HSO Enterprise Solutions Limited

HSO Cloud Integration Services - API-first integration

HSO provides design, implementation, and support services for delivery of data analytics and insight, using Microsoft’s Data Platform and Azure cloud. We deliver expertise in data migration, modelling, automated ETL, analytics and visualisation, maximising value from your data. HSO brings a range of accelerators to deliver quicker return on investment.

Features

• Workshops to scope and define API Integration strategy.
• Detailed roadmap to delivery.
• Create an API catalogue and standards, following industry best practice.
• Security and Compliance modelling and reviews.
• Monitoring and observability of API usage and analytics.
• Connect internal systems from different suppliers.
• Structured connections to partner organisations data.
• Rigorous security, governance, and management of data.
• Role Based Access Control (RBAC)
• Defined access controls to maintain data security.

Benefits

• Connect disparate internal systems to improve efficiency and user experience.
• Eliminate data errors from manual data transfer across systems.
• Realise the dream and benefits of public sector data sharing.
• Real-time partner access, protected by rigorous security, governance and management.
• Reduce barriers to data through shared standards, methods and tools.
• Improve public service delivery by sharing data between partners.
• Keep staff safer with information sharing on risk.
• Streamline business-critical workflows and improve operational efficiency.
• Enable high availability, low-latency APIs by leveraging Azure integration features.
• Delivered by a Microsoft Inner Circle Partner with ISO27001 accreditation

£500 to £1,900 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-GCloud@hso.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

345836099888142

Contact

Michael Lonnon
07849087668
UK-GCloud@hso.com

Service scope

• Service constraints: None - The HSO Support Contract will state what solutions are being supported and the agreed Service Levels.
• System requirements:
  • Users typically need an Internet connection (some apps work offline).
  • Access to an HTML5 Compliant Web Browser - supports BYOD.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: HSO Support's Response times are dependent on severity of the case, starting from 15 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: HSO provide various Support Level options, starting from an Essential Agreement which is provided by purchasing blocks of Support hours. Further offerings, both reactive and proactive, are available as fixed price agreements, with the ability to raise unlimited Incidents, with unlimited hours spent to resolve them. ; ; All Customers will be assigned a dedicated Service Delivery Manager who will be responsible for all services delivered under the Support Agreement.; ; Within these agreements, there is a comprehensive Service Catalogue where customers can choose, and therefore only pay for, the services that they require.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: HSO can either tailor to client requirements or provide a standard, predefined solution, based on ITIL v3 processes and guidelines. Further information can be provided on request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We agree exit terms and processes at the time of contracting. The exact format turnaround and processes related to data extraction is determined at this point. Further details on demand. Subject to security controls, data can be exported using various methods including inbuilt data export tools and various third-party solutions.
• End-of-contract process: HSO will agree end of contract scenarios in advance with the Buyer and either tailor to client requirements or provide a standard, predefined solution, based on ITIL v3 processes and guidelines. Additional costs are determined on a case by case basis, dependent on size and complexity of activities.

