Brightwire

SharePoint for Policies and Procedures - Creating, Managing and Publishing

Transform the way you create policies and procedures. We build modern SharePoint digital workplaces that improve document management. Our Policies and Procedures toolkit supports the creation and editing of documents, collaboration, review and approval, and publishing to an intranet, alongside notification on impending review and version history for auditing purposes.

Features

• Intranets and web portals
• Document and records management
• Digital workspaces with Microsoft Teams
• Workflows & automation
• Integration-capable with other business applications
• Access and authentication
• Supports internal communications
• Improves collaboration and information sharing
• Highly customisable
• Responsive and highly usable

Benefits

• Great user adoption with the modern SharePoint interface
• Improve communication
• Foster collaboration in people and teams with SharePoint
• Role-based model targets relevant content
• Streamline and automate business processes using workflows
• Quick and easy access to content with sophisticated search
• Fully customisable interface can be impressive and visually appealing
• Bring disparate SharePoint sites together to improve central administration
• Easily manage security and user permissions
• Migrate data from existing SharePoint environment and network file shares

£725 a unit a day

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

235618280213598

Contact

Clare Millar
0131 541 2159
clare.millar@brightwire.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SharePoint intranet consulting and custom development; business transformation and internal communications consulting.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
• System requirements:
  • Office365/SharePoint environment
  • Office365, 2016, 2013, 2010
  • Latest versions of Mozilla Firefox, Google Chrome, Apple Safari
  • Processor - 1.9 (GHz) x86 or x64-bit dual core processor
  • Memory - 2GB RAM
  • Display - SuperVGA with a resolution of 1024 x 768
  • Bandwidth greater than 50 KBps (400 kbps)
  • Windows 10 - Internet Explorer 11 and Microsoft Edge
  • Windows 8.1 - Internet Explorer 11 and Microsoft Edge
  • Further information on the Microsoft site: https://docs.microsoft.com/en-gb/sharepoint/

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer a variety of training plans to help users start using the service. Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings. User documentation is provided where required in electronic format. Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking. User guides: these can either be documented or video guides for users and contain quick tips and handy reference information. Online training: we can provide online training if required - typically to larger groups of users. The level of onboarding and offboarding support depends on the customer's requirements. We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Video/Multimedia
• End-of-contract data extraction: All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
• End-of-contract process: The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: SharePoint provides a service interface out of the box to enable management and configuration of sites and users.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Extensive testing has been done by Microsoft to ensure compliance with accessibility guidelines. Conformance reports can be found here: - https://www.microsoft.com/en-gb/Accessibility/accessibility-conformance-reports - https://www.microsoft.com/en-us/trustcenter/compliance/compliance-offerings/wcag - https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/
• API: Yes
• What users can and can't do using the API: A variety of functions can be performed using the Web API and these depend on client need. This allows users to work with content, media, and users via a REST API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: SharePoint can be extensively customised to suit client needs. A range of areas can be customised - ranging from simple to complex workflows, triggers and notifications, and integration. Examples include: ; ; - easily create new policies and procedures based on a template; - email notifications triggered by impending review date; - collaborate with others on document edits; - customisable review and approval process with tracking; - ability to manage navigation globally across Hub sites; - ability to manage users and groups easily ; - tools for managing news and templates from a single place; - document templates; - custom 'search as you type' for policies ; - permission-trimmed content ; - staff directory excludes distribution lists, groups and generic addresses; - hidden 'administration' area to manage assets, global page templates, news and the global navigation; - customised, branded intranets; - specific secured areas with restricted access; - page layouts and templates; - news hubs pulling together news from a variety of areas ; - a central place for policies and procedures; - HR information on-demand for your employees; - wellbeing and support areas for staff ; - document management, workflows and approval processes ; - integration with Dynamics 365 and Microsoft Teams ; - configurable user management tools

Scaling

• Independence of resources: There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Various formats can be exported
  • XML and database backups
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Various formats can be exported from Dynamics365
  • XML and database backups

