management System that puts safeguards in place to minimize those risks; and

e. Implemented regular monitoring of the effectiveness of those safeguards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
HSO has a dedicated Information Security Manager (ISM) and Information Security Management System.

Configuration and Change Management processes at HSO include, but are not limited to:
1. Published processes, and education / training- new starter induction and ongoing refresher training.
2. Use of system tools to capture request, obtain approval and record outcome / actions, e.g. DevOps registers.
3. Steering committee review and approval needed for changes.
4. Regular review and audit of our configuration and change management processes during our ISO 27001 (Information Security) and Cyber Essentials Plus audit and ongoing certification renewal.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
HSO has a dedicated Information Security Manager (ISM) who is responsible for out Information Security Management System and all underlying Policies within HSO UK.

Vulnerability Management processes at HSO include, but are not limited to:
1. Published processes and education / training - new starter induction and ongoing refresher training.
2. Regular internal vulnerability tests, e.g. through use of dummy phishing emails looking to capture user details.
3. Regular vulnerability tests by external Security specialists.
4. Regular review and audit of our vulnerability processes during our ISO 27001 (Information Security) and Cyber Essentials Plus audit and ongoing certification renewal.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring processes at HSO include, but not limited to:
-Published processes and education/training - new starter induction and ongoing refresher training.
-Azure AD's security, logging and audit-related capabilities such-as Multi-factor authentication, regular review of access-logs / exceptions across applications.
-Use of various system alerts to notify IT of any unusual behaviour. HSO'S internal IT department has dedicated Incident Case types for employees/users to report all suspicious activity against, phishing emails, etc.
-Regular review/audit of our protective monitoring processes as part of ISO 27001 (Information Security) audit and ongoing certfication renewal.
-As per 4. fro Cycber Essentials Plus certification too.
Incident management type
Supplier-defined controls
Incident management approach
HSO has a dedicated Information-Security-Manager responsible for all underlying Policies, working closely with an HSO-Group ISM to share best-practices.

Protective monitoring processes include:
-Published processes and training/new-starter induction and ongoing training.
-Incidents investigated immediately, assessed and reported to appropriate internal, and/or external parties, including necessary notifications to customers/suppliers/partners.
-Once resolved, lessons-learnt review performed to ensure mitigating risk of similar incident happening again. Perform internal Risk Mitigation reviews to ensure constant review and improve resilience to accidental or malicious security and data incidents.
-Regular review/audit of proactive monitoring processes during ISO27001 (InformationSecurity) and Cyber Essentials Plus audit and ongoing certification renewal.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft
How shared infrastructure is kept separate
Many techniques and technologies are deployed. Detailed information can be supplied upon request.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft’s datacentres in the UK and EU are designed to yield major gains in efficiency and sustainability in accordance with their commitment to the EU Code of Conduct for Energy Efficient Datacentres.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery

Fighting climate change

Planet - Sustainable, greener, and cleaner future.

In the quest for a more sustainable tomorrow, HSO embraces a holistic approach to sustainability. Unwaveringly committed to reducing carbon footprint and maximising supply chain opportunities. Our vision encompasses more than just environmental responsibility; it embodies a philosophy of harmonising growth and innovation with a profound respect for the planet.

Embedding sustainable practices

HSO is committed to environmental excellence and pollution prevention. It works to surpass industry standards and lessen our impact on the local and global environment by conserving energy, water, and other natural resources; reducing waste generation; recycling and reducing our use of toxic materials. Emphasising efficient resourcing, responsible procurement, and innovation, HSO strives for a greener future.

By combining HSOs expertise as a Microsoft solutions provider with the power of Microsoft’s sustainable technologies and solutions, we’re able to support customers in achieving their net zero goals. To find more about how we can do this and help your organisation, please read page 10 of our latest Social Value brochure which can be found here:
https://www.hso.com/media/j15bdjwu/hso-social-value-brochure-2024-2.pdf

HSO can also provide our customers with the following service - an ESG Assessment. We analyse your Environmental, Social & Governance (ESG) reporting and support you in closing gaps to enable automated reporting. Please see the following HSO website link for further details:
https://www.hso.com/consultancy-offering/esg-assessment

Covid-19 recovery

Prosperity - Skills, opportunity, and liberating lives.

A prosperous economy supports thriving communities and, in turn, people. HSO's commitment to ethical business practices, giving back to our communities, fair trade and responsible sourcing, ensures our growth and success go hand in hand with the well-being of wider communities.

Supporting the wider community: HSO works with multiple charities. For 2023/24, these are The Stroke Association, British Heart Foundation, and Alzheimer’s Research UK. To date, HSO's employees have raised over £114,000 for charity, which HSO has matched.

Putting technology and skills to good use: As well as time and money, HSO uses our skills to help non-profit organisations do more, eg. during lockdown, KidsOut, faced volunteer shortages affecting toy distribution to children in care and living in refuges. HSO built an app to streamline toy box scanning and tracking nationwide. Before this, KidsOut used a paper-based system to manage toy donations. The app removed time-consuming manual tasks, aiding volunteers, enabling growth and ensured efficient delivery despite employee / volunteer limitations.

Local economic development: HSO people are encouraged to involve themselves in local economic development initiatives. This can involve infrastructure projects or community facilities, leading to new business opportunities and job creation.

Education and training initiatives: HSO works with organisations to support training and apprenticeship programmes. This bridges the skills gap by offering practical, industry-specific training to individuals seeking to enter work.

By combining HSOs expertise as a Microsoft solutions provider with the power of Microsoft’s sustainable technologies and solutions, we are able to support you achieve your organisation's goals, improving lives of those in your community. Please read our latest Social Value brochure:
https://www.hso.com/media/j15bdjwu/hso-social-value-brochure-2024-2.pdf

HSO can provide our customers with an ESG Assessment. We analyse your Environmental, Social & Governance (ESG) reporting, helping close gaps to enable automated reporting. Please see:
https://www.hso.com/consultancy-offering/esg-assessment

Pricing

Price
£500 to £1,900 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-GCloud@hso.com. Tell them what format you need. It will help if you say what assistive technology you use.