Using the service

• Web browser interface: Yes
• Using the web interface: The API for Dynamics 365 is comprehensive, however, all API services are typically agreed separately with customers in line with their requirements.; ; Dynamics 365 unifies the capabilities of CRM business software and ERP systems by providing intelligent applications that seamlessly work together in the cloud. Please see this link for more information regarding Dynamics 365 REST API's::; ; https://docs.microsoft.com/en-us/rest/dynamics365/
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: As a reseller of Microsoft products and not the author, HSO have not explicitly carried out any user accessibility tests. However, Microsoft take accessibility very seriously and have carried out tests. Further information from Microsoft re: accessibility of Dynamics 365 and other associated Microsoft products can be found here:; ; https://docs.microsoft.com/en-us/compliance/regulatory/offering-WCAG-2-1
• API: Yes
• What users can and can't do using the API: The API for Dynamics 365 is comprehensive, however, all API services are typically agreed separately with customers in line with their requirements.; ; Dynamics 365 unifies the capabilities of CRM business software and ERP systems by providing intelligent applications that seamlessly work together in the cloud. Please see this link for more information regarding Dynamics 365 REST API's::; ; https://docs.microsoft.com/en-us/rest/dynamics365/
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The service leverages the Microsoft Cloud Service. This is designed to meet the needs of operating a service at scale. Other key components include: robust security, scalability, performance, tenant isolation, serviceability, and monitoring.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
  • Emails
  • Configuration and Customisations
  • Files and Blobs
• Backup controls: Users can control, manually perform backups and define schedules through the Azure Portal.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Microsoft guarantees High Availability - 99.9%.
• Approach to resilience: The Microsoft datacentres adhere to the Microsoft Business Continuity and Disaster Recovery (BCDR) standard. Detailed information is available upon request.
• Outage reporting: Outage reporting methods include, but are not limited to, Public Dashboards, APIs, Mobile App Push notifications and Email Alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Provided by role-based security model which allows you to control and define what actions a user can perform and what records a user has access to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau - Certificate Number 212127
• ISO/IEC 27001 accreditation date: Initial Certification: 23 April 2018, Latest Issue: 21 June 2021
• What the ISO/IEC 27001 doesn’t cover: N/A - Covers ALL HSO UK trading companies: HSO Enterprise Solutions, HSO CRM Solutions & HSO Customer Service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus.; ; Note: HSO have answered this section from an HSO (reseller and implementer) only perspective.; ; Microsoft also holds both these certifications plus many more.
• Information security policies and processes: In formulating and implementing HSO security policies, HSO incorporates the following protocols; ; a. Identified reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information;; ; b. Assessed the likelihood and potential damage of these threats, taking into consideration the sensitivity of the personal information;; ; c. Evaluated the sufficiency of existing policies, procedures, customer information systems, and other safeguards in place to control risks;; ; d. Designed and implemented an Information Security Management System that puts safeguards in place to minimize those risks; and; ; e. Implemented regular monitoring of the effectiveness of those safeguards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: HSO has a dedicated Information Security Manager (ISM) and Information Security Management System. ; ; Configuration and Change Management processes at HSO include, but are not limited to: ; 1. Published processes, and education / training- new starter induction and ongoing refresher training.; 2. Use of system tools to capture request, obtain approval and record outcome / actions, e.g. DevOps registers.; 3. Steering committee review and approval needed for changes.; 4. Regular review and audit of our configuration and change management processes during our ISO 27001 (Information Security) and Cyber Essentials Plus audit and ongoing certification renewal.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HSO has a dedicated Information Security Manager (ISM) who is responsible for out Information Security Management System and all underlying Policies within HSO UK. ; ; Vulnerability Management processes at HSO include, but are not limited to: ; 1. Published processes and education / training - new starter induction and ongoing refresher training.; 2. Regular internal vulnerability tests, e.g. through use of dummy phishing emails looking to capture user details.; 3. Regular vulnerability tests by external Security specialists.; 4. Regular review and audit of our vulnerability processes during our ISO 27001 (Information Security) and Cyber Essentials Plus audit and ongoing certification renewal.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring processes at HSO include, but not limited to: ; -Published processes and education/training - new starter induction and ongoing refresher training.; -Azure AD's security, logging and audit-related capabilities such-as Multi-factor authentication, regular review of access-logs / exceptions across applications.; -Use of various system alerts to notify IT of any unusual behaviour. HSO'S internal IT department has dedicated Incident Case types for employees/users to report all suspicious activity against, phishing emails, etc.; -Regular review/audit of our protective monitoring processes as part of ISO 27001 (Information Security) audit and ongoing certfication renewal.; -As per 4. fro Cycber Essentials Plus certification too.
• Incident management type: Supplier-defined controls
• Incident management approach: HSO has a dedicated Information-Security-Manager responsible for all underlying Policies, working closely with an HSO-Group ISM to share best-practices.; ; Protective monitoring processes include: ; -Published processes and training/new-starter induction and ongoing training.; -Incidents investigated immediately, assessed and reported to appropriate internal, and/or external parties, including necessary notifications to customers/suppliers/partners.; -Once resolved, lessons-learnt review performed to ensure mitigating risk of similar incident happening again. Perform internal Risk Mitigation reviews to ensure constant review and improve resilience to accidental or malicious security and data incidents.; -Regular review/audit of proactive monitoring processes during ISO27001 (InformationSecurity) and Cyber Essentials Plus audit and ongoing certification renewal.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft
• How shared infrastructure is kept separate: Many techniques and technologies are deployed. Detailed information can be supplied upon request.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft’s datacentres in the UK and EU are designed to yield major gains in efficiency and sustainability in accordance with their commitment to the EU Code of Conduct for Energy Efficient Datacentres.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  Planet - Sustainable, greener, and cleaner future. ; ; In the quest for a more sustainable tomorrow, HSO embraces a holistic approach to sustainability. Unwaveringly committed to reducing carbon footprint and maximising supply chain opportunities. Our vision encompasses more than just environmental responsibility; it embodies a philosophy of harmonising growth and innovation with a profound respect for the planet.; ; Embedding sustainable practices; ; HSO is committed to environmental excellence and pollution prevention. It works to surpass industry standards and lessen our impact on the local and global environment by conserving energy, water, and other natural resources; reducing waste generation; recycling and reducing our use of toxic materials. Emphasising efficient resourcing, responsible procurement, and innovation, HSO strives for a greener future.; ; By combining HSOs expertise as a Microsoft solutions provider with the power of Microsoft’s sustainable technologies and solutions, we’re able to support customers in achieving their net zero goals. To find more about how we can do this and help your organisation, please read page 10 of our latest Social Value brochure which can be found here:; https://www.hso.com/media/j15bdjwu/hso-social-value-brochure-2024-2.pdf; ; HSO can also provide our customers with the following service - an ESG Assessment. We analyse your Environmental, Social & Governance (ESG) reporting and support you in closing gaps to enable automated reporting. Please see the following HSO website link for further details:; https://www.hso.com/consultancy-offering/esg-assessment