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: For Microsoft SharePoint and 365 licensing the Microsoft guarantee for service level uptime is 99.9%. Should the service fall below this in a given month then a credit will be given against the applicable month's subscription fee.
• Approach to resilience: Microsoft 365 and SharePoint offerings are delivered by highly resilient systems that help to ensure high levels of service. Service continuity provisions are part of the 365 system design. These provisions enable 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable). The Microsoft 365 and SharePoint Online service is designed to provide a high degree of security, continuity, and compliance—service goals that are derived from the Microsoft Risk Management program. Further information is available here: https://docs.microsoft.com/en-gb/Office365/securitycompliance/office-365-data-resiliency-overview
• Outage reporting: Administrator dashboard with alerts and notifications (email and online). Outages are reported through the Office 365 admin center. Clients can see the current and historic service health, and planned maintenance. Further information is available here: https://docs.microsoft.com/en-us/office365/enterprise/view-service-health

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality. Users are authenticated by using an Office 365 account (Office 365 licence not required). Authentication can be handled in a variety of ways depending on how a client wishes to manage access, including multi-factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI - see website for Office365- Certificate Number IS 552878
• ISO/IEC 27001 accreditation date: 15/10/2016
• What the ISO/IEC 27001 doesn’t cover: In scope: The management of Information Security Management System (ISMS) for Microsoft Office 365 Services development, operations, support, and protection of personally identifiable information. The underlying platform is accredited to ISO27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO. Further information on security with SharePoint and Office365 can be found here: https://docs.microsoft.com/en-us/office365/securitycompliance/

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:; Request: Initiation of a change with a request for change (RFC);; Classification: Assigning a priority to the change after assessing its urgency and impact;; Authorisation: Processing the RFC through to the change advisory board;; Development: Developing the change, release management;; Release Management: Releasing the change for testing;; Review: Conducting post-deployment review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. Critical updates are always deployed as soon as they become available and always within a 4 hour window. Office 365 runs multiple layers of antivirus software to ensure protection from malicious software. Servers within the Office 365 environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. For outage incidents with SharePoint/Office 365 that are Microsoft related, the administrator will receive alerts and be able to raise issues using the administration dashboard. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  uilding systems on Microsoft SharePoint, Teams and M365 significantly enhances our ability to address our customers’ environmental challenges and advance towards net-zero greenhouse gas emissions. This cloud infrastructure optimises operational efficiency and promotes environmental stewardship through data-driven insights and streamlined processes. These platforms reduce the need for physical IT resources, by centralising data storage and computing in Microsoft’s energy-efficient datacentres that prioritise renewable energy and minimise carbon footprints. Additionally, they automate workflows and optimise resource allocation, reduce the need for physical resources and decrease the environmental footprint of daily operations. For instance, reducing paper use through digital records and communications significantly cuts waste and energy associated with paper production and disposal, directly lowering greenhouse gas emissions and encouraging sustainable practices. This shift not only contributes directly to reducing greenhouse gas emissions but also sets a precedent for adopting sustainable practices within the workspace. Our systems play a crucial role in promoting environmental responsibility among staff, suppliers, customers, and communities. They also enable organisations to effectively track sustainability metrics, such as reductions in process completion times, paper use, and energy consumption. Our platforms facilitate collaboration and communication and help ensure that environmental objectives are aligned with their continuous development and adoption. By leveraging Microsoft's platforms, our customers can promote environmental awareness and best practices among their staff and stakeholders. This approach fosters broader support for sustainability initiatives, amplifying their impact on environmental protection and improvement. Our solutions leverage cloud technology not only for business efficiency but also as a powerful tool for environmental stewardship. They provide a pathway for our customers to achieve sustainability goals and influence a wider community, and are able to contribute significantly to our customers’ efforts against climate change.

