Essential Computing

AvePoint Cloud Backup for Microsoft 365, Dynamics 365, Salesforce, Google, Azure, Power Platform

AvePoint Cloud Backup ensures resiliency of service in the event of disaster. Complete protection for Office 365, Dynamics 365, Salesforce, Google Workspace, Azure and Power Platform. Keep business-critical emails, calendars, sites, groups, teams, projects, files, and conversations secured with unlimited, automatic backup. Locate and recover lost content with item-level restore.

Features

• Automated Backup of M365 services, Dynamics 365, Salesforce and Azure
• Groups, Teams, Email, VivaEngage, SharePoint, Project, OneDrive, Planner, Public Folders
• Store encrypted-by-default backups in AvePoint's Azure or your own storage
• Search and export email/OneDrive data for data subject requests (DSAR)
• Granular Data Restores to item version level
• Near-zero configuration for daily backup plans
• Offline restores. Search and remove for Right-to-be-Forgotten Requests.
• Run up to 4 backups daily.

Benefits

• Fast deployment, get up and running quickly.
• Planning, configuration & support from knowledgeable UK team.
• Protect business data across the entire organisation
• New features added regularly as Microsoft 365 evolves
• Subscription consumption reporting; monitor what's being used.
• Delegate restores to power- or end-users, removing bottlenecks, increasing efficiency
• Bring-Your-Own-Authentication, Encryption Keys, and Storage for added security

£0.85 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@essential.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

302216996814195

Contact

Clare Knight
01275 343199
info@essential.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft 365, Microsoft SharePoint, Dynamics 365, Salesforce, Microsoft Office 365, Azure, Azure Active Directory, Microsoft Entra ID, Google Workspace, Power Platform
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Supplier support Within 1 hour Monday to Friday UK Office hours 9-5pm.; AvePoint vendor support available 24/7 Monday to Friday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Please contact us for further information about web-chat usage by assistive technology users and to discuss testing.
• Onsite support: Yes, at extra cost
• Support levels: We provide a range of support levels and technical development to our clients depending on their specific needs and our commercial contract with them.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide an onboarding service which starts with a planning workshop, to agree the outcomes and requirements. Once these are documented and agreed, the AvePoint environment is provisioned. The Essential technical team will remotely assist with configuration in line with the agreed requirements, and then follow up 4-6 weeks later to check in. Full product documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may request a copy of the data via our support team. Large amounts of data may incur a charge.
• End-of-contract process: Data is removed from the system and reclaimed as free Azure storage.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users have access to available functions through the GUI based on their permissions or role.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: AvePoint complies with common accessibility guidelines. In addition, extensive Quality Assurance testing is performed before any release. Customers can optionally subscribe to "Insider Releases" to gain early access to updates, and provide feedback.
• API: No
• Customisation available: No

Scaling

• Independence of resources: Not disclosed.

Analytics

• Service usage metrics: Yes
• Metrics types: Comprehensive audit data displays all activity. Dashboards provide insight into license & storage consumption
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AvePoint

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data Export feature is initiated from the user interface. Conditions apply on data volumes. For bulk export of all backup data, contact Support.
• Data export formats: Other
• Other data export formats:
  • PST for email
  • Format of the file(s) for OneDrive or SharePoint data
• Data import formats: Other
• Other data import formats: Not applicable - supported Microsoft 365 file types are supported.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: AvePoint guarantee 99.95% service availability.
• Approach to resilience: It is built upon Azure architecture which has this design concept in mind.
• Outage reporting: Portal alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All authentication is carried out against Microsoft Azure or any supported Azure authentication method.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Kompleye
• ISO/IEC 27001 accreditation date: 21.6.2021
• What the ISO/IEC 27001 doesn’t cover: Nothing.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 29.3.2017
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: None.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC2
  • FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: AvePoint has implemented, and maintains, a comprehensive set of security policies that satisfies the requirements set forth below.; ; AvePoint reviews its security policies regularly, and particularly following any changes in applicable law, advances in technology or changes to AvePoint’s information systems, in order to verify that the security policies and controls set out therein remain accurate, comprehensive, and up to date.; AvePoint has appropriate separation of duty (SOD) controls implemented for all system administration user roles that manage Customer’s Client Data or confidential information. All SOD are configured for least privileged access to limit AvePoint’s access to Customer information and will ensure that no single person has the ability to manipulate the hardware, software, or processing of the Services to commit fraud or perform unauthorized actions without the oversight of another person.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: AvePoint has a documented and functional configuration and change management process which includes testing of all changes in production environments and documented approval process of changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: AvePoint utilizes appropriate security measures, including: (i) encryption during the transmission or storage of customer provided data at all times, to the current national recognized industry standards, such as the Advanced Encryption Standard (AES 256); (ii) maintaining an intrusion and vulnerability management program; (iii) centrally managed and automatically updating anti-malware technology; (iv) tracking and monitoring of all access to network resources; and (v) appropriate technological measures to prevent data leakage.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: AvePoint carries out tracking and monitoring of all access to network resources. AvePoint has in place an incident response program to mitigate, detect and respond to security incidents which includes the tools to find, eliminate or isolate the cause of any such security incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: AvePoint has in place an incident response program to mitigate, detect and respond to security incidents which includes the tools to find, eliminate or isolate the cause of any such security incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to reducing our environmental impact as part of how we operate as a digital business.; As a digital services provider, we enable our customers to realise sustainable hybrid workplaces for positive wellbeing and environmental impact through the technology solutions we provide, and through the way we collaborate to implement the solutions for long term success.; Our focus is on reducing energy and resource usage, reducing the need to travel where possible, and enabling team communications and education to support these objectives. We proactively support our customers, and vendors to do the same by delivering projects in a way which considers environmental factors at the planning stage. ; In recent years, we have reduced our office footprint to support hybrid working, minimising travel requirements for our teams. Our services are delivered fully remotely to customers, to pass on the same benefits.

  Equal opportunity

  We provide technology solutions which help level the playing field for people across the workforce. Accessibility is a key consideration, and we work with solutions which integrate with Microsoft’s advanced accessibility capabilities wherever possible

  Wellbeing

  The solutions we provide are aimed at making day to day working life better for the people using it, by enabling them to achieve more from within their Microsoft365 applications, reducing digital friction.; Doing the right thing is a core value of our business. This starts with commitment to our team, to be a responsible, fair and supportive employer, by offering a safe and welcoming environment to do their best work and providing development pathways where possible.; Our belief is that if our people are supported well, they can do the best they can for our customers.; Underpinning all the above, is the choice to work with vendors with aligned values in terms of their positive impact on their people, teams, partners, and customers.

Pricing

• Price: £0.85 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Contact us for details.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@essential.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.