BCN Group Ltd

Copilot Readiness Assessment for Healthcare Service

Enhance healthcare delivery with Microsoft 365's Copilot through our specialized assessment and workshop tailored for healthcare professionals, across NHS Primary Care, Acute, Mental Health, Community Care, Integrated Care System, ICS, Integrated Care Board, ICB

Features

• Custom workshop showcasing Copilot's healthcare applications.
• Dedicated Q&A session to address healthcare-specific concerns
• Feedback collection to gauge healthcare staff engagement
• Strategy meeting for Copilot deployment in healthcare settings
• Options for SharePoint audit and security assessments
• Tailored Copilot deployment and adoption strategy for healthcare
• Consultations with experts familiar with healthcare challenges
• Exploration of Copilot’s potential in patient care and administration
• Support in planning Copilot onboarding for healthcare teams
• Guidance on Copilot licensing suited to healthcare needs

Benefits

• In-depth Copilot insights for healthcare decision-makers
• Bespoke strategy to leverage Copilot in patient care
• Cost-effective Copilot evaluation for healthcare environments
• Additional services to ensure comprehensive system readiness
• Expert healthcare-focused advice from cloud consultants
• Customized insights to align with healthcare objectives
• Enhanced patient engagement and administrative efficiency
• Support for healthcare’s digital transformation goals
• Licensing and preparatory advice for effective Copilot adoption.
• Streamlined operations and patient services through Copilot

£5,000 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

527178694192700

Contact

Mr Ric Kelly
0345 095 7000
ric.kelly@bcn.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: M365
• Cloud deployment model: Public cloud
• Service constraints: Copilot is a Microsoft SaaS Service
• System requirements: M365 Licensing (Not Copilot)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on Service Purchased Options: Standard Support Hours - Monday - Friday 08:00 - 18:00Hrs Extended Support Hours - Monday - Friday 07:00 - 19:00Hrs Out of Hours Support - P1 ONLY - 24/7 (Excluding Christmas Day) Priority 1: Standard / Extended Hours - Response Within 30 minutes Priority 1: (Out of Hours) Response Within 60 minutes Priority 2: Standard / Extended Hours – Response Within 2 hours Priority 3 or 4: Standard / Extended Hours – Response Within 4 hours Priority 5: Standard / Extended Hours – Response Within 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Comprehensive Account Management & Support options Availability of the M365 Platform is inherited via Microsoft Support Hours 50+ dedicated support engineers across 3 UK offices provide technical support 24 hours a day, 7 days a week, 365 days a year. * This includes proactive monitoring and alerting of core services. *Waking Hours = 7am to 7pm Monday to Friday (from manned helpdesk) Ticket Severity All tickets logged to the Service Desk will be allocated a severity level based on the following methodology. This will ensure that reporting on service levels may be achieved to the optimum format. 1 - Catastrophic business disruption 2 - Severe business disruption or user critical issue 3 - Business disruption or multiple user issue 4 - Minor business disruption or user issue 5 - Job or Task Service Desk Staff will evaluate the Incident and allocate a priority level after which it will be assigned to the appropriate staff. This will be based on the required skill set to resolve the incident in a timely manner. As a Microsoft Tier-1 CSP BCN will escalate issues to Microsoft as required for additional support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once an agreement is signed a BCN Consultant will engage with the agreed point of contact to conduct the initial M365 Copilot workshop. This will provide an overview of M365 Copilot, it's capabilities, how to use it, & the security of the Service. A Q&A session will follow to allow the customer to ask questions about M365 Copilot.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: PowerPoint
• End-of-contract data extraction: Continuity of service is important to us for our customers. All customer data is hosted in the customer's tenant & therefore is fully owned by the customer. BCN will have Read access only. At the end of any contracted engagement the customer will control the data within M365 & BCN access will be removed as necessary.
• End-of-contract process: Continuity of service is important to us for our customers. All customer data is hosted in the customer's tenant & therefore is fully owned by the customer. BCN will have Read access only. At the end of any contracted engagement the customer will control the data within M365 & BCN access will be removed as necessary.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: M365 Copilot experiences are native to the M365 Apps and accessible as such. Experiences will vary by App
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: This is a consulting service therefore this control is not applicable.; ; However, within the Microsoft 365 Cloud, independence of resources is provided by Microsoft using logical tenant isolation. BCN will access this to review using a Read Only Entra account

