GIGASTREAM LIMITED

Microsoft Teams Phone

Gigastream offer the full range of Microsoft Teams Phone products, with pricing models for government, business, education and non-profits. We support Direct Routing or Microsoft Calling Plans. Solution offerings include SIP trunks and integrations to existing telephony platforms. Our managed service optimises licensing and provides access to premium support channels.

Features

• Microsoft 365 Teams Phone
• Productivity and collaboration with Office 365 solutions
• Unified Communications
• Voice, Video and Instant Messaging (IM)
• Discovery, compliance, archive, legal hold and DLP tools
• Single Sign On support with Azure Active Directory
• SIP and PSTN Integration
• Management and Support solutions for Microsoft 365
• Ensure GDPR, regulatory and security compliance with policies and tools
• Support with ISDN and PSTN withdrawal

Benefits

• Improved productivity
• Employee wellbeing
• Increased agility for your information workforce
• ITIL aligned incident management
• PRINCE2 aligned project management
• ISO 27001 aligned working practices
• Transform the way your knowledge workers operate
• Prepare for ISDN withdrawal
• Transition to modern communication tools

£7.20 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@gigastream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

285809120067080

Contact

Christopher Sharp
01865 304050
digitalmarketplace@gigastream.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Service descriptions for Microsoft 365 and Office 365 products are set out at https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx; Constraints may apply to the scope of cloud support work agreed with your organisation. These will be clearly documented in the Call-Off contract.
• System requirements:
  • Most modern web browsers are supported
  • Most modern mobile device handsets are supported
  • Extensive hardware endpoint support
  • System requirements differ per product
  • See https://www.microsoft.com/en-gb/microsoft-365/microsoft-365-and-office-resources

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets will receive an initial response within 15 minutes.; Support response times are dependent upon the service selected.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a variety of support levels as set out in our service description, including 24x7 access to premium Microsoft support channels
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Microsoft 365 cloud voice specialist will work with you to understand your business needs. The scope and nature of our engagement is flexible and can include defining your product requirements, integration needs, user details and security posture.; Gigastream Cloud Support Engineers and Consultants will work to define your strategy, plan and implement your migration and support your users.; An initial assessment, prior to contract award, will allow us to define the scope of work and plan any discovery activities prior to defining your project needs.; FastTrack for Microsoft 365 helps organisations accelerate deployment, migration, and adoption of their Microsoft 365 subscriptions - see; https://www.microsoft.com/en-gb/fasttrack/microsoft-365
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Details of how to extract data from Office 365 can be found at https://products.office.com/en-us/business/office-365-online-data-portability; Details on retention, deletion and destruction can be found at; https://docs.microsoft.com/en-gb/office365/enterprise/office-365-data-retention-deletion-and-destruction-overview
• End-of-contract process: Upon expiration or termination of your Office 365 subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.; A termination plan can be produced and agreed with you, which will be tailored to reflect appropriate roles and responsibilities.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile specific applications within the product portfolio have different features as set out in the Microsoft service descriptions
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Please see https://products.office.com/en-gb/business/office-365-administration
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Basic tests only using Microsofts built in accessibility tools.
• API: Yes
• What users can and can't do using the API: Full API details are available at https://docs.microsoft.com/en-gb/office/office-365-management-api/
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Please see https://docs.microsoft.com/en-us/Office365/ and https://products.office.com/en-gb/business/compare-more-office-365-for-business-plans for more information on Office 365 options.

Scaling

• Independence of resources: A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Analytics

• Service usage metrics: Yes
• Metrics types: Office 365 usage reports are available for your administrators in the Office 365 admin center. Please see https://support.office.com/en-us/article/activity-reports-in-the-office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263 for more information.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Details on data export can be found at https://products.office.com/en-us/business/office-365-online-data-portability
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
• Approach to resilience: Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560
• Outage reporting: Office 365 includes a service status portal

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control.; ; Administrative accounts have access to perform certain roles see; https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 18/06/2021
• What the ISO/IEC 27001 doesn’t cover: Assessment reports, certificates and further audit data is available directly from Microsoft at https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-iso-27001?view=o365-worldwide
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 02/12/2011
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Service scope for office 365 is decribed in this document: https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-csa-star-certification?view=o365-worldwide
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman & Company, LLC
• PCI DSS accreditation date: 31/06/2021
• What the PCI DSS doesn’t cover: The full scope of service is available at; https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-pci-dss?view=o365-worldwide
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NIST 800-171
  • ENISA IAF
  • ISO 27018
  • SOC 1, SOC 2
  • FEDRAMP
  • FIPS 140-2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Microsoft's Cloud services, are compliant with data protection standards and regulatory requirements, such as International Organization for Standardization (ISO), Service Organization Controls (SOC), National Institute of Standards and Technology (NIST), Federal Risk and Authorization Management Program (FedRAMP), and the General Data Protection Regulation (GDPR), NCSC.; The Microsoft Cloud Security Policy is available via the Service Trust Platform https://servicetrust.microsoft.com/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Gigastream is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We rely on vendor support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities by them.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Given the scale of Microsoft 365, it would be impossible to keep customer data resilient and safe from malware without built-in monitoring that is comprehensive, alerting that is intelligent, and self-healing that is fast and reliable. New mindsets and methodologies needed to be introduced, and whole new sets of technology needed to be created to operate and manage the service in a connected global environment. Microsoft have moved away from the traditional monitoring approach of data collection and filtering to create alerts to an approach that is based on data analysis.; ; https://docs.microsoft.com/en-gb/office365/Enterprise/office-365-monitoring-and-self-healing
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management processes are based around ITIL best-practice.; Incidents are categorised based on the incident type, severity and the impact on operations. The severity governs the rate at which an incident is progressed through the relevant support functions and the level of visibility which it is afforded across the organisation.; Post-incident and KPI reporting is dependent upon the service level selected.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Microsoft's commitment to sustainability and fighting climate change is set out at https://news.microsoft.com/climate/; The Office 365 product portfolio is part of the wider Microsoft ecosystem target to become water positive and carbon negative by 2030.
• Wellbeing:

  Wellbeing

  Viva Insights in Microsoft Teams helps improve employee productivity and wellbeing with data-driven, privacy-protected insights and recommendations.

Pricing

• Price: £7.20 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Some Office 365 products are available for a free trial period. Feature availability in free trials is product specific.; Please contact digitalmarketplace@gigastream.co.uk for more information
• Link to free trial: Please contact digitalmarketplace@gigastream.co.uk

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@gigastream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.