On Direct Business Services Limited

Microsoft Cloud Service Provider (CSP)

Microsoft Cloud Service Provider (CSP) allows hosting of Azure and Microsoft 365 subscriptions transacted through Cloud Direct as an Azure Expert MSP. CSP customers are entitled to Azure and M365 Expert Support for environment health checks, troubleshooting and escalations to Microsoft.

Features

• 24/7 Azure and M365 usage
• Microsoft Cloud troubleshooting and guidance
• Access to cloud engineers
• Direct escalations to Microsoft
• Monthly billing and spend forecasting
• Provide portal for cost, security and performance intelligence

Benefits

• Supported by an Azure Expert MSP
• Net Promoter Score of +75%
• Cloud management portal for self-service
• Regular health checks for high-level recommendations

£0.01 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@clouddirect.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

377213063936184

Contact

Cloud Direct Public Sector Specialist
01225 300330
enquiries@clouddirect.net

Service scope

• Service constraints: The service is remote and administrator-level.
• System requirements: Microsoft Azure and 365 requirements will be qualified

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response times are:; ; Urgent (P1): 1 hour ; High (P2): 2 working hours ; Moderate (P3): 4 working hours ; Standard (P4): 8 working hours ; ; Urgent issues (P1) are worked on continuously 24/7 until the issue is resolved. Normal customer support working hours are 08:00-18:00 GMT/BST, Monday to Friday, excluding UK Bank Holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web Chat is provided by a third-party service called LiveChat which runs on the Cloud Direct website. It is a text-only service.
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: CSP customers receive administrator-level troubleshooting and advisory support, escalation to Microsoft and regular environment health checks for Azure and M365. Provide, our cloud management portal, is available for billing and ticket management.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Planning & Migration services for Azure and Microsoft 365 are available to help customers prepare for migrating to Microsoft Cloud technology. For customers already transacting in Azure and M365, a chargeable optimisation review is available prior to switching to Cloud Direct for billing and CSP support.; ; This process is overseen by a a member of your customer management team who will be responsible for ensuring that you are understand your new service and have access to the right tools and information to manage the service going forward.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Should this be necessary, we will assign a cloud engineer to evaluate the requirements to move client data from Microsoft Azure and 365.
• End-of-contract process: Once a contract has been cancelled in line with the agreed terms and conditions, we will remove your access to the service and permanently delete any data held on the platform at an additional cost.

Using the service

• Web browser interface: Yes
• Using the web interface: Microsoft Azure and 365 usage can be managed via the Microsoft Azure and 365 management portals. The portal gives access to set-up, make configuration changes and add/remove services/licences.; ; It also offers a comprehensive dashboard to understand service usage, service issues and failures.; ; Cloud Direct CSP customers can use Provide to review Azure and 365 usage, performance and security posture.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: N/A
• Web interface accessibility testing: N/A
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: In accordance with Microsoft's SLA.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Microsoft Azure includes tools to safeguard data according to your company's security and compliance needs.; ; Further information can be found here: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Cloud Direct utilises Microsoft secured platforms for gaining access to customers Microsoft Cloud Tenancies. These platforms provide levels of segregation between networks and operate on a Zero Trust Least Privileged Access basis.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Microsoft datacenters are designed to implement a strategy of defense-in-depth, employing multiple layers of safeguards to reliably protect our cloud architecture, and supporting infrastructure. Redundancy is built into all systems at multiple levels to support datacenter availability.; ; Further information can be found here: https://learn.microsoft.com/en-us/compliance/assurance/assurance-datacenter-architecture-infrastructure and here: https://learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-availability
• Approach to resilience: Microsoft has highly secured datacenter facilities spread worldwide creating a distributed datacenter infrastructure, supporting thousands of online services. This globally distributed infrastructure is designed to bring applications closer to users, preserve data residency, and offer comprehensive compliance and resiliency options for customers.; ; Further information can be found here: https://learn.microsoft.com/en-us/compliance/assurance/assurance-datacenter-architecture-infrastructure and here: https://learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-availability
• Outage reporting: Microsoft Azure and 365 public dashboards, API and email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: IAM is managed in line with ISO 27001 and Cyber Essentials requirements. Zero Trust and Least privileged principles are also followed.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 11/7/2011
• What the ISO/IEC 27001 doesn’t cover: Scope of the IMS:; Cloud Direct has determined the scope of its IMS (Integrated Management System) against the following standards:; ISO27001: The provision and support of Cloud Computing in accordance with the latest version of the Statement of Applicability; ISO20000-1: The Information Technology service management system of Cloud Direct supports the delivery of Cloud Computing to multiple external customers from its Bath, London and Cape Town Offices.; The scope of certification does not cover any Legacy Product (which isn’t part of the Microsoft Cloud offerings); although these products will be managed within the processes that have been established for products that are in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Azure Expert MSP certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: ISO 27001. Security policies and processes are in place and managed in line with ISO 27001 requirements. Program of governance is in place which includes weekly, monthly, quarterly, internal forums and auditing as well as annual external auditing.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Processes are in place in line with ISO 27001 requirements.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Processes are in place in line with ISO 27001 requirements.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Processes are in place in line with ISO 27001 and ISO 20000 requirements. Incident management (including Major Incident Management) processes are in place with defined response times and SLAs.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Processes are in place in line with ISO 27001 and ISO 20000 requirements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft
• How shared infrastructure is kept separate: Each Microsoft customer has their own dedicated Tenant within the Microsoft Cloud environment.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft employs various safeguards to protect against environmental threats to datacenter availability. These safeguards enable Microsoft to provide secure and available cloud platforms that are trusted by customers.; ; Further information can be found here: https://learn.microsoft.com/en-us/compliance/assurance/assurance-datacenter-environmental-safeguards

