Fifosys Limited

Cloud Email and Collaboration Office 365

Microsoft Office 365 delivers the power of cloud productivity to businesses of all sizes, helping save time, money, and free up valued resources. Office 365 combines the familiar Microsoft Office desktop suite with cloud-based versions of Microsoft’s next-generation communications and collaboration services. Fifosys have completed 50+ migrations since 2015.

Features

• Highly resilient cloud hosted email platform
• Real-time co authoring
• Work anywhere from any device
• Easily share documents internally and externally
• Up to date versions of software
• Team chat applications
• Manage projects with planner and workflows
• Highly secure using encryption and built in anti virus
• Fifosys experiences to share and reduce the risk of migrations

Benefits

• Manage and update content on the move
• Remove the need to spend time maintaining internal systems
• Collaborate with internal and external users
• Access email and manage content from multiple devices
• Protect data with built in security and compliance controls
• Seamless integration with other solutions and office suite
• Flexible solution and services that can be added as required
• Having completed 50+ migrations we reduce the risk of failure
• Can support change from a user perspective and provide training

£0.00 to £30.80 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

514788885243761

Contact

Mitesh Patel
02076442610
m.patel@fifosys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Support for Office 365 is limited to Microsoft Office versions of 2010 or higher. Certain features are only available with Office 2013 or higher.; ; Planned maintenance is regular Microsoft-initiated service updates to the infrastructure and software applications. Planned maintenance notifications inform customers about service work that might affect the functionality of an Office 365 service. Customers are notified no later than five days in advance of all planned maintenance through Message Center on the Office 365 Admin Portal
• System requirements:
  • Windows10, Windows8.1, Windows8, Windows7 Service Pack 1
  • 2 GB RAM
  • 3 GB Disk Space
  • Monitor Resolution of 1024x768
  • Up to date browser, Edge, Internet Explorer, Chrome, Safari, Firefox
  • 1GHz or faster x86 or 64bit processor

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.; ; We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships. ; ; This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required. We have a large repository of user documentation that we share on how to use the various elements of the service, including instructional videos produced by the software provider.; ; The migration to this service is treated as a project and as such there will be several phases. During the discovery phase, the impact to the users will be assessed and we will work with the customer to determine a communication and training plan. ; ; Following the cutover i.e. when the service is live, we will have an onsite engineer to assist with any queries and provide initial training to the users.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted manually by the users in the forms of PSTs for email and normal files for data stored in SharePoint or OneDrive. However we recommend that we are instructed to provide all of this data on removable media. This limits the amount of work required from the individual user and ensures that all data is captured, as dependant on permissions a user may not have access to all data or systems.; ; If we are exporting the data the user must supply or agree to the costs of Fifosys supplying the media. Once all data has been exported we will perform a verification comparing the exported data to the original source data and once confident that all data has been captured we will arrange ; for the data to be removed from the Office365 source systems and the account closed.
• End-of-contract process: Extracting the users live data is included in the price of the contract as are all termination fees. Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf. ; ; The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported. All licencing provided as part of the Office365 subscription remaining the property of Microsoft and therefore we cease to be valid at the end of the contract.; ; Upon expiration or termination of your Office 365 subscription or contract, you, by default will be provided with additional limited access for 90 days to export your data

