Azure Hosting Services
CACI offers the full range of Microsoft Azure services, which can be combined with CACI's support services to provide a fully managed cloud service.
Azure allows the rapid deployment and scalability of infrastructure and application services with a vast array of fully featured resources being available globally.
Features
- Microsoft Azure cloud services procured and managed on your behalf
- Managed Azure service with a single point of contact
- Cloud Infrastructure planning, migration and implementation
- Application Development using serverless architectures
- Integration services using Microsoft BizTalk and Logic Apps
- Ability to support a broad range of workloads and technologies
- Tools to build highly available, scalable applications
- Accredited Microsoft Gold Partner
- Capable of hosting OFFICIAL information assets
- NCSC Cloud Security Principles aligned, Security Cleared (SC) staff available
Benefits
- Rapidly provision services in data centres across the globe
- Maintain service availability through peaks of demand
- Scale compute services to meet demand using automated functions
- Scale to petabytes of data storage on demand
- Manage cost by paying for services based on consumption/usage
- Highly reliable environment with geographical replication capability
- Always-on monitoring and automatic network attack mitigation
- Ensure the security data in transit to and from Azure
- Make data available to processes and services that unlock value
- Increase agility with automated deployment and 24x7 DevOps support
Pricing
£0.02 a virtual machine an hour
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 6 4 1 3 7 9 3 2 9 1 3 3 3 4
Contact
CACI UK Ltd
CACI Digital Marketplace Sales Team
Telephone: 0207 602 6000
Email: digital.marketplace@caci.co.uk
Service scope
- Service constraints
- None
- System requirements
- Suitable WAN Connectivity
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Between 8 and 1 hour depending on support plan purchased See https://azure.microsoft.com/en-gb/support/plans/
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- For more information about accessibility with enterprise or commercial products, please visit the enterprise Disability Answer Desk.
- Web chat accessibility testing
- None
- Onsite support
- No
- Support levels
- See https://azure.microsoft.com/en-gb/support/plans/
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
CACI's Cloud Support services can provide design, build, adoption and migration support for new customers across both infrastructure and application development. Assisting with the migration from an existing cloud service or on-premises, our team of certified consultants offer full end-to-end support.
In addition to our consultancy support, Microsoft provide a range of resources to help customers get started on our cloud services platforms. These include: comprehensive documentation (in multiple formats), introductory videos, hands-on labs, online and in-person training. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customer are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
- End-of-contract process
- Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1
Using the service
- Web browser interface
- Yes
- Using the web interface
- See https://azure.microsoft.com/en-gb/features/azure-portal/
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
-
Management of the customer's Azure platforms is conducted via the Azure portal at: https://portal.azure.com/.
Customers have full access to setup and can make changes to their Azure platform and network infrastructure through this management interface. - API
- Yes
- What users can and can't do using the API
-
Users are able to utilise the Azure API Management service to create their own API's for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal.
Available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx - API automation tools
-
- Ansible
- Chef
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- ODF
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
-
Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.
See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Microsoft currently has On Demand Capacity Reservation in preview https://docs.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview
- Usage notifications
- Yes
- Usage reporting
-
- API
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- AD, Server, Service, Configruation Stores, Spring
- Automation, Private Cloud, Batch, Workspaces, Accounts,
- Blockchain Members, Bot Services, Redis, App Firewall policies,
- Profiles, Roles, VM's, Storage acocunts, blob services, file services,
- Queue services, table services, pools, nodes, communication services,
- Disks, container groups, registries, managed clusters
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Never
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Other
- Other data at rest protection approach
- Azure Key Vault & Azure Active Director see https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest?msclkid=b2f26c8ea91a11ecac8f8d24fb4e36fc
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- On-premises
- Server (MABS) agent to protect on-premises VMs (Hyper-V and VMware)
- Azure VMs
- Azure Managed Disks
- Azure Files shares
- SQL Server in Azure VMs
- SAP HANA databases in Azure VMs
- Azure Database for PostgreSQL servers
- Azure Blobs
- Backup controls
- By assigning Azure Policies in Backup Center
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
-
Microsoft’s approach to enabling two layers of encryption for data in transit is:
Transit encryption using Transport Layer Security (TLS) 1.2. All traffic leaving a datacenter is encrypted in transit, even if the traffic destination is another domain controller in the same region. TLS 1.2 is the default security protocol used. TLS provides strong authentication, message privacy, and integrity (enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, and ease of deployment and use. - Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
Transit encryption using Transport Layer Security (TLS) 1.2. All traffic leaving a datacenter is encrypted in transit, even if the traffic destination is another domain controller in the same region. TLS 1.2 is the default security protocol used.
