Cisilion Limited

Microsoft 365 Cloud Support Services

Cisilion's Microsoft 365 24x7 Support Service provides access to our Microsoft Certified Professionals that help you to troubleshoot, run and operate your Microsoft Office 365, EM+S and Windows 10 & 11 deployments as well as providing expert advice and recommendations on how get the best from your Microsoft Cloud investment.

Features

• UK based 24/7/365 support availability
• Secure and customised portal to log, view and track incidents
• Access to Cisilion's Microsoft Certified Engineers
• Access to Microsoft Support via our escalation process
• Response Based SLA with P1 Response within 15 minutes
• Regular Service reports and service review meetings
• Monthly service updates to analyse call numbers and common issues
• Monitoring of your Microsoft tenant and associated services
• Support Contract option across your Microsoft EcoSystem Vendors
• Full Lifecycle management capability option

Benefits

• Pre-Defined and customisable SLAs to meet your business needs
• Secure online support portal to log, view and track tickets
• Compliments, extends or replaces your internal support team
• P1 call response within 15 minutes
• Access to Microsoft Certified Professionals
• Access to Microsoft Eco-System Experts
• Single Point of Ownership with Eco-System Vendor Escalation
• Cloud Adoption Analysis and Reporting

£0.01 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

589005721671483

Contact

Debbie Richardson
01372 201145
drichardson@cisilion.com

Service scope

• Service constraints: Microsoft is constantly developing and adding new services and features to their Cloud Services. Certain services may form part of the development roadmap and only be available in Customer Preview before the General Availability release date or only available in certain regions.
• System requirements:
  • Microsoft Cloud Services will be provided via CSP
  • Internet Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 logged by Telephone responded to immediately
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support can be tailored to specific customer needs. Basic levels include business hours 9-5, 8-6 or 24/7. Dedicated Service Managers will provide specific support to the selected services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite envisaging, planning and technical design workshops will be run to ensure the right set of services and licenses required to support your journey to Office 365. We also provide access to user adoption guides and videos for customers.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Microsoft Cloud services are provided on a subscription basis and follow the standard Microsoft Cloud subscription terms. Data can be extracted at any point while resources are provisioned through a valid subscription using the various tools provided by Microsoft. Neither Microsoft nor Cisilion own your data.
• End-of-contract process: Microsoft Cloud services and hardware support will be ended once the contract term has been fulfilled and subscriptions deleted. Customers are able to transfer management and licenses to other providers as required.

Using the service

• Web browser interface: Yes
• Using the web interface: Azure provides its own administrator portal
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: Microsoft regularly test its interfaces for assistive technology users and aim to provide maximum compatibility where possible.; ; More information is available at microsoft.com
• API: Yes
• What users can and can't do using the API: Azure APIs are available for automation and monitoring activities
• API automation tools:
  • Chef
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: All Azure services can be provisioned and managed via Powershell or the Azure CLI

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Microsoft 365 Services are provided as a shared service model which automatically scales on global service demand. Microsoft provide a number of SLAs as well as local and regional resiliency, load-balancing and geo availability services. ; ; Cisilion can also configure 3rd party services to provide additional resilience or failover services as and if required.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Office 365 Service Availability
  • Office 365 Service Status
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Cloud based mailboxes, OneDrive and Sharepoint sites
  • User Accounts and other data as stored in Office 365
• Backup controls: Microsoft provides synchronised copies of all data contained within the Microsoft Cloud. Cisilion can provide additional on-premise or cloud based back-up services as required or can interface into existing backup services as required.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Microsoft provide a secure backbone for their Cloud Services. External connectivity can be secured through Microsoft ExpressRoute or Site-to-Site VPN connections. Consumer access to Microsoft Cloud services can be secured through RMS encryption, risk based conditional access and Multi-Factor Authentication services.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs for Microsoft Cloud Services are available from Microsoft depending on the cloud service selected and the level of availability chosen during configuration. Some variations exist across different regions.
• Approach to resilience: Microsoft Cloud Services can be configured across different regions (geo load-balancing) and can be established in defined primary locations. Microsoft have multiple Data Centres across each region for resilience.
• Outage reporting: Alerts are provided through the Office 365 and/or Azure Portal or via Microsoft Operations Management Suite

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is managed through RBAC controls, Multi Factor Authentication and Privileged Identity Management Services which are configurable by the customer.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 19/08/2016
• What the ISO/IEC 27001 doesn’t cover: Cisilion is covered under the IT Certification of ISO27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cisilion internal policies are in place and available on request.; ; Customer security policies should be applied when configuring Microsoft Cloud services

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Customer defined
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft provide full testing and security audits. Please see the Microsoft Trust Centre for more information
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Available on request
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Details of our ITIL based service desk processes are available on request depending on the level of support selected