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile applications are provided by Microsoft and provide the majority of features of the full desktop versions. However they are scaled to fit the mobile device. Navigation is normal performed via scrolling and input via an on-screen keyboard on the device rather than using a mouse and keyboard. ; Some advanced features such as adding embedded objects, recording macros, checking grammar, adding or updating citations, restoring or merging revisions and real time co-authoring are not available on the mobile version.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Office 365 portal website allows access to the majority of Office365 features and applications. Online versions of mail, Word, Excel, Powerpoint and many of the other featues within the Office365 are all available through the web portal. Administration tasks can also be performed via the portal. Full details available on request.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Information available on request
• API: Yes
• What users can and can't do using the API: Integrate Office 365 data into your own apps; ; You can create custom solutions that access and interact with all the richness of a user’s Office 365 data—and you can build those solutions across all mobile, web, and desktop platforms. The Office 365 APIs enable you to provide access to Office 365 data, including their mail, calendars, contacts, files, and folders. All right from within your app itself.; ; Create a FileHandler add-in to control how Office 365 displays and interacts with your custom file types, including custom file type icons, file preview within the Office 365 UI, creating and opening the file type in a custom editor. And since FileHandler add-ins host their data and logic remotely, you can develop your add-in using the language, tools, and web development stack of your choice.; Add your app to the app launcher to give it visibility and make it accessible right from the Office 365 home page. Take advantage of Azure AD single sign-on to provide seamless access to your app for authorised users; Access the Reporting web service to build reporting dashboards, charts, and graphs to help their organisation manage their subscription usage.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All elements of the Office365 environment can be customised. Dependant on the requirements of the user, difference licences and features can be added such as Skype, Conference Bridges, calling plans, Email archiving, copies of Office, themes, compliance, amounts of storage, security settings, ability to share, disclaimers, data retention. Branding can also be applied to various elements such as SharePoint sites, Meeting invites and control panels.; ; Dependant on the features chosen the costs per user will change.; ; Users can customise certain features such as themes and look and feel directly from within the Office suite or through the Office 365 portal. However other elements of customisation are controlled centrally through policies.; ; The central policies can be updated by any designated admin. As this is being provided as part of a managed service, normally we would take responsibility for making these changes after receiving instruction from the user. However if the client wishes to nominate a suitable individual to be granted admin rights, this can be accommodated.

Scaling

• Independence of resources: The cloud environment is highly and easily scalable. Load across the environment is constantly monitored for performance issues and additional resources can be quickly brought on-line to cope with any peaks in demand. Access to services is load-balanced across multiple databases, network links and servers to ensure users are not affected by the demand placed on the systems by others.; ; Bandwidth limits are in place for any activity that could saturate network connections and have a negative impact on other users such as large file transfers or mass mailbox migrations.

Analytics

• Service usage metrics: Yes
• Metrics types: Metric show how people in your business are using Office 365 services. ; ; Reports are available for the last 7 days, 30 days, 90 days, and 180 days. ; Metrics include; ; Active Users; ; Email apps usage; ; Office 365 groups; ; OneDrive for Business user activity; ; OneDrive for Business usage; ; SharePoint site usage; ; SharePoint activity; ; Skype for Business Online activity; ; Skype for Business Online conference organized activity; ; Skype for Business Online conference participant activity; ; Skype for Business Online peer-to-peer activity; ; Yammer activity; ; Yammer device usage; ; Yammer groups activity report; ; Microsoft Teams user activity; ; Microsoft Teams device usage; ; Email activity; ; Mailbox usage; ; Office activations
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft or Fifosys in the following ways:; Exchange Online data, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.; SharePoint Online documents can be downloaded at any time from the workspace into your local computer.; Vanity domain names such as client.com can be removed by following the Domain Removal instructions in Office 365 Help.; Metadata can be exported using PowerShell
• Data export formats: Other
• Other data export formats:
  • PST
  • Flat files (.docx, .xlsx, txt, jpg)
• Data import formats: Other
• Other data import formats:
  • PST
  • Flat files (docx, jpg, xlxs)

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The SLA on the Office365 platform is 99.9%; ; Financial backing is provided at part of the commitment to achieve and maintain the service levels for each service. If these are not achieved and the the service level maintained the service levels, then you are eligible for a credit towards a portion of your monthly service fees.; ; Downtime is defined as: Any period of time when Office applications are put into reduced functionality mode due to an issue with Office 365 activation.; ; Monthly uptime percentage is calculated as - ((User Minutes - Downtime) / User minutes) x 100 ; ; If the uptime falls below the SLA then the following service credits apply:; <99.9% = 25% service credit; <99% = 50% service credit; <95% = 100% service credit
• Approach to resilience: Data resiliency means that no matter what failures occur within Office 365, critical customer data remains intact and unaffected. ; ; Within Office 365 production environments, peer replication between datacenters ensures that there are always multiple live copies of any data.; ; Protection against corruption of mailbox data in Exchange Online is achieved by using Exchange; Native Data Protection, a resiliency strategy that leverages application-level replication across multiple servers and multiple datacenters along with other features that help protect data from being lost due to corruption or other reasons.; ; Every mailbox database in Office 365 is hosted in a database availability group (DAG) and replicated to geographically-separate datacenters within the same region. The most common configuration is four database copies in four datacenters.; ; To help prevent corruption from occurring at the file system level, Exchange Online is being deployed; on Resilient File System (ReFS) partitions to provide improved recovery capabilities. ReFS is a file system in Windows Server 2012 and later that is designed to be more resilient against data corruption thereby maximizing data availability and integrity
• Outage reporting: Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process.; ; Users would be continuously updated on progress of the issue until resolved.; ; A public dashboard is also available for the service status at: https://portal.office.com/servicestatus

