Skip to main content

Help us improve the Digital Marketplace - send your feedback

BCN Group Ltd

Azure AI Services - Public Sector services

BCN Group offers Azure AI Services, providing advanced AI capabilities to a broad range of public sector services beyond local government.

Features

  • Custom AI model development
  • Large Language Model development & integration
  • Natural language processing & text analytics
  • Image and speech recognition through Azure AI Services
  • Copilot & Chatbot creation and management
  • Customizable AI Solutions
  • Integration with existing systems, workflows, & apps
  • Predictive analytics & data engineering with Machine Learning
  • Custom AI model development & training
  • Project work & Kickstarter Engagements

Benefits

  • Streamline decision-making processes using AI services
  • Improve operational efficiency through AI augmentation
  • Highly Secure AI Services in the Azure Cloud
  • Surface data & documentation through AI powered Search
  • Innovation through AI infusion in workflows & processes
  • Reduced manual effort with AI integration to augment work
  • Kickstarter options provide a low-entry, low-risk starting point
  • Push the boundaries of innovation with Azure AI Services
  • Access to AI experts for guidance & questions

Pricing

£1,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 8 8 5 0 6 7 1 6 4 2 5 2 5 1

Contact

BCN Group Ltd Mr Ric Kelly
Telephone: 0345 095 7000
Email: ric.kelly@bcn.co.uk

Service scope

Service constraints
Services are constrained only by the limitations of the Azure Platform & the associated services
System requirements
Suitable internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depending on Service Purchased Options: Standard Support Hours - Monday - Friday 08:00 - 18:00Hrs Extended Support Hours - Monday - Friday 07:00 - 19:00Hrs Out of Hours Support - P1 ONLY - 24/7 (Excluding Christmas Day) Priority 1: Standard / Extended Hours - Response Within 30 minutes Priority 1: (Out of Hours) Response Within 60 minutes Priority 2: Standard / Extended Hours – Response Within 2 hours Priority 3 or 4: Standard / Extended Hours – Response Within 4 hours Priority 5: Standard / Extended Hours – Response Within 4 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Comprehensive Account Management & Support options Availability of the Azure Platform is inherited via Microsoft Support Hours 50+ dedicated support engineers across 3 UK offices provide technical support 24 hours a day, 7 days a week, 365 days a year. * This includes proactive monitoring and alerting of core services. *Waking Hours = 7am to 7pm Monday to Friday (from manned helpdesk) Ticket Severity All tickets logged to the Service Desk will be allocated a severity level based on the following methodology. This will ensure that reporting on service levels may be achieved to the optimum format. 1 - Catastrophic business disruption 2 - Severe business disruption or user critical issue 3 - Business disruption or multiple user issue 4 - Minor business disruption or user issue 5 - Job or Task Service Desk Staff will evaluate the Incident and allocate a priority level after which it will be assigned to the appropriate staff. This will be based on the required skill set to resolve the incident in a timely manner. As a Microsoft Tier-1 CSP BCN will escalate issues to Microsoft as required for additional support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
For all Azure AI Solutions BCN will engage with the customer to identify business requirements & the optimal solution required. BCN will guide your migration from start to finish to ensure an optimal experience. BCN follow the below methodology for delivering projects: Define The first step is always information. We take the time to understand your business. Build We build on our research. Your solution is designed to leverage the insights we learn. Deliver We only ever deliver once we're completely happy and fully tested. Evolve Digital solutions don't stop, they evolve. Metrics & analytics keep pushing you forward.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Continuity of service is important to us for our customers. All customer data is hosted in the customer's tenant & therefore is fully owned by the customer. At the end of any contracted engagement the customer will control the data within Azure & BCN access will be removed as necessary. BCN can support extraction from Azure via multiple methods if required depending on the customer needs.
End-of-contract process
At the end of any contracted engagement BCN will support handover of any solution to the customer. BCN will remove access to all systems as necessary & terminate any support for services.

Using the service

Web browser interface
Yes
Using the web interface
Web interface leveraged from Microsoft: https://portal.azure.com
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Microsoft conduct web portal testing
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Independence of resources is provided by Microsoft using logical tenant isolation. Tenant level isolation in Microsoft Azure is achieved using Microsoft Entra and RBAC offered by it. Access requires user authentication via a security token service (STS). Tenants are discrete containers and there's no relationship between these. No access across tenants Physical access to servers that comprise the Microsoft Entra service, and direct access to Microsoft Entra ID’s back-end systems, is restricted. Entra users have no access to physical assets or locations, and therefore it isn't possible for them to bypass the logical Azure RBAC policy checks. More details: https://learn.microsoft.com/en-us/azure/security/fundamentals/isolation-choices
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Storage
  • Databases
  • App Services
Backup controls
Backups are User-Defined and can be done on any schedule. Data storage charges may apply.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The base infrastructure for Azure Solutions varies depending on the solution, however Azure's overall Platform availability is 99.9%. Other services may be part of the overall solution. BCN defer to Microsoft's SLAs for those other Services which can be found here: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1

