Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 1: Cloud hosting
  3. Azure Hosting Services
CACI UK Ltd

Azure Hosting Services

CACI offers the full range of Microsoft Azure services, which can be combined with CACI's support services to provide a fully managed cloud service.

Azure allows the rapid deployment and scalability of infrastructure and application services with a vast array of fully featured resources being available globally.

Features

  • Microsoft Azure cloud services procured and managed on your behalf
  • Managed Azure service with a single point of contact
  • Cloud Infrastructure planning, migration and implementation
  • Application Development using serverless architectures
  • Integration services using Microsoft BizTalk and Logic Apps
  • Ability to support a broad range of workloads and technologies
  • Tools to build highly available, scalable applications
  • Accredited Microsoft Gold Partner
  • Capable of hosting OFFICIAL information assets
  • NCSC Cloud Security Principles aligned, Security Cleared (SC) staff available

Benefits

  • Rapidly provision services in data centres across the globe
  • Maintain service availability through peaks of demand
  • Scale compute services to meet demand using automated functions
  • Scale to petabytes of data storage on demand
  • Manage cost by paying for services based on consumption/usage
  • Highly reliable environment with geographical replication capability
  • Always-on monitoring and automatic network attack mitigation
  • Ensure the security data in transit to and from Azure
  • Make data available to processes and services that unlock value
  • Increase agility with automated deployment and 24x7 DevOps support

Pricing

£0.02 a virtual machine an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 6 4 1 3 7 9 3 2 9 1 3 3 3 4

Contact

CACI UK Ltd CACI Digital Marketplace Sales Team
Telephone: 0207 602 6000
Email: digital.marketplace@caci.co.uk

Service scope

Service constraints
None
System requirements
Suitable WAN Connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Between 8 and 1 hour depending on support plan purchased See https://azure.microsoft.com/en-gb/support/plans/
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
For more information about accessibility with enterprise or commercial products, please visit the enterprise Disability Answer Desk.
Web chat accessibility testing
None
Onsite support
No
Support levels
See https://azure.microsoft.com/en-gb/support/plans/
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CACI's Cloud Support services can provide design, build, adoption and migration support for new customers across both infrastructure and application development. Assisting with the migration from an existing cloud service or on-premises, our team of certified consultants offer full end-to-end support.

In addition to our consultancy support, Microsoft provide a range of resources to help customers get started on our cloud services platforms. These include: comprehensive documentation (in multiple formats), introductory videos, hands-on labs, online and in-person training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customer are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
End-of-contract process
Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1

Using the service

Web browser interface
Yes
Using the web interface
See https://azure.microsoft.com/en-gb/features/azure-portal/
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Management of the customer's Azure platforms is conducted via the Azure portal at: https://portal.azure.com/.
Customers have full access to setup and can make changes to their Azure platform and network infrastructure through this management interface.
API
Yes
What users can and can't do using the API
Users are able to utilise the Azure API Management service to create their own API's for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal.

Available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • ODF
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.

See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Microsoft currently has On Demand Capacity Reservation in preview https://docs.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • AD, Server, Service, Configruation Stores, Spring
  • Automation, Private Cloud, Batch, Workspaces, Accounts,
  • Blockchain Members, Bot Services, Redis, App Firewall policies,
  • Profiles, Roles, VM's, Storage acocunts, blob services, file services,
  • Queue services, table services, pools, nodes, communication services,
  • Disks, container groups, registries, managed clusters
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
Azure Key Vault & Azure Active Director see https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest?msclkid=b2f26c8ea91a11ecac8f8d24fb4e36fc
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • On-premises
  • Server (MABS) agent to protect on-premises VMs (Hyper-V and VMware)
  • Azure VMs
  • Azure Managed Disks
  • Azure Files shares
  • SQL Server in Azure VMs
  • SAP HANA databases in Azure VMs
  • Azure Database for PostgreSQL servers
  • Azure Blobs
Backup controls
By assigning Azure Policies in Backup Center
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Microsoft’s approach to enabling two layers of encryption for data in transit is:
Transit encryption using Transport Layer Security (TLS) 1.2. All traffic leaving a datacenter is encrypted in transit, even if the traffic destination is another domain controller in the same region. TLS 1.2 is the default security protocol used. TLS provides strong authentication, message privacy, and integrity (enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, and ease of deployment and use.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Transit encryption using Transport Layer Security (TLS) 1.2. All traffic leaving a datacenter is encrypted in transit, even if the traffic destination is another domain controller in the same region. TLS 1.2 is the default security protocol used.