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised individuals from our organisation can manage the system and strong authentication is in place. The management layer is segregated from the service networks to prevent any issues affecting service.; ; The operational processes that govern access to customer data in Microsoft business cloud services are protected by strong controls and authentication, which fall into two categories: physical and logical.; Both us and Microsoft perform regular audits (as well as sample audits) to attest that any access is appropriate.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/12/2019
• What the ISO/IEC 27001 doesn’t cover: Microsoft's own cloud - This is covered by their own accreditation
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure.; Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation:; Information Security Organisation; Classifying Information and Data; Controlling Access to Information and Systems; Processing Information and Document; Purchasing and Maintaining Commercial Software; Securing Hardware, Peripherals and Other Equipment; Fifosys Personnel; Detecting and Responding to Incidents; Business Continuity

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Requirement for a change is identified by Fifosys or a supplier, customer or partner.; The pre-approved change list should be checked to confirm whether this change can be implemented without further review. If the engineer is happy to implement the pre-approved change without further approval they should log, implement and manage the change as a standard service request/support ticket or in a project task.; If the change is not on the pre-approved list or if the engineer feels that there are risks with this change that require additional consideration, the change should be logged and managed on the change board.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans. ; ; We patch our and our clients servers every week using our automated patch management service.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus. ; ; Data is also proactively monitored for RansomWare attacks through our backup solution. ; ; When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket.; ; We respond to these incidents within 15 minutes
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request. ; ; We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks. ; ; Users can report incidents via phone, email or online portal.; ; Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a part of our Environmental policy we are committed to continual improvement throughout our business operations to lessen our impact on the local and global environment by conserving energy, water and other natural resources. Our Environmental Initiatives include: • Reducing energy and fuel consumption. • Incorporating sustainability considerations into our supply chain. • Saving energy by using energy efficient lighting and equipment • Encouraging flexible working and reducing the need for face to face meetings through the use of technology such as Teams. • We adopt a “cloud first” approach to technology

  Covid-19 recovery

  Fifosys have taken a number of steps to aid Covid 19 recovery for both employees and customers such as: For employees - Hybrid working model with dedicated work from home time each week. Improved workplace conditions such as sanitising stations and social distancing. For organisations - Applying discounts to allow businesses to recover financially. Changing the underlying architecture to allow users to work from home more effectively. Introducing new communications solutions to allow better collaboration and communication. We have created significant employment opportunities by bringing some of our offshore services back to the UK.

  Equal opportunity

  We are committed to providing equality of opportunity in our employment practices and procedures, and to avoiding unlawful discrimination being suffered by our employees, job applicants, clients or customers. We will not discriminate directly or indirectly in recruitment or employment because of age, disability, sex, gender reassignment, pregnancy, maternity, race (which includes colour, nationality and ethnic or national origins), sexual orientation, religion or belief, or because someone is married or in a civil partnership. These are known as "protected characteristics”. We will not discriminate unlawfully against customers, contractors, suppliers or visitors using or attempting to use the goods, facilities and services that we provide. This aim of this policy is to assist us in putting this commitment into practice to ensure all our employees are treated fairly, respectfully and without prejudice, so that you are able to maximise your full potential, and do not commit and/or are not subjected to unacceptable and unlawful acts of discrimination. Our policy is implemented in accordance with the Equality Act 2010 and all other appropriate statutory requirements and has been compiled after consideration of all available guidance and relevant Codes of Practice. We will strive to ensure that our work environment remains positive, free from harassment and bullying, and that everyone is treated with dignity and respect at all times in maintaining and sustaining equal opportunities in employment.

  Wellbeing

  We promote a healthy work environment through our employee corporate wellbeing policy, initiatives include: • Adopting a hybrid work environment for all employees • Free fresh fruit deliveries • Regular Mindfulness and wellbeing sessions • Health insurance • A culture of support and celebration of achievements

Pricing

• Price: £0.00 to £30.80 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.