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Not applicable to this service
• Data export formats: Other
• Other data export formats: Not applicable to this service
• Data import formats: Other
• Other data import formats: Not applicable to this service

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: N/A
• Data protection within supplier network: Other
• Other protection within supplier network: N/A

Availability and resilience

• Guaranteed availability: Microsoft are responsible for availability of the M365 Copilot Service. SLAs can be found here - ; ; https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwwlpdocumentsearch.blob.core.windows.net%2Fprodv2%2FOnlineSvcsConsolidatedSLA(WW)(English)(April2024)(CR).docx&wdOrigin=BROWSELINK
• Approach to resilience: Active / Active Design ; In Microsoft 365, we are driving towards having all services architected and operated in an active/active design that increases resiliency. This design means that there are always multiple instances of a service running that can respond to user requests and that they are hosted in geographically dispersed datacenters. All user traffic comes in through the Microsoft Front Door service and is automatically routed to the optimally located instance of the service and around any service failures to prevent or reduce impact to our customers. Fault isolation Just as the services are designed and operated in an active/active fashion and are partitioned off from each other to prevent a failure in one from affecting another, the code base of the service is developed using similar partitioning principles called fault isolation. Fault isolation measures are incremental protections made within the code base itself. These measures help prevent an issue in one area from cascading into other areas of operation. Fault isolation measures are applied at multiple stages of the development and delivery of a service, including code development, service deployment, load balancing, and database replication.
• Outage reporting: Public Dashboard & Emails

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Entra ID provides RBAC controls into customer SharePoint environments to restrict access to named resources. Following a least-privilege principle access is controlled via the Entra ID of the customer.; Only licensed Users will be able to access Copilot.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 25/06/2020
• What the ISO/IEC 27001 doesn’t cover: BCN Group activities related to the provision of this service are covered by ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisation chart available on request. Upon induction, staff handbook, policies and procedures are provided. Specific IG policies around Information Security which are also in the staff handbook are included. We are also fully compliant with GDPR guidelines. Ongoing documented review to ensure policies are being followed as well as one-to-one systems to enforce policy processes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are deployed through Microsoft's Secure Development Lifecycle (SDL), which is followed by all engineering and development projects in Microsoft 365. This is a software development model that includes specific security considerations related to code reviews, tests, and approvals before they're systematically released into the Microsoft 365 environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Production assets are scheduled for daily, automatic scans with the most recent vulnerability signatures. The results of these scans are collected in a secure, central storage service, and automated reporting makes results available to service teams. Service teams review scan results that report aggregate scan results to provide comprehensive reporting and trend analysis. When vulnerability scans indicate missing patches, security misconfigurations, or other vulnerabilities in the environment, service teams use these reports to target the affected components for remediation. Vulnerabilities discovered through scanning are prioritized for remediation based on their (CVSS) scores and other relevant risk factors - https://learn.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective Monitoring is provided by Microsoft for Fabric Services. "Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents. When suspicious activity is detected and escalated, Service-specific Security Response teams initiate a process of analysis, containment, eradication, and recovery" More information can be found here https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: When suspicious activity is detected, Service-specific Security Response teams initiate a process of containment, eradication, and recovery. These teams coordinate analysis of the potential incident, including any impact to customers or customer data. Based on this analysis, Service-specific Security teams work with impacted services to develop a plan to contain the threat and minimize the impact, eradicate the threat from the environment, and fully recover to a known secure state. Relevant service teams implement the plan with support from Service-specific Security Response teams to ensure the threat is successfully eliminated and impacted services undergo a complete recovery.; More details: https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  BCN are focussed on improvements in Energy Efficiency. We continue to monitor and review our energy usage with the aim of reducing where we can.

  Tackling economic inequality

  BCN will create employment and educational opportunities for people from backgrounds that typically find it hard to get employment.

  Equal opportunity

  BCN is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, gender, gender reassignment, maternity, marital status, disability, religious beliefs, age or sexual orientation

  Wellbeing

  BCN is committed to the protection and promotion of the mental health and wellbeing of all staff. ; We shall continuously strive to improve the mental health environment and culture of the organisation by identifying, eliminating, or minimising all harmful processes, procedures and behaviours that may cause psychological harm or illness to its employees.

Pricing

• Price: £5,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.