Blacklight Software

Microsoft Power Platform

Blacklight work with Microsoft's Power Platform to enable public sector organisations such as central and local government bodies, education, healthcare and social housing providers to improve efficiency through process automation. Power BI enables analytics, Power Automate streamlines processes, and Power Apps allow the rapid rollout of low code apps.

Features

• No/Low code development
• Mobile application development
• Business Intelligence
• Robotic Process Automation
• Extend and customise Teams
• Extend and customise SharePoint
• Data management with Dataverse
• Development of custom connectors to external services
• Integration with 3rd party services
• Integration with other Microsoft services (Dynamics 365 etc)

Benefits

• Business Analysis, Development, UAT, Testing, Training, Go-live
• Microsoft Gold Partner
• Up-skill of internal staff
• One version of the truth through bi-directional integrations
• Improve collaboration and efficiency
• Save costs and time through automation
• Automate business processes
• Full audit and governance capability
• Integrations with existing solutions
• Prototyping solutions in a fast low code environment

£3.50 to £16.40 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dylan.Hayes@blacklightsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

393611071943719

Contact

Dylan Hayes
01924640350
Dylan.Hayes@blacklightsoftware.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Blacklight provide solutions built upon the Microsoft Power Platform, including Power Automate for process automation, Power Apps for low code development, Power BI for business intelligence and Power Virtual Agents for chatbot services.
• Cloud deployment model: Public cloud
• Service constraints: None applicable.
• System requirements:
  • Processor - 1.9GHz x86- or x64-bit dual core processor
  • Memory - 2-GB RAM
  • Display - Super VGA with a resolution of 1024x768
  • Bandwidth greater than 1MB per second (125 KBps/Kilobyte per second)
  • Latency under 150 ms
  • Windows 11 - Microsoft Edge/Edge Legacy, Mozilla Firefox, Google Chrome
  • Windows 10 - Microsoft Edge/Edge Legacy, Mozilla Firefox, Google Chrome
  • Windows 8.1 - Microsoft Edge, Firefox or Chrome
  • Latest versions of Mozilla Firefox, Google Chrome and Apple Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Incidents are classified under the below levels depending on severity:; Priority 1: Critical,; Priority 2: Major,; Priority 3: Significant,; Priority 4: Minor.; ; The levels have the following response and resolve times:; Priority 1: 1 hour respond, 4 hours resolve;; Priority 2: 4 hours respond, 8 hours resolve;; Priority 3: 1 day respond, 5 days resolve;; Priority 4: 5 days respond, 10 days resolve.; ; Blacklight Help Desk operates between 8:00AM to 18:00PM Monday to Friday with 24/7 support available at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Blacklight can tailor support levels to an organisation's support requirements. By default, incidents are assigned one of the below levels in our SLA depending on severity:; ; Priority 1: Critical - The system is unavailable for all users.; Priority 2: Major - The system is unavailable for some users and no workaround exists.; Priority 3: Significant - There is an issue which is impacting some users and no workaround exists.; Priority 4: Minor - There is an issue but users can workaround without impact.; ; The levels have the following response and resolution times:; Priority 1: 1 hour respond, 4 hours resolution;; Priority 2: 4 hours respond, 8 hours resolution;; Priority 3: 1 day respond, 5 days resolution;; Priority 4: 5 days respond, 10 days resolution.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Blacklight provide full transparency and in-depth communication through the life-cycle of the engagement. We provide on-site training and compliment this with further training documentation and training videos. Blacklight also prefer to be on-site for go-live to ensure a smooth transition to a business-as-usual system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be exported from the Microsoft Power Platform at any point. Blacklight provide training on how to export data and can provide further assistance if required.
• End-of-contract process: Upon culmination of the contract, Blacklight can continue to provide services or aid the customer in the extraction of data or migration to another supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Power Platform applications renders to fit all devices including desktop, laptop, tablet and mobile and is touch responsive. ; ; Power BI has a standalone desktop application, as well as a mobile application optimised for mobile devices.; ; Power Apps allow the creation of standalone mobile application which can be installed on IOS and Android mobile devices, as well as integrated into Microsoft 365 applications such as Teams and SharePoint.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Microsoft Power Platform provides a rich range of service endpoints allowing access to data held within the solutions
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Microsoft have carried out extensive testing to ensure that Microsoft Power Platform is accessible. Apps created within Power Apps can be constructed to comply with accessibility standards and requirements.
• API: Yes
• What users can and can't do using the API: Microsoft Power Platform offers a rich and mature set of APIs which allow access to the platform from 3rd party applications. Additionally, the Power Platform has a rich suite of connectors to commonly used services, as well as the ability to create custom connectors which can interact with external APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Microsoft Power Platform is highly customisable, allowing organisations to adapt the Power Platform to their needs. Blacklight can provide all levels of customisations and configurations from the configuration of Power BI reports, the creation of Power Apps, process automation with Power Automate, right through to the development of custom connectors and components to extend the platform.

