Ceox

Power Apps in Teams

Ceox’s Microsoft Power Apps in Teams enables Public Sector Organisations to build engaging business applications within Microsoft Teams. The low-code data platform enables the creation of Canvas Apps connected to Dataverse for Teams without leaving the Teams Interface. Empower your workforce, automate tasks, streamline process and deliver efficiencies.

Features

• PowerApps Low-Code Application Platform (LCAP), Power Apps Portals, Power BI
• Power Automate, Power Virtual Agents, Citizen Developers, Embedded, Desktop, Mobile
• PowerBI for Data Insights, Analytics, Reporting, Dashboards, Visualisation, Data Sources
• Robotic Process Automation (RPA), Business Process Flows, Event Driven, UI
• Dynamics 365, Office 365, SharePoint Online, Customer Connectors, Microsoft 365
• Centre of Excellence, Administration, Support, Web, Managed Service, APIs, Personal
• Digital Service (Portal) Development with Bespoke Build, Modernise Legacy Applications
• Customisation and Configuration, Premium Custom Connector, Common Data Model, Workflow
• Canvas Apps, Model Driven Apps, Dataverse for Teams, .Net modules
• Artificial Intelligence AI Builder, Virtual Assistant, Chatbots, No-Code, Tab App

Benefits

• Quick Build for Fast Development and Delivery, Embed Business App
• ITIL Service Management Processes, Tools, Support via a Service Desk
• Full Support, Discovery, User Research, Design, Develop, Delivery, Build, Live
• Ensure Compliance: GDS Service Standard and Technology Code of Practice
• Build using Agile, Iterative, DevOps, Open Standards and User-Centred Methods
• Help Understanding Licences and Licensing Including Plan Selection, Licence, API
• Skills Transfer to Internal Staff Including Training and Project Management
• Secure Authentication and Authorisation, Microsoft Partner, SC clearance, Microsoft Flow
• Reduce Running and Maintenance Costs, Business Intelligence and Business Insight
• Planning, Setup, Migration, Quality Assurance, Performance Testing, Testing, Cyber Security

£0 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@ceox.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

572641336596620

Contact

Gavin Harte
0333 987 4495
digitalmarketplace@ceox.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Our software is built upon Microsoft Power Platform.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Latest three versions of Mozilla Firefox, Google Chrome and Edge
  • Apple Safari Version 13 and Later
  • Windows 10 or Later
  • MacOS 10.13 or Later
  • IOS 13 or Later
  • Android 10 or Later
  • Further info here - https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/limits-and-config