BCN can design Azure Services to provide an enhanced SLA through a resilient architecture, depending on the customer requirements.
Approach to resilience
Azure includes built-in reliability services that you can use and manage based on business needs. Whether it’s a single hardware node failure, a rack level failure, a datacenter outage, or a large-scale regional outage, Azure provides solutions that improve reliability. For example, availability sets ensure that the virtual machines deployed on Azure are distributed across multiple isolated hardware nodes in a cluster. Availability zones protect customers’ applications and data from datacenter failures across multiple physical locations within a region. Regions and availability zones are central to your application design and resiliency strategy and are discussed in greater detail later in this article. BCN's Azure solutions are designed to the resiliency requirements of the client.
Outage reporting
Public dashboards and email alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels
Entra ID provides RBAC controls into customer Azure environments to restrict access to named resources. Following a least-privilege principle access is controlled via the Entra ID of the customer & other network restrictions based on the solution
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS
ISO/IEC 27001 accreditation date
25/06/2020
What the ISO/IEC 27001 doesn’t cover
BCN Group activities related to the provision of this service are covered by ISO 27001
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
BCN Group are certified as compliant with ISO27001 by a UKAS accredited certifying body.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change requests are raised by the customer or on their behalf by our support team. These are submitted to the change team for review and what-if analysis, the results of which are communicated back to the change owner for review of potential impacts and technical feedback before authorising and scheduling in the work. Upon completion and validation that the change has been successful, relevant documentation and parties are updated accordingly. The Change Advisory Board meet regularly to assess the whole change life-cycle to ensure that safeguards and security remain at the forefront of any changes made.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Production assets are scheduled for daily, automatic scans with the most recent vulnerability signatures. The results of these scans are collected in a secure, central storage service, and automated reporting makes results available to service teams. Service teams review scan results that report aggregate scan results to provide comprehensive reporting and trend analysis. When vulnerability scans indicate missing patches, security misconfigurations, or other vulnerabilities in the environment, service teams use these reports to target the affected components for remediation. Vulnerabilities discovered through scanning are prioritized for remediation based on their (CVSS) scores and other relevant risk factors - https://learn.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective Monitoring is provided by Microsoft for Azure AI Services. "Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents. When suspicious activity is detected and escalated, Service-specific Security Response teams initiate a process of analysis, containment, eradication, and recovery" More information can be found here https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
BCN's Incident Management process: Upon detection of an incident either internally or by report (telephone/email/portal) it is classified due to its impact and the number of users it affects. Where required, an escalation event is then created triggering the assignment of a Major Incident Manager, re-assignment of technical resource and team leader to provide client updates. Updates are provided throughout a major incident (P1) with an incident report provided within 1 week. Root cause analysis undertaken after the incident has been resolved to help mitigate the likelihood of recurrence. Microsoft's Incident Management processes for infrastructure incidents are found here: https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft
How shared infrastructure is kept separate
Microsoft Azure separates client data into organisational structures such as tenants and subscriptions that are only visible to the client in question. Microsoft are responsible for the hyperscale platform that ensures memory and process separation between clients/users.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft's Data Centers meet all sustainability requirements: By 2025, Microsoft Data Centres look to shift to 100 percent renewable energy supply. Microsoft Services are up to 98 percent more carbon efficient and up to 93 percent more energy efficient than a traditional enterprise datacenter. Microsoft is investing in a sustainable future through zero environmental impact materials. More information can be found here - https://datacenters.microsoft.com/globe/powering-sustainable-transformation/

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

BCN are committed to working with Data Centre partners that share our values on sustainability and environmental impact. With a focus on partners that invest in energy efficient environmentally minded solutions such as battery storage technology, and intelligent cooling, regardless of the upfront costs. We will always look to host with the most energy efficiency conscious providers. End of Life (EOL) equipment is either recycled appropriately, donated to charitable causes or offered to colleagues in return for charitable donations. Eliminated landfill waste and maximising recycling All EOL equipment is disposed of via our WEEE accredited partner

Tackling economic inequality

BCN will create employment and educational opportunities for people from backgrounds that typically find it hard to get employment.

Equal opportunity

Women in the Workforce: We always want the right person to be in the right role for the right reasons. We’re pro-actively making changes and ensuring we are aiming to change the status quo in the tech industry and have a more balanced workforce at BCN and more women in our tech. We do this via: Changing recruitment policies Flexible working Support and development opportunities Our aim is to achieve a 50:50 workforce gender balance.

Wellbeing

BCN is committed to the protection and promotion of the mental health and wellbeing of all staff. We shall continuously strive to improve the mental health environment and culture of the organisation by identifying, eliminating, or minimising all harmful processes, procedures and behaviours that may cause psychological harm or illness to its employees.

Pricing

Price
£1,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.