Pure Cloud Solutions Ltd

Microsoft 365 Services, Applications & Support

Microsoft 365 gives you an easy and effective way to manage your business communications and gives you the flexibility and freedom to work at any time, from any location and on any device, so you can connect with colleagues and clients at your convenience.

Features

• Full cloud infrustructure
• Cloud managed
• Collaboration features
• Third party integration

Benefits

• Increased efficiency
• Increased scalability
• Increased flexibility
• Increased security
• Simple deployment
• Simple management

£10 to £50 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie@purecloudsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

489479714346107

Contact

Jamie Lake
03331506780
jamie@purecloudsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Requires stable and secure internet connectivity with sufficient amount of bandwidth.
• System requirements:
  • Internet connectivity
  • Sufficient bandwidth

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Full SLA in place for service desk but initial response is received within 20 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: SA Standard - £FOC with all contracts Monday – Friday 9am to 5pm (standard remote support service) SA Standard Plus - £POA specific to each client Monday – Friday 8.00am to 8.00pm (on-site support) SA Premium - £POA specific to each client Monday to Sunday 24hour on-site support (excluding bank holidays) SA Premium Plus - £POA specific to each client Monday – Sunday 24hour on-site support (including bank holidays)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full user training is provided before the go live of the system, the approach we have adopted is a 'train the trainer' methodology whereby we train a number of 'super users' who then take responsibility for decanting that training to other staff. This is a tried and tested method and the one which we've seen most successful.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users will migrate all of their data to another solution. There will be a cross over the period and once the data has been successfully relocated, the data can be erased.
• End-of-contract process: If sufficient notice is not received in writing then the contract will auto-renew for a new period equal to the original committed period. If the client decides to end the contract and sufficient notice is received then, as is reasonably possible, we ensure a smooth transition to the gaining provider.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile optimised applications for Android ans iOS mobile devcies.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web-based application through the Microsoft 365 portal login. When a user has a login, their single sign-on gives access to all applications under the 365 account, depending on the subscriptions.
• Accessibility standards: None or don’t know
• Description of accessibility: From a web browser or the Microsft365 installable applications (outlook, word, excel, etc).
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Microsft 365 login and third-party integrations such as CRM systems. 365 Management APIs use Azure AD to provide secure authentication to Office 365 tenant data.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can customise the 365 appearances and layout to tailor it to meet their business requirements.

Scaling

• Independence of resources: We are constantly monitoring service resources and have a number of alerts in place that alert us if our resource is anywhere near capacity which allows us to increase as required. We have never had a resource issue to date.

Analytics

• Service usage metrics: Yes
• Metrics types: Microsoft 365 system admin portal offers a range of service metrics to report on all elements of the 365 suite and its users.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft 365

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Secured and managed by Microsoft. PCS offer solutions to back up 365 products using SaaS protection.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Depends on what amount of data is required to be exported.
• Data export formats: Other
• Other data export formats:
  • Download data to other cloud locations
  • Download data to other local devices
• Data import formats: Other
• Other data import formats:
  • Upload from another cloud location
  • Upload from another local device

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Services are hosted in multiple data locations around the world.
• Outage reporting: Outages are reported through public dashboards, API and email alerts. PCS admins receive the alerts and proactively take action accordingly.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: As with most portals and management interfaces we can create different levels of account access i.e. read only, admin & super admin. Each tier is managed by 'super admins' who have access to change logs and audit trails. Only approved users have access to the support channels and users will be asked to satisfy security questions before being given access to support.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO 9001; Cyber Essentials; Cyber Essentials Plus
• Information security policies and processes: We impose limits on Internet/email use in relation to business/personal use. We also focus on the following: Malicious Software Security Unattended workstations Travelling Administrator accounts Passwords Email security Email content Copyright Personal use of computers Inappropriate websites/content Software updates User awareness training All the above is audited regularly inline with ISO9001:2015 guidelines and SWOT analysis carried out to assess strengths/weaknesses of the system. Our Cyber Essentials + accreditation is an external accreditation which ensures our systems/securities are tested by an independent external source. The scheme addresses the most common Internet-based threats to cyber security. Typical examples of this are: · hacking — exploiting known vulnerabilities in Internet-connected devices, using widely available tools/techniques · phishing — and other ways of tricking users into installing or executing a malicious application · password guessing — manual or automated attempts to log on from the Internet, by guessing passwords The Cyber Essentials scheme helps to protect the confidentiality, integrity and availability of data stored on devices which connect to the Internet. Including: · desktops/laptops · tablets/smartphones · all server/networking equipment Aligned to the above, it gives reassurances to our customers and suppliers that we're working to secure our IT and data against cyber attack.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are tracked and monitored by ticket reference via our ticketing tool. This includes all change requests made by the client and maintenance. All infrastructure maintenance is approved by the Technical Director in advance and the client made aware. Maintenance windows are ideally chosen to minimise service impact
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is defined in our information security policy. Patches are applied within 14 days of release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft's security agent is installed during asset deployment and enables fully automated vulnerability and configuration scanning.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management process is governed by ISO 9001 quality standards. Services are provided in compliance with ISO 27001, and SLAs for response to incidents are noted in our Service Agreement with clients which can / are passed via existing communication channels in place. Incidents are reported by clients via the ticketing system by phone, email or web. Incident reports are generally logged in tickets however for more severe incidents a full RFO (Reason For Outage) is supplied to the client via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Pure Cloud Solutions are always looking to reduce carbon footprint, ranging from safe, secure and responsible disposal/recycling of electrical goods. We have also replaced our engineering fleet with hybrid vehicles with a view to going fully electric in the future.
• Covid-19 recovery:

  Covid-19 recovery

  Pure Cloud Solutions ensured that all staff could return to a safe working environment as per government guidelines. We reviewed our risk assessment on a regular basis and introduced new flexible working and working from home benefits. This ensured staff felt safe and could adapt to the new environment and new way of working. This increased productivity and staff morale.

Pricing

• Price: £10 to £50 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 1 month free trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie@purecloudsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.