Additional layer of encryption provided at the infrastructure layer. Whenever Azure customer traffic moves between datacenters-- outside physical boundaries not controlled by Microsoft or on behalf of Microsoft-- a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards is applied from point-to-point across the underlying network hardware.
Availability and resilience
- Guaranteed availability
- See SLA's for each service here https://azure.microsoft.com/en-gb/support/legal/sla/summary/?msclkid=0132c6f0a91b11ec927496d95a52a9a9
- Approach to resilience
-
Network reliability through intelligent software
Safe Deployment with AIOps
Resiliency threat modeling for large distributed systems
Low and no impact maintenance
For more detail please see https://azure.microsoft.com/en-us/features/reliability/#features - Outage reporting
- Through Azure Service Health which gives personalised alerts and guidance for Azure service issues
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Username or password
- Other
- Other user authentication
-
"Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods?msclkid=b2a138a1a92d11ec918375623c320dc1" - Access restrictions in management interfaces and support channels
- Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
- Access restriction testing frequency
- Never
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
-
"Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
For more information: https://docs.microsoft.com/en-gb/azure/role-based-access-control/overview" - Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 01/01/2022
- What the ISO/IEC 27001 doesn’t cover
- Please see https://docs.microsoft.com/en-gb/compliance/regulatory/offering-ISO-27001?view=o365-worldwide
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 12/02/2019
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- None
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire Systems Inc
- PCI DSS accreditation date
- 01/11/2017
- What the PCI DSS doesn’t cover
-
FACT
FedRamp
NIST 800-171
FIPS 140-2
CCSL (IRAP)
ENISA IAF
CDSA
ISO 27001 (ISMS), 27017 (Cloud Security) and 27018 (Personal Data), 22301 (Business Continuity) and 9001 (Quality Management)
SOC 1, SOC 2, SOC 3Machine Learning Studio (Classic) - Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- FACT
- FedRamp
- NIST 800-171
- FIPS 140-2
- CCSL
- ENISIA IAF
- CDSE
- ISO: 27001 27017 / 27018, 22301 (Business Continuity) and 9001
- SOC:1,2,3
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
- EN 301 549, ENISA IAF, EU Model Clauses, UK Cyber Essentials Plus, UK NPIRMT, CIS Hardened images, SOC 1 Type 2, SOC 2 Type 2
- Information security policies and processes
- Microsoft has policies for infrastructure security, physical security, abailability, components & boundaries, network architecture, production network, SQL DB, operations, monitoring, integrity and data protection. For more information please visit https://docs.microsoft.com/en-gb/azure/security/fundamentals/infrastructure-availability
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Vulnerability management recommendations focus on addressing issues related to continuously acquiring, assessing, and acting on new information in order to identify and remediate vulnerabilities as well as minimizing the window of opportunity for attackers.
1: Run automated vulnerability scanning tools
2: Deploy automated operating system patch management solution
3: Deploy automated patch management solution for third-party software titles
4: Compare back-to-back vulnerability scans
5: Use a risk-rating process to prioritize the remediation of discovered vulnerabilities
For more information https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Microsoft Defender for Cloud helps prevent, detect and respond to threats. Defender for Cloud gives increased visibility and control of the security of your Azure resources as well as those in your hybrid cloud environment.
Defender for Cloud performs continuous security assessments of your connected resources and compares their configuration and deployment against the Azure Security Benchmark to provide detailed security recommendations for your environment.
