Altiatech Ltd

Microsoft Cloud Solutions Supplier (CSP)

Altiatech deliver the full stack of Microsoft products, services and Azure Cloud, ranging from license optimisation to full user adoption. Our expertise offers end-to-end support with license selection, configuration, migration and training to unlock productivity and security benefits. Altiatech is a Microsoft Gold Partner with expertise in several disciplines.

Features

• Competitive CSP pricing (less than RRP)
• A familiar Microsoft productivity suite that is rich in functionality
• Cloud based apps that work with desktop for seamless use
• Cross platform and anywhere access of Microsoft productivity suite
• A supported Microsoft productivity suite
• Access new product features on an ongoing basis
• Cloud migration from legacy to M365
• Instant cloud provisioning
• Highly secure, Highly available Azure Cloud

Benefits

• Cost savings for G-cloud customers
• Powerful tools help you work, learn, organise, connect, and create
• Desktop apps for intensive workloads that retain cloud collaboration
• Flexible working from anywhere and any device, with configurable access
• Obtain assistance for Microsoft 365 via an MS Gold Partner
• Continued release of features that enhance productivity and security
• Modernise the way you work with expert support
• Quick access to cloud resources when required
• Always access to a safe and reliable public cloud

£0.01 to £30,000 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODS

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at innovate@altiatech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

238875266035057

Contact

Fuad Uddin
03303325842
innovate@altiatech.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normally within 1-2 hours for critical events, up to 24 hours at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Severity A - Critical Business Impact – your business has experienced a significant loss or degradation of services, requiring immediate attention.; ; Severity B - Moderate Business Impact – you have a loss or degradation of services, but your organisation can still function.; ; Severity C - Minimum Business Impact – you have an issue, but it has a small impact on your business.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: New customers can be technically on-boarded within a matter of days using Altiatech’s automated secure configuration templates. A standard requirement gathering exercise will be managed by Altiatech to review the customer’s technical prerequisites, including - network connectivity, email domain name configuration, key points of contact, system integration requirements and hand over and training.; Prior to the execution of the Order, the Supplier and the Buyer will agree the scope of the plan for the G-Cloud Services and a timescale for delivering to ensure continuity of service.; Altiatech can provide additional consultancy to facilitate on-boarding and off-boarding should a Buyer have specific requirements they may wish Altiatech to consider. A typical onboarding process will consist of the following activities:; ; • Agree scope of service, including duration, applications to be made available and any additional networking requirements; • Provision of service; • User testing; • Full deployment; • Provision of user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The service is designed so that customers have the ability to extract their data from the service at any time. Upon termination or expiration of the customer’s subscription, the customer may contact Altiatech and request that their accounts be disabled and all data deleted. Requests to Altiatech can be made in line with our Data Protection Policy.
• End-of-contract process: Contract Termination of G Cloud services is in accordance with the Altiatech G-Cloud Terms and Conditions. Our services are for a minimum of one year. Thereafter, options for an annual rolling contract or monthly rolling contracts will commence, with different pricing per month between annual rolling contract versus monthly rolling contract.; Termination of an annual rolling contract is a minimum thirty (30) days’ notice period before the end of the annual contract period and thirty (30) days’ notice for a monthly contract. Altiatech will hold annual commitment reviews to maintain service quality and appraise ongoing delivery and customer experience. Termination of annual contracts before the minimum term are liable for the full contract year, unless there is evidence of force majeure, or some other mutual agreement has been reached.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Differences are due to the way users can make use of BYOD, where sandbox environments can be established to securely segregate data. While the interface may be different, the functionality around security is maintained.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web browser for portal access to self-manage different levels of cybersecurity, including network levels and endpoints.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: https://www.microsoft.com/en-us/accessibility/approach
• API: Yes
• What users can and can't do using the API: APIs connectors can be used to integrate different systems as part of a wider security solution. Some limitations may be present, depending on the selected vendor partners and the technologies we are deploying.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation will be dependant on the scope of the security challenges, where the solution will be tailored to meet the organisation's business needs that fulfil security outcomes within budget.