Scaling

• Independence of resources: The Power Platform is a cloud solution provided by Microsoft and are hosted at secure Microsoft Azure Data Centers (Tier 5). Microsoft boast of an up time of 99.99%. The world-wide infrastructure of Microsoft Azure Data Centers operates at hyperscale and have proven able to scale to cope with surges in demand and ever-growing consumption.

Analytics

• Service usage metrics: Yes
• Metrics types: Power Platform provides various reports and analytics for monitoring usage metrics, licensing, data consumption etc which are available via the Power Platform admin centre.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported from any time from the Power Platform by making use of export functionality in the platform. Data held within the underlying Dataverse data platform can be exported to Excel and in CSV format, as well as exposing a rich API and scripting interface to allow custom export solutions. Configuration and code can be exported in JSON format from Power Apps and Power Automate, and Power BI workspaces can be exported to a Power BI specific file format.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Integrations to other systems (API and scripting)
  • Excel
  • Connectors
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Integrations from other systems (API and Scripting)
  • Excel Upload
  • Connectors

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. Data is encrypted during transit and while at rest. This applies to protocols on any device used by clients, such as Skype for Business Online, Outlook, and Outlook on the web.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Data is encrypted while in transit and also while at rest.

Availability and resilience

• Guaranteed availability: Microsoft guarantee 99.9% availability for the various services in the Power Platform. The exact SLA will depend on the service, but in general if the monthly uptime drops below 99.9%, service credits is given. This is financially guaranteed by Microsoft who offer service credits if the Service Level is breached within a given month. These service credits are passed on to the customer by Blacklight.
• Approach to resilience: Microsoft ensure that resiliency and recoverability are built into their applications. The Power Platform is hosted on Azure, and stores data within Dataverse, which is part of Microsoft Dynamics 365.; ; Further information can be found here: https://docs.microsoft.com/en-us/compliance/assurance/assurance-resiliency-and-continuity
• Outage reporting: Service outages are reported within the Power Platform in the Power Platform Admin Center. Within the Admin Center, users can view any planned maintenance and the service health of their applications. Service health Instrumentation information can also be accessed via APIs.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Users are authenticated through their Azure Active Directory account. Integration with other identity providers is also possible.
• Access restrictions in management interfaces and support channels: The Power Platform uses granular user roles and security permissions in the underlying Dataverse data model. Additionally, security permissions can be applied to other services in the Power Platform such as restricting access to Power Apps, or Power BI reports. This is in addition to any security trimming present in the underlying data sources accessed through the Power Platform. Administrator roles can be assigned to relevant users to restrict access to areas of the system.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO 9001
• Information security policies and processes: Blacklight use security policies inline with ISO9001. This ensures that information security risk is controlled. The reporting structure follows the hierarchy to the board member responsible for security and governance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Microsoft uses formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others. Blacklight uses ISO9001 configuration and change management procedures. Blacklight also utilise the ITIL framework and use tools such as DevOps for configuration and change management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft continually monitor the threat landscape to look for new and emerging threats, and ensure the service is protected against these. In response to specific threats Microsoft may make changes to the service to address critical vulnerabilities outside of the usual bi yearly update cadence. Microsoft provide access to the Microsoft Security Response Center that provides information to customers using Microsoft products.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The Power Platform proactively monitors the performance of applications against acceptable service performance. Warnings are also generated when an irregular event occurs.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Power Platform service health feature monitors the performance of applications against acceptable service performance. Warnings are also generated when an irregular event occurs.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  We have engaged with local schools and colleges to provide careers advice to encourage underrepresented groups to consider IT careers. We have engaged with local schools and colleges to support the provision of IT curriculum topics.

  Tackling economic inequality

  We encourage the creation of a diverse workforce in our organisation which fully represents the diversity of the areas we are based in.

Pricing

• Price: £3.50 to £16.40 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Microsoft offer a free trial of Power Platform. Blacklight can help customers who wish to make use of Microsoft's free trials of the various service in the Power Platform.
• Link to free trial: https://web.powerapps.com/trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dylan.Hayes@blacklightsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.