Quorum Network Resources Ltd

Microsoft Azure Public Cloud

Quorum are a Direct Microsoft Cloud Solutions Provider (CSP) which allows us to deploy leading edge IT services suitable for all business sizes. As a Direct CSP, Quorum are a single point of contact for any technical assistance and billing for Microsoft Cloud solutions.

Features

• Flexible deployment and scaling
• Access to range of Microsoft Azure Services
• SharePoint, SQL Server, and Windows Server run on Microsoft Azure
• Public Cloud Platform as a Service (PaaS)
• Public Cloud Infrastructure as a Service (IaaS)
• Application Modernisation
• Data and Artificial Intelligence (AI) Services
• Backup and Recovery on Azure
• Cloud Adoption Framework and Azure Landing Zones
• Infrastructure as Code (IaC) and CI/CD Pipelines

Benefits

• Single partner relationship for licencing, implementation, training and support
• Flexible billing to suit client needs
• Direct Microsoft Cloud Solution Provider (CSP)
• Support from highly experienced staff
• ISO27001 certified
• Licensing advice and optimisation to ensure best value
• Architectural guidance and code review

£740 to £1,450 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qnrl.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

221302615168380

Contact

Client Sales
0131 652 3954
tenders@qnrl.com

Service scope

• Service constraints: As a Direct CSP, Quorum are subject to Microsoft constraints and would be dependent on the needs of the client.
• System requirements:
  • Microsoft Azure Subscription will be provided via CSP
  • Connectivity to Azure

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard support hours are Monday to Friday from 8am until 6pm, with an initial response in one hour or less. Out of hours cover can be arranged at additional cost. The support response times are agreed in collaboration with buyers based on their business requirements.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Quorum provide the following support options (price dependent on client requirement): ; ; Full Managed Service - Full responsibility for your end-to-end IT services, including external suppliers and project delivery. 24/7 phone support is available by agreement (incurs an additional charge). ; ; IT Director as a Service - gives access to senior IT Directors on a part-time basis to review your current IT capability and develop your IT roadmap, ensuring IT is aligned to the changing needs of your business. ; ; End User & Cloud Infrastructure Support - As your outsourced infrastructure team, we take responsibility for proactively monitoring, patching, and managing servers, storage, and network devices, ensuring they remain highly available, performant, and healthy. ; ; Database Administration - A team of experienced, certified database professionals to look after your company databases, ensuring your business applications are robust, fast performing, and delivering the management information required for your business. ; ; Managed Security Services – A team of security professionals provide security monitoring and alerting on your estate and 24/7 incident response. The team also regularly review and remediate any security holes within the estate to provide increased security posture. ; ; Clients will be assigned a designated Account Manager and if required, a lead cloud engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: See https://azure.microsoft.com/en-us/resources/ plus comprehensive online documentation for various solutions available across the platform. See https://docs.microsoft.com/en-us/azure/
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers are able to remove their data at any time through the same means they uploaded, either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
• End-of-contract process: Please see https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data; ; Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.; If a cloud subscription is terminated or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.; After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.); ; When customer data is hosted in the multitenant environments of Microsoft business cloud services, we take careful measures to logically separate customer data. This prevents one customer’s data from leaking into that of another customer, and also blocks any customer from accessing another customer’s deleted data.

Using the service

• Web browser interface: Yes
• Using the web interface: Manage and deploy services via the Azure Portal. See https://azure.microsoft.com/en-gb/
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Microsoft evaluates products and services using the Department of Homeland Security (DHS) Trusted Tester program, Version 5, which creates a common testing approach for determining conformance to Section 508. Microsoft’s methodology also assesses products and services against W3C’s Web Content Accessibility Guidelines (WCAG) and ETSI EN 301 549. Along with Trusted Tester, our evaluation is commonly supported by automated testing; manual testing; testing with assistive technology; and functional testing by individuals with disabilities.
• API: Yes
• What users can and can't do using the API: The Azure API Management service allows users to create their own APIs for the deployment of the required solutions on to the Azure platform.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Azure Command Line Interface (CLI) is optimized for managing and administering Azure resources and for building automation scripts that work against the Azure Resource Manager. For more information, please see https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Azure represents a hyper-scale public cloud service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS
  • Other
• Other usage reporting: Azure Portal