Scaling

• Independence of resources: Our cyber security services are tailored to each organisation's requirements and make use of the organisation's own committed resources to ensure there is minimal capacity related issues. Where certain services make use of public cloud resources (e.g. Microsoft Azure), vendor partners of such resources already demonstrate that they have highly available resources to ensure all customers are sufficiently catered for.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can vary widely but are centred around security related events. These can include threats detected/quarantined, unlikely/impossible logons, number of privileged access requests, number of cyber attack attempts, etc
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The service is designed so that customers have the ability to extract their data from the service at any time. Upon termination or expiration of the customer’s subscription, the customer may contact Altiatech and request that their accounts be disabled and all data deleted, or the customer data is retained in a limited function for a maximum of 28 days after expiration or termination of the service so that further data may be extracted. Email can be exported as PST files, and other file data (e.g. spreadsheets, presentations) can be downloaded.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Uptime is 99.99% and we leverage vendor partners for their dedicated cloud resources. Refunds for downtime will be passed on to organisations following a successful claim from a vendor if a vendor is at fault.
• Approach to resilience: https://docs.microsoft.com/en-us/compliance/assurance/assurance-m365-service-resiliency
• Outage reporting: https://docs.microsoft.com/en-us/microsoft-365/enterprise/view-service-health?view=o365-worldwide

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Use of Privileged Access Management (PIM) and/or elevated admin credentials.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 29/07/2021
• What the ISO/IEC 27001 doesn’t cover: Systems development (N/A) Software development (N/A) Monitoring and review of supplier services (suppliers have their own controls)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Altiatech are certified to the ISO/IEC 27001 standard and have adopted Information and Security, Data Protection and Acceptable Use policies, amongst others, that contribute to high quality security management.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Assets, including virtual, and physical, are tracked through our IT Service Management Tool. This includes a history of changes applied to them throughout their lifetime. Security impact is always considered with configuration and change approaches with tests undertaken in dev environments that mitigate security and performance risks.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Altiatech is protected by SentinelOne, which provides endpoint protection and remediation. SentinelOne uses multiple AI engines to protect against threats. This signature-less approach requires no daily/weekly updates, recurring scans and performs better than other AV management solutions. Altiatech uses Windows Defender, which comes natively with Windows 10 Enterprise is also installed on all computers with definitions set to update regularly for our support engineers. Our devices have restricted access based on user access controls and functionality and elevated admin credentials. Patches are deployed to services readily though our patch management tools. We acquire information of threats from existing AV solutions.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Using proactive network monitoring tools and threat detection and containment tools, we are able to identify compromised points within our services. Our responses are immediate with threat management tools and immediately trigger notifications to support engineers for investigation within 15 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: Altiatech has a documented Incident Response Plan that includes steps to respond to security incidents including identification, investigation, response, mitigation, customer notification, and root cause analysis. Our processes are aligned to ISO 27001 and ISO 20000.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Altiatech enforces its Environmental Sustainability Policy, which includes measures such as: work from home to reduce carbon emissions from travel; travel only when necessary; and discourage paper use and printing. Furthermore, Altiatech encourages flexible working technologies for its customers, which enables disparate workforces to collaborate and reduce carbon footprint from reduced travel.
• Covid-19 recovery:

  Covid-19 recovery

  Altiatech encourages flexible working technologies for its staff and customers, which enables disparate workforces to collaborate and reduce carbon footprint from reduced travel. By enabling remote teams from collaborating, Altiatech has maintained trading and operations throughout the height of the pandemic and safeguarded its employees jobs, as well as supported vital customers, including major hospitals, with the means to continue functioning.
• Tackling economic inequality:

  Tackling economic inequality

  Altiatech provides opportunities for part-time hours and flexible hours that enable its workforce to support their dependents, whilst giving them continued employment to meet their economic needs. Altiatech also provides annual salary increases and exceeds the national minimum wage. Altiatech also offers bonuses to its personnel that are reflective of the businesses performance.
• Equal opportunity:

  Equal opportunity

  Altiatech is an equal opportunities employer and is committed to non-discrimination.
• Wellbeing:

  Wellbeing

  Altiatech is committed to the wellbeing of its staff and personnel and offers its workforce access to a wellbeing service for any issues that they may experience.

Pricing

• Price: £0.01 to £30,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trials are available from Microsoft for Enterprise Mobility Suite + Security, Microsoft 365, Office 365, Dynamics 365, Viva and Visio. Trials are also available for Microsoft Azure (public cloud). Trials typically last 30 days.

Service documents

• Pricing document

  ODS

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at innovate@altiatech.com. Tell them what format you need. It will help if you say what assistive technology you use.