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Incidents are classified under one of four levels depending on severity: ; Level 1: Critical, ; Level 2: Major, ; Level 3: Significant, ; Level 4: Minor. ; ; The levels have the following response and resolve times: ; Level 1: 1 hour respond, 4 hours resolve; ; Level 2: 4 hours respond, 8 hours resolve; ; Level 3: 1 day respond, 3 days resolve; ; Level 4: 2 days respond, 5 days resolve. ; ; Ceox service desk runs during standard UK office hours 08:30 - 18:00 hrs (Monday to Friday excluding Bank Holidays) with 24x7 available at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Ceox can tailor support levels and costs to an organisation depending on requirements. We assign a named Service Delivery Manager for each customer. By default, incidents are assigned one of four levels depending on severity: Level 1: Critical - The reported problem causes a halt to core business processes and no work-around is available. Level 2: Major - The reported problem causes degradation to core business processes and no reasonable work-around exists Level 3: Significant - The reported problem impacts operational environment but does not affect core business processes. A work-around is available. Level 4: Minor - A non-critical problem is causing some disruption but with little or no impact to our business operations. The levels have the following response and resolve times: Level 1: 1 hour respond, 4 hours resolve; Level 2: 4 hours respond, 8 hours resolve; Level 3: 1 day respond, 3 days resolve; Level 4: 2 days respond, 5 days resolve.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The level of onboarding and offboarding support provided by Ceox depends on the customer's requirements. Ceox can provide full support for organisations who want to rollout the service to their whole organisation. Ceox can also support small pilot trials if desired. At the end of the engagement, Ceox can tailor the level of offboarding support required. Ceox also provides a number of training options including: train the trainer, training for key individuals, classroom training for all users and floor walking support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Microsoft provide online videos and interactive learning portals
• End-of-contract data extraction: Customers can export their data at any time using the standard export services. Ceox can provide complete support in undertaking this process.
• End-of-contract process: The amount of notification required to end the contract depends on the length of contract taken out and will be included in the call-off contract. At the end of the contract process, Ceox will assist the customer in extracting any data or moving to another supplier as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users can access Power Platform from mobile and desktops equally. The service is accessed via a browser and supports most modern mobile and desktop browsers. Business Applications built within Power Platform are also responsive and adapt to the device on which they're accessed. In addition to the browser access, Power BI provides a desktop client for creating reports.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Power Platform can be accessed through a number of interfaces, predominantly a web browser but also through the Web API.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Microsoft have done extensive testing to ensure that Power Platform is accessible, more details and conformance reports can be found here: https://www.microsoft.com/en/trust-center/compliance/accessibility
• API: Yes
• What users can and can't do using the API: The Power Platform Web API allows access to features within Power Platform. The Web API is implemented using RESTful APIs.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes, the Power Platform service is designed to be customised by Citizen Developers. Users can customise all of the platform, building their own Business Applications in Power Apps, Dashboards in Power BI, Workflows in Power Automate and Chatbots in Power Virtual Agents.

Scaling

• Independence of resources: The service operates multiple scale groups in each data centre and automatically provisions new customers into a scale group. The architecture of scale groups is designed to meet the many needs of operating a service at scale, including security, scalability, performance, tenant isolation, serviceability, and monitoring. Each customer has their own individual database, separate from other customers’ databases. Data processing is logically segregated through capabilities specifically developed to help build, manage, and secure multi-tenant environments.

Analytics

• Service usage metrics: Yes
• Metrics types: The Power Platform Admin Center provides complete control over the Power Platform and includes insights into user adoption and analytics which can allow administrators to understand and control usage and adoption.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The data within the Dynamics 365 and Power Platform is encrypted using a PFX or BYOK encryption key. All instances of Dynamics 365 use Microsoft SQL Server Transparent Data Encryption (TDE) to perform real-time encryption of data when written to disk, also known as encryption at rest.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export their data at any time using the standard export services. Ceox can provide complete support in undertaking this process. Data can be exported to Excel or using built-in functionality can be replicated to a separate SQL Azure instance.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Various formats can be exported from Power Platform.
  • Ceox can provide assistance in choosing the most appropriate format
  • Common formats include XML and database backups
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Various formats can be imported into Power Platform.
  • Ceox can provide assistance in choosing the most appropriate format.
  • Common import formats include uploading an on-premise CRM database

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Data in transit is protected between the customer's network and Microsoft. Find more details here: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-overview
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Please see https://docs.microsoft.com/en-us/azure/security/fundamentals/network-overview

