Ultima Business Solutions Ltd

Ultima AvePoint Cloud Management for Office 365

Reduce the administration overhead associated with Office 365 by centrally managing configuration tasks and permissions. Address issues in bulk such as policy violations. Ensure content is available to the right users when it is needed.

Features

• Manage security settings, configurations, and content through a single platform.
• Control sites and site collections with batch mode.
• Utilise rule-based search capabilities to quickly manage Office 365 objects.
• Report on global Office365 security settings and content type usage.
• Restrict access to and sharing of content both internally/externally.
• Monitor for, automatically notify, or adjust unauthorised or out-of-policy changes.
• Allow administrators to search for/manage native user and group permissions
• Granular deployment of select SharePoint objects and customizations
• Copy/move/restructure sites, workspaces, content, and topology within/across Office 365 tenants
• Tenant-to-tenant migrations are up to ten times faster than before

Benefits

• Centralize and simplify Office 365 administrative functions.
• Discover problems through administrative search and fix issues in bulk.
• Comprehensive reporting on content/users/configurations-all through a single pane of glass.
• Highlight gaps between your intended governance policies and current state.
• Find out who has access to what content, take action.
• Seamlessly move or copy content in bulk across Office365 instances.
• Easily deploy new designs, customizations, and configurations.
• Publish content and synchronize changes within/across Office 365 instances.

£0.81 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbids@ultima.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

255764192487971

Contact

Ultima Bid Office
+44333 0158000
publicsectorbids@ultima.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office365, Microsoft365
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Requirements are defined in the user guide.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: This is available through https://www.avepoint.com/products/support
• Onsite support: Yes, at extra cost
• Support levels: We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding services are defined and agreed in a Statement of Work
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may request a copy of the data via our support team.
• End-of-contract process: The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
• API: Yes
• What users can and can't do using the API: APIs will allow invocation of services configured in AvePoint Cloud Governance.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: We employ a number of methods including elastic scaling to manage performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Administration and Audit Reports provide basic information on all site collections, sites, Office 365 users, Office 365 Groups, and Microsoft Teams managed by AvePoint Cloud Governance.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AvePoint

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Not applicable
• Data export formats: Other
• Other data export formats: Not applicable
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is set within the SLA
• Approach to resilience: AvePoint leverages Microsoft Azure for hosting it's cloud services. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
• Outage reporting: AvePoint will notify customer's of any outages or service interruptions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All authentication is carried out against Microsoft Azure or any support Azure authentication method
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ControlCase
• ISO/IEC 27001 accreditation date: 29/06/2018
• What the ISO/IEC 27001 doesn’t cover: Everything within scope of this product is covered by the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001 and Cyber Essentials

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change Management is documented, requested, reviewed, approved, tested, and finally followed out during off hours in order to have minimal effect on customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
• Incident management type: Supplier-defined controls
• Incident management approach: Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Fighting climate change; ; AvePoint are a Cloud based delivery organisation therefore reduce the impact of running Datacenters in the organisations

  Covid-19 recovery

  Covid-19 recovery; ; AvePoint are helping raising the Digital Skills in the region through education platforms

  Tackling economic inequality

  Tackling economic inequality; ; AvePoint are offering a Digital Inclusion for the digital deprived in the region to raise the skills and ability to find employment

  Equal opportunity

  Equal opportunity; ; AvePoint is a UK employer who has a full equal opportunity approach

Pricing

• Price: £0.81 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: It is possible to trial the product for a limited period.
• Link to free trial: https://www.avepointonlineservices.com/services Please contact Sales_UK@AvePoint.com to initiate a trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbids@ultima.com. Tell them what format you need. It will help if you say what assistive technology you use.