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Please see https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • PaaS Services
• Backup controls: Backups are controlled by users.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacentres. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: ACL Based Network Security Groups are also used. See https://azure.microsoft.com/en-us/blog/network-security-groups/

Availability and resilience

• Guaranteed availability: See Microsoft's Online Service Terms at https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1
• Approach to resilience: Please see https://learn.microsoft.com/en-us/compliance/assurance/assurance-resiliency-and-continuity
• Outage reporting: Please see https://learn.microsoft.com/en-us/azure/service-health/azure-status-overview

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Microsoft Azure Active Directory (Azure AD) allows clients to designate administrators to manage identity tasks in less privileged roles. Administrators can be assigned for purposes such as adding or changing users, resetting user passwords, managing user licenses and domain names. ; ; The Global Administrator has access to all administrative features. The person who signs up for an Azure subscription is assigned the Global Administrator role for the directory by default so it important to be aware of this. Only Global Administrators and Privileged Role Administrators can delegate administrator roles.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CQS – Certified Quality Systems Ltd
• ISO/IEC 27001 accreditation date: 16/01/2023
• What the ISO/IEC 27001 doesn’t cover: The scope of the certification applies to the approved Information Security Management Systems relating to the provision of IT Support, software development and IT consultancy services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Please see https://www.microsoft.com/en-us/security
• Information security policies and processes: Quorum is fully compliant and committed to maintaining compliance in all data security transactions. Certified Information Systems Security Professionals (CISSP) are continually working with key stakeholders and individual practice owners to ensure that the security policy is appropriate and suitable for the company. ; These Certified Security Professionals also provide advice and guidance to our clients ensuring their IT systems are built to design with security in mind.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Quorum has a dedicated Project Management Office for all project related tasks and planning is a key activity in any service undertaken. ; ; Quorum will comply with client defined controls and can, where necessary make recommendations on a suitable approach to take where one does not already exist.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. Microsoft Antimalware for Azure provides configurable alerts when known malicious or unwanted software attempts to install itself or run on your Azure systems. It is configured through the Azure Management Portal . ; ; Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.; ; For more information, please visit https://download.microsoft.com/download/C/5/5/C55C7170-9AA0-4187-9A78-C5AE85C8161D/Cloud_Infrastructure_Operational_Excellence_and_Reliability_Strategy_Brief.pdf
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Microsoft follow a 5 step incident response process for managing both security and availability incidents for Azure services. ; ; Detect - First indication of an event investigation.; Assess - An on-call incident response team member assesses the impact and severity of the event. ; Diagnose - Security response experts conduct the technical or forensic investigation, identify, containment, mitigation and workaround strategies.; Stabilise, Recover - The incident response team creates a recovery plan to mitigate the issue. Crisis containment steps such as quarantining impacted systems may occur immediately and in parallel with diagnosis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Please see https://www.microsoft.com/en-us/security

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Please see https://azure.microsoft.com/en-gb/explore/global-infrastructure/sustainability

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are certified to ISO14001: Quorum are committed to reducing our carbon footprint in the following ways.; A reduction of energy consumption:; • Outdated storage heating system upgraded to up-to-date gas central heating and water system.; • Secondary double glazing layer added to windows to keep in heat.; • More IT systems run on the cloud, significantly reducing the number of servers in our office.; • All fluorescent tube lighting replaced with LED lighting.; Actively discouraging unnecessary travel by offering the following:; • Virtual meetings via Teams are always prioritised over booking flights.; • Employees are advised to travel using public transport where possible in preference to taxis and lone driving.; • Various schemes to make costly local transport season tickets, and suitable bikes more affordable by paying in full and then deducting the cost from the employee monthly.; Having a robust recycling policy that is adhered to by all employees in Quorum offices. Quorum currently recycle the following:; • Plastic; • Paper; • Cardboard; • Food tins and drinks cans; • Glass; • Batteries; • Printer ink & toners; • IT Equipment (a separate policy dictates the secure recycling of IT equipment and media disposal).