Additional layer of encryption provided at the infrastructure layer. Whenever Azure customer traffic moves between datacenters-- outside physical boundaries not controlled by Microsoft or on behalf of Microsoft-- a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards is applied from point-to-point across the underlying network hardware.

Availability and resilience

Guaranteed availability
See SLA's for each service here https://azure.microsoft.com/en-gb/support/legal/sla/summary/?msclkid=0132c6f0a91b11ec927496d95a52a9a9
Approach to resilience
Network reliability through intelligent software
Safe Deployment with AIOps
Resiliency threat modeling for large distributed systems
Low and no impact maintenance
For more detail please see https://azure.microsoft.com/en-us/features/reliability/#features
Outage reporting
Through Azure Service Health which gives personalised alerts and guidance for Azure service issues

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
"Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods?msclkid=b2a138a1a92d11ec918375623c320dc1"
Access restrictions in management interfaces and support channels
Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
Access restriction testing frequency
Never
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
"Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.

For more information: https://docs.microsoft.com/en-gb/azure/role-based-access-control/overview"
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
01/01/2022
What the ISO/IEC 27001 doesn’t cover
Please see https://docs.microsoft.com/en-gb/compliance/regulatory/offering-ISO-27001?view=o365-worldwide
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
12/02/2019
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
None
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
01/11/2017
What the PCI DSS doesn’t cover
FACT
FedRamp
NIST 800-171
FIPS 140-2
CCSL (IRAP)
ENISA IAF
CDSA
ISO 27001 (ISMS), 27017 (Cloud Security) and 27018 (Personal Data), 22301 (Business Continuity) and 9001 (Quality Management)
SOC 1, SOC 2, SOC 3Machine Learning Studio (Classic)
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • FACT
  • FedRamp
  • NIST 800-171
  • FIPS 140-2
  • CCSL
  • ENISIA IAF
  • CDSE
  • ISO: 27001 27017 / 27018, 22301 (Business Continuity) and 9001
  • SOC:1,2,3

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
EN 301 549, ENISA IAF, EU Model Clauses, UK Cyber Essentials Plus, UK NPIRMT, CIS Hardened images, SOC 1 Type 2, SOC 2 Type 2
Information security policies and processes
Microsoft has policies for infrastructure security, physical security, abailability, components & boundaries, network architecture, production network, SQL DB, operations, monitoring, integrity and data protection. For more information please visit https://docs.microsoft.com/en-gb/azure/security/fundamentals/infrastructure-availability

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability management recommendations focus on addressing issues related to continuously acquiring, assessing, and acting on new information in order to identify and remediate vulnerabilities as well as minimizing the window of opportunity for attackers.
1: Run automated vulnerability scanning tools
2: Deploy automated operating system patch management solution
3: Deploy automated patch management solution for third-party software titles
4: Compare back-to-back vulnerability scans
5: Use a risk-rating process to prioritize the remediation of discovered vulnerabilities
For more information https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Defender for Cloud helps prevent, detect and respond to threats. Defender for Cloud gives increased visibility and control of the security of your Azure resources as well as those in your hybrid cloud environment.

Defender for Cloud performs continuous security assessments of your connected resources and compares their configuration and deployment against the Azure Security Benchmark to provide detailed security recommendations for your environment.