  Covid-19 recovery

  Leveraging cloud and Microsoft technologies, our solutions empower communities to navigate and overcome the repercussions of COVID-19. By enhancing digital platforms, we streamline the re-training and return-to-work processes for those unemployed due to the pandemic, fostering seamless transitions into emerging job sectors. Our technology also strengthens the resilience of people and communities, providing tools that facilitate effective communication and resource management, critical for recovery. For organizations and businesses, our solutions enable adaptable new working methods, ensuring continuity and efficiency in service delivery. Additionally, we support the physical and mental well-being of individuals by automating routine tasks to reduce workload and stress, improving employee well-being. Moreover, our innovations improve workplace conditions by enabling robust remote working infrastructures and promoting health-conscious operational practices, crucial for sustaining recovery efforts.

  Tackling economic inequality

  Our business applications are specifically engineered to tackle economic inequality by creating significant employment opportunities and enhancing training systems. By developing user-friendly systems that are straightforward to learn, we reduce the training period required for new hires in our customers' organizations. This efficiency accelerates their integration into productive roles, boosting employment rates swiftly.; ; We also prioritize inclusivity, designing our solutions to be accessible from anywhere. This flexibility enables part-time workers and remote employees, who may face traditional barriers to employment, to contribute effectively from their preferred environments. Our technology thus opens doors for a diverse range of individuals to participate in and benefit from the workforce.; ; As a company committed to growth and development, we invest heavily in our team. We offer specialized training programs that not only increase our team members' technical proficiency but also lead to recognized qualifications and certifications. This focus on continuous professional development ensures that our staff are equipped with cutting-edge skills, enhancing their career prospects and contributing to the overall skill base of the industry.; ; Through these strategic initiatives, we not only foster a more inclusive and skilled workforce but also contribute to reducing economic disparities by enabling more people to engage successfully in the digital economy.

  Equal opportunity

  Our business applications are designed to address economic inequality by fostering equal opportunities across the workforce. By creating user-friendly and accessible systems, we notably reduce the training time required for new starters, enabling quicker integration into productive roles. This approach is particularly beneficial in supporting disabled individuals, helping to bridge the disability training gap through tailored features that facilitate the development of new skills.; ; Additionally, our technology promotes workplace progression by providing tools that are easy to use and learn, which is essential for people who face barriers to employment. This inclusivity ensures that everyone, regardless of their circumstances, has the opportunity to contribute effectively and advance within their careers.; ; As a company committed to nurturing talent, we offer specific training programmes that not only enhance our team members' technical abilities but also lead to recognised qualifications and certifications. These initiatives are aimed at upskilling our customers' staff and teams, enabling them to move into higher-paid roles and thereby reducing economic disparities.; ; Through these strategic efforts, we not only support our customers in creating more equitable workplace environments but also commit to the growth and development of our own team, ensuring they are well-equipped to meet the challenges of the digital economy.

  Wellbeing

  Our business applications are not only designed to enhance operational efficiency but also to support the wellbeing of our customers' workforce. By fostering a user-friendly environment, our solutions help alleviate stress and promote a positive work atmosphere, contributing significantly to employee satisfaction and mental health.; ; A cornerstone of our development process is our commitment to collaboration and inclusion. We employ agile development methodologies, which allow us to work closely with our customers through iterative sprints and frequent feedback loops. This approach ensures that the solutions we develop are finely tuned to the real needs of the people who will use them every day.; ; During the development process, we actively engage with a broad range of stakeholders from our customer's organisation, including front-line staff and end-users. This inclusive strategy allows us to gather diverse insights and preferences, which inform the functionality and usability of our applications. By involving users early and often, we facilitate a sense of ownership and acceptance among the workforce, which is crucial for the successful adoption of new technologies.; ; Ultimately, our goal is to deliver solutions that not only meet the specified requirements but also support a thriving community of users. By building these communities, we help our customers foster a collaborative environment where continuous feedback and shared experiences drive collective success and innovation.

Pricing

• Price: £725 a unit a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A vanilla free trial (i.e. without customisations) is available for a duration of 30 days.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.