  Covid-19 recovery

  Quorum are committed to assisting our employees and our local area during Covid Recovery in the following ways.; Work Opportunities:; • Quorum offers both graduate and apprenticeship positions, giving young workers the opportunity to further their learning with bespoke training and development plans which set out clear targets and outcomes. This enables them to develop beyond the entry level positions they would normally start in. Since the start of the COVID-19 pandemic, Quorum has successfully brought on two graduate employees.; Supporting the Community:; • In place of corporate Christmas gifts and cards, Quorum decided to use the festive seasons as an opportunity to give back to and support causes meaningful to our employees and the local community. An annual amount is set aside, and our employees nominate charities that are close to their heart and this pot is distributed amongst the chosen charities. Since the beginning of the pandemic, Quorum has donated to small local charities that have directly impacted employees and their families such as Kilbryde Hospice, Lothian Autistic Society, Social Bite and Read to Rise.; Supporting Mental Health:; • At the onset of the pandemic, Quorum engaged with Health in Mind Resolve to offer all employees free, private counselling sessions.; • Quorum greatly supports the mental well-being of employees and has seven Mental Health First Aiders that are trained to recognise the signs and symptoms of various mental health problems, offer support to those in a crisis, and provide knowledge of support systems to assist those seeking professional support.; Improving Workplace Conditions:; • Following the ease of COVID restrictions, Quorum is offering each employee the right to work remotely, using the main office as a drop in hub.

  Tackling economic inequality

  At Quorum we value good people, people we trust, feel empathy for and respect. We want all our people, as owners of the business, to feel we are being ourselves, taking ownership, demonstrating fairness with the freedom to be ourselves with our clients. We pride ourselves on doing the right thing, demonstrating our integrity, working with consistency, and giving our clients confidence in our solutions. ; ; In June 2015 Quorum made a Commitment to the Scottish Business Pledge. As part of the pledge Quorum are committed to supporting young people towards and into employment including placements, apprenticeships, and partnerships with Universities across Scotland.; ; We offer family friendly, flexible working. Our Managing Director Andrew Watson is a Family Friendly Working Scotland ‘Champion’. ; ; We have signed up to the Living Wage Foundation and provide fair pay to all our permanent and contract employees. We are part of the Living Wage in Tech Leadership Group. We do not use zero hour contracts.

  Equal opportunity

  Quorum is an Equal Opportunities employer and is committed to eliminating discrimination in any form, and to promoting diversity and all its benefits. Our recruitment policies require all employees involved in the recruitment process to act without bias. We always investigate candidate opportunities within the local labour market and will only look further afield should we fail to find the right candidate for the role. Quorum takes our responsibilities as an employer very seriously and we constantly work to improve our performance in our employment practices wherever possible.; ; We foster a culture of diversity and equality within our company, encouraging individual interests where possible and appropriate; our relatively flat management structure ensures that employees have clear, daily access to the management team and directors who will work alongside teams on various projects. Our employees come from a wide variety of backgrounds and we welcome the diversity of knowledge and experience that they bring to the group. Our approach in this is supported by our Equal Opportunities Policy, Recruitment Policy and our internal management system which is structured and informed by our ISO 9001 certification.

  Wellbeing

  Quorum was founded in 1999 with a vision to provide a great place for people to work. Our mission has always been to deliver high quality IT solutions with outstanding customer service and care for our employees. We continue to uphold the passion, teamwork, and technical specialisation which we believe sets us apart in this industry.; ; We became employee-owned in 2019 to secure the future of the company for our customers and employees. We actively look to work with organisations who are similar in culture to ourselves, clients that value the investment we put into our people. We have many, longstanding, rewarding relationships with clients that we have been able to truly collaborate with.; ; At Quorum we value good people, people we trust, feel empathy for and respect. We want all our people, as owners of the business, to feel we are being ourselves, taking ownership and demonstrating fairness with the freedom to be ourselves with our clients. We pride ourselves on doing the right thing, demonstrating our integrity, working with consistency, and giving our clients confidence in our solutions.; Quorum supports career opportunities in all of our disciplines including technical, project management, sales, account management, operations and finance. Our staff have the opportunity to make lateral moves within Quorum should they wish to pursue a new career path.; Quorum greatly supports the mental well-being of employees and has seven Mental Health First Aiders that are trained to recognise the signs and symptoms of various mental health problems, offer support to those in a crisis, and provide knowledge of support systems to assist those seeking professional support.

Pricing

• Price: £740 to £1,450 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Please see https://azure.microsoft.com/en-us/free

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qnrl.com. Tell them what format you need. It will help if you say what assistive technology you use.