Additionally, Intelligent Security Graph provides real-time threat protection in Microsoft products and services using advanced analytics that link a massive amount of threat intelligence and security data to provide insights that can strengthen organizational security. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Please see https://www.microsoft.com/en-us/corporate-responsibility/sustainability
Social Value
- Fighting climate change
-
Fighting climate change
As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain.
This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:
-Awareness of environmental impact through procedures and controls
-Acceptance of responsibility through environmental management systems
-Reducing harmful impacts via environmental policies
-Displaying community responsibility via staff training and awareness
We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.
CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2050, with a baseline period set from July 2020 to June 2021. We project that carbon emissions for scope 1 and scope 2 will decrease over the next five years to 300 tCO2e by 2026. This is a reduction of 9% on the baseline.
CACI have purchased a licence for Carbon Expert Professional allowing tracking of Scope 1, 2 and 3 emissions, which allows us to robustly assess achievement of targets. Our CRP is reviewed and updated quarterly allowing regular tracking of emissions targets. - Covid-19 recovery
-
Covid-19 recovery
CACI has had to adapt significantly the COVID-19 pandemic struck. Our adaptations range widely across the business, including staff, supplier and customer engagement. By enabling remote working for staff and digital delivery from our supply chain, we have been able to continue delivering our services to customers.
In response to COVID-19, CACI has become a member of the Emergent Alliance (EA). EA is a not-for-profit community, aiming to better inform organisations, businesses and Government economic decision-making. It draws on a diverse collaboration of corporations, individuals, Non-Governmental Organisations (NGOs) and the Government.
Since the beginning of the pandemic, CACI’s immediate concern has been the safety and wellbeing of staff. As a leading business in the digital industry, we have adapted quickly to working remotely through the use of technology and training, with minimal impact on our staff or delivery of services.
CACI has implemented a range of measures by carrying out COVID-19 risk assessments, in line with government guidance, across all offices. These took account of staff numbers, layout and facilities. Steps put in place include:
-Enhanced cleaning regimes and better ventilation
-Hand sanitiser stations
-New desking plans and working regimes to maintain social distancing
-Clear COVID-19 signage located around offices
-Restrictions on communal areas, e.g. kitchens, toilets, stairs, walkways etc.
-Clear reporting and escalation protocol for breaches or reports of COVID-19.
As of today, we still maintain a hybrid working stance. We are conscious that the new-normal may mean more remote working than pre-COVID-19, and as an employer we are offering continued flexibility. This seeks to reduce travel and office occupancy. - Tackling economic inequality
-
Tackling economic inequality
CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services.
CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.
We are focussed on creating opportunities from the following groups who experience barriers to employment :
-Long term unemployed
-Armed forces veterans
-Mothers returning to work
-Care leavers - Equal opportunity
-
Equal opportunity
CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes.
CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces.
Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level.
CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment.
CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.
CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics. - Wellbeing
-
Wellbeing
CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.
Promotion of an Open Culture around Mental Health:
-Team of 18 Mental Health First Aiders
-Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health
Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:
-Regular check-ins for staff and our contractor workforce
-Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing
-Free 24/7 professional counselling
-Private healthcare and health and wellbeing plan (extendable to family members/dependents)
-Employee Assistance Programme
-Discounted gym memberships
-Physiotherapy
-Medical services
-Mental Health First Aider programme
-Stress assessments
Proactively ensure work design and organisational culture to drive positive mental health outcomes
-Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees
-Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities
-Open and honest communications at all levels throughout the organisation
Increased organisational confidence and capability:
-Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues
-Line Managers and Career Coaches trained in aspects of mental health
Provide mental health tools and support:
-Formal Mental Health First Aid Programme including a team of MHFAs
Increase transparency and accountability through internal and external reporting:
-Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement
Pricing
- Price
- £0.02 a virtual machine an hour
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Please see https://azure.microsoft.com/en-gb/free
- Link to free trial
- https://azure.microsoft.com/en-gb/free/