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Working towards becoming a B Corp: Continuing our drive to be a good corporate actor, we are beginning our journey to achieving B Corp certification–a global audited standard for measuring a company’s entire social and environmental impact.; ; Helping customers have an environmental impact: We also help customers understand their environmental impact and options of their environment through the Microsoft Emissions Impact Dashboard. ; ; Hybrid Working: We operate a Hybrid Working environment. Staff are trained, equipped and encouraged to consider the environment when managing where they work from. The environmental benefits of this include fewer work-related journeys, less commuting, and increased use of remote video conferencing.

  Covid-19 recovery

  Cloud Direct conducts almost all customer work remotely using Microsoft Cloud technology. This mitigates any risk of exposure to Covid-19 and increases the risk of project continuity for our staff and our customers.

  Equal opportunity

  Cloud Direct has a very diverse workforce that stems from many different aspects of our company culture, the policies we put in place and inclusive environment we foster. We offer equal opportunities and continue to pull from diverse and varying talent pools. Every aspect of our business is evaluated to promote an inclusive culture for all our people. We are always seeking new and innovative ways to enhance our benefits, our recruitment strategies, our flexibility and increase awareness through training programmes to create the right culture.

  Wellbeing

  Our five principles and core values are efficiency, responsibility, freedom, mutuality, and quality, and we keep these values flowing throughout the business. Cloud Direct’s culture is centred on its people. Our people have always been our greatest asset.; ; Stress Management: Cloud Direct recognises that, whatever the source, stress is a health and safety issue in the workplace. We acknowledge the importance of a supportive environment and working culture and of identifying and reducing workplace stressors.; ; Responsible Time Off (RTO): This policy is an extensive leave scheme allowing all employees to take unlimited paid holiday. RTO empowers our workforce in several ways. Notably, employees can take control of their own time off to ensure they maintain a healthy balance between their work and their personal life to manage their wellbeing.; ; Health and Advice: Employees have access to Help@hand from UNUM for independent impartial advice. This gives access to remote GP support, a second opinion, mental health and physiotherapy services. There is also support on life, money and wellbeing.; ; Mental Health: We want you to know that we are always here to help and support you and want our people to know they can talk openly about any problems and in confidence. We’ve a range of support in place, including Mental Health First Aiders and various programmes, to help you if you’re affected by mental ill-health conditions.; ; Fitness Contributions: All employees are offered a monthly contribution towards any fitness or sports activities to encourage positive health and wellbeing.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@clouddirect.net. Tell them what format you need. It will help if you say what assistive technology you use.