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Yes as per vendor

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We continually strive to reduce our carbon impact year on year, initiating additional projects and activities that will further reduce our impact locally and globally, and contribute towards global UN carbon offsetting initiatives. Our commitment to the environment extends to our customers, our communities, our employees, our suppliers and other countries in which we operate. Our Carbon Reduction Plan is based upon the following principles: 1. Comply with, and exceed where practicable, all applicable legislation, regulations and codes of practice; 2. Integrate environmental and sustainability considerations into all our business decisions; 3. Endeavor to reduce our environmental impact year on year; 4. Ensure that all employees are fully aware of our Environmental and Sustainability Policy; 5. Ensure all employees are committed to implementing and improving our policy; 6. Ensure clients and suppliers are aware of our Environmental and Sustainability Policy, and encourage them to adopt sound sustainable management practices; 7. To review, annually report, and to continually strive to improve our environmental and sustainability performance. 2. Commitment • Cisilion are committed to reducing our impact on the environment and to achieving our goal of becoming net zero by 2050. • We will partner with Ecologi, a Carbon Avoidance organization. • We will plant 7,500 trees throughout Financial Year 2024 (“FY24”).

  Covid-19 recovery

  Cisilion External Statement Cisilion are closely monitoring the developments both at home, and around the globe with respect to the COVID-19 outbreak. In addition to our commitments to supporting our customers, Cisilion views as one of its highest priorities the health and wellbeing of its employees. Because of this, we have a clear business continuity plan and sickness procedure which the Company will continue to adopt in the pandemic situation, following the World Health Organisation (WHO) pandemic level definitions for triggering our response. In accordance with government guidelines issued on the 23 of March, and previously as the situation developed, we have initiated a program where our employees are able to continue to work from home in isolation. The measures that we have taken are designed to ensure that there is the minimum of disruption to services to our customers as well as minimising the risk to our staff at this difficult time. We ask our customers to understand that despite this, there is an increase in demand on parts of our services. We are prioritising the support of our customers with services which are vital to the efforts to contain the pandemic. This may mean that there could be some minor delays in responding to issues and project work, although we are working to keep this to a minimum. Due to the current situation with enforced social distancing, project and engineering work requiring site visits, is having to be risk assessed on a case by case basis. Our own infrastructure which is used to support our clients continues to operate as normal. As a flexible organisation, all internal systems are accessible to our employees from remote locations. We have facilities in place already to ensure all employees have the equipment needed, to work from alternative locations seamlessly.

  Tackling economic inequality

  Learning and development plays a huge part in Cisilion’s culture. This includes our induction and awareness training, as well as creating platforms for unlearning and unconscious bias. Cisilion conduct all learning and development via LearnAmp, our online Learning Management System. As part of our induction process, we include Diversity and Inclusion Training, along with enhanced Grievance procedure outlines and Anti-Harassment training. Employees are then required to complete refresher training every 6 months. Diversity and inclusion play a key role in Cisilion’s core business objectives and values. Cisilion recognise that as a Company, more can be done to improve our diversity and inclusion practices and this will continue to be a working directive through the organisation, to support underrepresented groups. The recruitment teamwork within our People function at Cisilion and therefore liaise continuously to ensure proactive recruitment identifies a diverse set of candidates and supports those throughout the interview processes. While we understand that not all individuals feel comfortable in disclosing their identity, we continue to monitor and track our performance against self-created targets for LGBTQIA+, gender and ethnicity within the recruitment processes and within our workforce, where at all possible. Cisilion engage with current employees from underrepresented groups, who feel comfortable in doing so, to address any other areas of suggested improvement, and to include their voice in future initiatives

  Equal opportunity

  Invest in our economy to provide equal opportunities for employment, innovation and growth. Each month, a mixture of the HR, People and Recruitment team members alongside the Cisilion management team, will provide a mixture of 2 hour workshops and 1 hour long one to one sessions. The workshops will be run by our Recruitment team, covering topics such as interview best practice, CV formatting and job hunting tools available. Individuals will also be able to register for one to one advice with a member of our management team as a coaching session and more personal advice related to the unemployed persons experience so far. Cisilion have been running apprenticeship and graduate schemes for the past 5 years and partner with 3 specialist recruitment and training providers who are experts in finding work for and training unemployed young people. Cisilion are a Microsoft and Cisco gold partner, who are keen supporters of assisting young people into work. Cisilion often engage with Cisco and Microsoft for support with apprenticeship programmes and are familiar with other employment initiatives that we will be able to share with the unemployed people during the workshop sessions. Cisilion are also aware of and understand the current Quick Start government scheme of which we will be able to provide details and guidance to unemployed individuals

  Wellbeing

  Cisilion operate a robust health and wellbeing programme, partnering with Vitality Health and Medicash. On an annual basis, all 160 employees on our scheme conduct an Online Health Review, giving employees an understanding of specific areas of health that they need to improve upon, i.e. cholesterol, blood pressure, alcohol intake, physical activity levels and blood glucose level. If employees do not know the figures for these key areas, they can take a free health assessment to provide them with this data. Vitality Health offer their Member Zone to all members, giving access to videos, tips and our monthly Vitality calendar covering a range of topics from women’s health to mental health and nutrition

Pricing

• Price: £0.01 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trial subscriptions are available from Microsoft
• Link to free trial: https://products.office.com/en-gb/try

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.