  Covid-19 recovery

  Prosperity - Skills, opportunity, and liberating lives. ; ; A prosperous economy supports thriving communities and, in turn, people. HSO's commitment to ethical business practices, giving back to our communities, fair trade and responsible sourcing, ensures our growth and success go hand in hand with the well-being of wider communities.; ; Supporting the wider community: HSO works with multiple charities. For 2023/24, these are The Stroke Association, British Heart Foundation, and Alzheimer’s Research UK. To date, HSO's employees have raised over £114,000 for charity, which HSO has matched.; ; Putting technology and skills to good use: As well as time and money, HSO uses our skills to help non-profit organisations do more, eg. during lockdown, KidsOut, faced volunteer shortages affecting toy distribution to children in care and living in refuges. HSO built an app to streamline toy box scanning and tracking nationwide. Before this, KidsOut used a paper-based system to manage toy donations. The app removed time-consuming manual tasks, aiding volunteers, enabling growth and ensured efficient delivery despite employee / volunteer limitations.; ; Local economic development: HSO people are encouraged to involve themselves in local economic development initiatives. This can involve infrastructure projects or community facilities, leading to new business opportunities and job creation. ; ; Education and training initiatives: HSO works with organisations to support training and apprenticeship programmes. This bridges the skills gap by offering practical, industry-specific training to individuals seeking to enter work.; ; By combining HSOs expertise as a Microsoft solutions provider with the power of Microsoft’s sustainable technologies and solutions, we are able to support you achieve your organisation's goals, improving lives of those in your community. Please read our latest Social Value brochure:; https://www.hso.com/media/j15bdjwu/hso-social-value-brochure-2024-2.pdf; ; HSO can provide our customers with an ESG Assessment. We analyse your Environmental, Social & Governance (ESG) reporting, helping close gaps to enable automated reporting. Please see:; https://www.hso.com/consultancy-offering/esg-assessment

Pricing

• Price: £500 to £1,900 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-GCloud@hso.com. Tell them what format you need. It will help if you say what assistive technology you use.