Availability and resilience

• Guaranteed availability: The level of availability guaranteed by Microsoft is 99.9% availability (based on 24x7). Microsoft pay service credits if the service does not meet the required up-time for a given month and Ceox will pass all service credit from Microsoft straight to the customer.
• Approach to resilience: Microsoft publish a document covering how the ensure resilience in Office 365 and Dynamics 365 which can be found here: http://aka.ms/Office365DR
• Outage reporting: Outages are reported through the Power Platform Admin Center, users can see the status of the current service health, historic service health and planned maintenance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Power Platform uses Azure Active Directory for authentication. This then enables role based access controls to be put in place across the whole Power Platform. In addition, data can be protected independent of applications so that users cannot use apps to access data they would have previously not had access to.
• Access restrictions in management interfaces and support channels: The service comes with a set of administrator roles that you can assign to users in your organisation. Each admin role maps to common business functions, and gives those people permissions to do specific tasks in the Power Platform Admin Center.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 03/12/2022
• What the ISO/IEC 27001 doesn’t cover: The certification covers the scope of the Microsoft Power Platform cloud service.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: The certification covers the scope of the Microsoft Power Platform cloud service.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc
• PCI DSS accreditation date: 26/03/2019
• What the PCI DSS doesn’t cover: The certification covers the scope of the Microsoft Power Platform cloud service.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Ceox runs a security management system aligned to ISO27001. As part of this, there is a security working group which handles the assessment and control of information security risk.; ; Microsoft also run an information security management process details of which can be found here: https://www.microsoft.com/en-ww/security
• Information security policies and processes: Ceox use ISO27001 aligned policies and procedures to ensure that information security risk is controlled adequately. There is a Security Working Group (SWG) which handles the assement and control of information security risk.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Microsoft has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.; ; Ceox uses configuration and change management procedures produced inline with ISO9001 and ISO27001. These are based on the ITIL framework and make use of DevOps tooling where possible.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: In support of the Information Security Policy, Microsoft runs multiple layers of antivirus software to ensure protection from common malicious software. Servers within the Microsoft environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware. Microsoft has its own Security Response Center (MSRC) that also supplies information to all our customers covering the whole range Microsoft products.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The service employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause. ; ; Proactive monitoring continuously measures the performance of key subsystems of the Power Platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Ceox runs an incident management process based upon ITIL's Service Operation practices. These include detailed processes for handling security incidents.; ; Microsoft has developed robust processes to facilitate a coordinated response to incidents. Details of which can be found here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=55110

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)

Social Value

• Fighting climate change:

  Fighting climate change

  Fighting Climate Change is a key value for Ceox, and a key element of the Social Value themes outlined in PPN 06/20. Our commitment to Fighting Climate Change is demonstrated by our stated objective of maintaining Net Zero. We are committed to maintaining Net Zero emissions and have expanded our measurement to include Scope 1 and 2 and have put in place measuring and offsetting for scope 3 emissions.; At Ceox we monitor and assess our emissions based on historic baselines going back to when we were founded. These provide a record of the greenhouse gases that Ceox produced along with the offsetting we put in place to achieve Net Zero.; For 2022 our aim is to maintain our Scope 1 & 2 emissions at Net Zero whilst continuing to offset all our Scope 3 emissions and put in place better measuring so that more sources such as Homeworking, Employee Commuting, Purchases of equipment are included within our Scope 3 measurements.; With our 2021 total CO2 production at 0.6 tCO2e we have put in place ambitious targets for tree planting initiatives that offsets our carbon production by 4x our measurements and beyond this we will be seeking to switch to true carbon capture technology which permanently removes CO2 from the atmosphere.; Fighting Climate Change and our supporting Carbon Reduction Plan has been completed in accordance with PPN 06/21 and our Senior Management Team are fully committed to raising our teams awareness of this critical issue and embedding processes to Fight Climate Change and reduce emissions with our ways of working.
• Equal opportunity:

  Equal opportunity

  Equal Opportunities for all is a key value for Ceox as well as being a legal requirement and one of the Social Value themes outlined in PPN 06/20. We aim to treat all individuals fairly with regards to recruitment, training, promotion and renumiration amongst others.; As an equal opportunity employer alll aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, colour, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, or any other status protected under law.; The Senior Management Team at Ceox are fully committed to supporting the Social Themes outlined in PPN 06/20 and in particular raising our team’s awareness of Equal Opportunities. Clear procedures are defined and KPI’s monitored monthly to support embedding processes that ensure the Equal Opportunities Policy is upheld.

Pricing

• Price: £0 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Microsoft offer a free trial of Power Platform which can also be used for initial development. Ceox can assist customers who wish to make use of Microsoft's free trial offer. Details of which can be found here: https://docs.microsoft.com/en-us/powerapps/maker/signup-for-powerapps
• Link to free trial: https://docs.microsoft.com/en-us/powerapps/maker/signup-for-powerapps

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@ceox.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.