Additionally, Intelligent Security Graph provides real-time threat protection in Microsoft products and services using advanced analytics that link a massive amount of threat intelligence and security data to provide insights that can strengthen organizational security.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Please see https://www.microsoft.com/en-us/corporate-responsibility/sustainability

Social Value

Fighting climate change

Fighting climate change

As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain.
This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:
-Awareness of environmental impact through procedures and controls
-Acceptance of responsibility through environmental management systems
-Reducing harmful impacts via environmental policies
-Displaying community responsibility via staff training and awareness

We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.
CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2050, with a baseline period set from July 2020 to June 2021. We project that carbon emissions for scope 1 and scope 2 will decrease over the next five years to 300 tCO2e by 2026. This is a reduction of 9% on the baseline.
CACI have purchased a licence for Carbon Expert Professional allowing tracking of Scope 1, 2 and 3 emissions, which allows us to robustly assess achievement of targets. Our CRP is reviewed and updated quarterly allowing regular tracking of emissions targets.
Covid-19 recovery

Covid-19 recovery

CACI has had to adapt significantly the COVID-19 pandemic struck. Our adaptations range widely across the business, including staff, supplier and customer engagement. By enabling remote working for staff and digital delivery from our supply chain, we have been able to continue delivering our services to customers.

In response to COVID-19, CACI has become a member of the Emergent Alliance (EA). EA is a not-for-profit community, aiming to better inform organisations, businesses and Government economic decision-making. It draws on a diverse collaboration of corporations, individuals, Non-Governmental Organisations (NGOs) and the Government.

Since the beginning of the pandemic, CACI’s immediate concern has been the safety and wellbeing of staff. As a leading business in the digital industry, we have adapted quickly to working remotely through the use of technology and training, with minimal impact on our staff or delivery of services.

CACI has implemented a range of measures by carrying out COVID-19 risk assessments, in line with government guidance, across all offices. These took account of staff numbers, layout and facilities. Steps put in place include:

-Enhanced cleaning regimes and better ventilation
-Hand sanitiser stations
-New desking plans and working regimes to maintain social distancing
-Clear COVID-19 signage located around offices
-Restrictions on communal areas, e.g. kitchens, toilets, stairs, walkways etc.
-Clear reporting and escalation protocol for breaches or reports of COVID-19.

As of today, we still maintain a hybrid working stance. We are conscious that the new-normal may mean more remote working than pre-COVID-19, and as an employer we are offering continued flexibility. This seeks to reduce travel and office occupancy.
Tackling economic inequality

Tackling economic inequality

CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services.
CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.
We are focussed on creating opportunities from the following groups who experience barriers to employment :
-Long term unemployed
-Armed forces veterans
-Mothers returning to work
-Care leavers
Equal opportunity

Equal opportunity

CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes.
CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces.
Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level.
CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment.
CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.
CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.
Wellbeing

Wellbeing

CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.
Promotion of an Open Culture around Mental Health:
-Team of 18 Mental Health First Aiders
-Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health

Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:
-Regular check-ins for staff and our contractor workforce
-Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing
-Free 24/7 professional counselling
-Private healthcare and health and wellbeing plan (extendable to family members/dependents)
-Employee Assistance Programme
-Discounted gym memberships
-Physiotherapy
-Medical services
-Mental Health First Aider programme
-Stress assessments

Proactively ensure work design and organisational culture to drive positive mental health outcomes
-Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees
-Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities
-Open and honest communications at all levels throughout the organisation

Increased organisational confidence and capability:
-Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues
-Line Managers and Career Coaches trained in aspects of mental health

Provide mental health tools and support:
-Formal Mental Health First Aid Programme including a team of MHFAs
Increase transparency and accountability through internal and external reporting:
-Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

Price
£0.02 a virtual machine an hour
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Please see https://azure.microsoft.com/en-gb/free
Link to free trial
https://azure.microsoft.com/en-gb/free/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.