ADVANIA UK LIMITED

Advania Private Chat GPT solution

Advania's 'Private ChatGPT' solution, entirely hosted in your Azure environment, ensures data privacy and security. No data is shared with the internet or Microsoft/OpenAI, nor used for external model training. Our solution upholds 'trusted Azure' benefits like compliance and data sovereignty. Users interact via a web application featuring your branding.

Features

• Exclusively hosted in your Azure environment.
• Interaction via an easy web application.
• Your choice of LLM model (GPT-3.5, GPT-4 etc.)
• Complete custom branding to match your organisation.
• Integration with company data for AI learning.
• Capability to upload documents.
• Usage analytics via Power BI dashboard.
• Constant security, including single sign-on with Entra ID.
• Chat history and chat naming features.
• Solution based on Azure OpenAl, CosmosDB, and Azure App Service.

Benefits

• Ensure high-level data security within your environment.
• Guarantee data privacy and sovereignty using 'trusted Azure'.
• Avoid risks of organisational-level data leakage in public AI services.
• Secure ChatGPT access without separate login details.
• Utilize powerful, accurate models (GPT-3.5 & GPT-4).
• Regular brand updates for an integrated look.
• Easy retrieval of previous chats via history tracking.
• Single sign-on feature enhances operational efficiency.
• Safeguards sensitive data from third-party access.
• Technical support with Microsoft technologies like Azure OpenAI, Cosmos DB.

£1.51 to £40.08 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@advania.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

643197993412193

Contact

Will Tuson
+44 203 835 7332
bids@advania.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Detailed service definitions are available here: https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-service-descriptions-technet-library
• System requirements: Please see https://www.microsoft.com/en-GB/microsoft-365/microsoft-365-and-office-resources

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on the priority of the ticket. Initial responses are tied into our response SLAs, however response times for general questions are not targeted. Response times at weekends will depend on whether weekend support is taken up.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Depends on the priority of the ticket. Initial responses are tied into our response SLAs, however response times for general questions are not targeted. Response times at weekends will depend on whether weekend support is taken up.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide numerous project services to support organisations and users getting started with M365 and O365. We can provide:; - Technical, security and governance design workshops; - User training, adoption and change management; - User documentation; - Technical implementation services
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted using a number of 3rd party tools. We are able to support the extraction of data subject to an agreed project engagement.
• End-of-contract process: When the tenant subscription ends, the data is subject to Passive Deletion https://docs.microsoft.com/en-us/office365/enterprise/office-365-data-retention-deletion-and-destruction-overview

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The features available on a mobile device are, where possible, similar to those provided through a Desktop experience.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: No

Scaling

• Independence of resources: https://docs.microsoft.com/en-us/office365/enterprise/office-365-tenant-isolation-overview

Analytics

• Service usage metrics: Yes
• Metrics types: https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported using a number of 3rd party tools. We can support this extraction of data subject to a specific project engagement.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-for-data-in-transit?view=o365-worldwide
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: https://docs.microsoft.com/en-us/microsoft-365/compliance/service-assurance?view=o365-worldwide; ; https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-information?view=o365-worldwide

Availability and resilience

• Guaranteed availability: https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement
• Approach to resilience: https://docs.microsoft.com/en-us/microsoft-365/enterprise/ebcm-m365-service-resiliency?view=o365-worldwide
• Outage reporting: https://docs.microsoft.com/en-us/office365/enterprise/view-service-health

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interface access is secured by a minimum of two factor authentication but can also be configured with a number of restrictions under Conditional Access policies.; ; https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-policies-configurations?view=o365-worldwide
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 13/01/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-home?view=o365-worldwide

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: https://servicetrust.microsoft.com/
• Information security policies and processes: https://servicetrust.microsoft.com/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: https://servicetrust.microsoft.com/; ; https://docs.microsoft.com/en-us/deployoffice/change-management-for-office-365-clients
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: http://download.microsoft.com/download/6/6/2/662F89E4-9340-4DDE-B28E-D1643681ADEB/Security%20in%20Office%20365%20Whitepaper.docx
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: http://download.microsoft.com/download/6/6/2/662F89E4-9340-4DDE-B28E-D1643681ADEB/Security%20in%20Office%20365%20Whitepaper.docx
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: http://download.microsoft.com/download/6/6/2/662F89E4-9340-4DDE-B28E-D1643681ADEB/Security%20in%20Office%20365%20Whitepaper.docx

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Fighting climate change; We recognise that digitalisation has an important role to play in the transition to a climate-smart society, while IT companies such as Advania have a responsibility to help minimise the negative climate impact that the use of IT entails.; ; We focus on taking responsibility for our own operations as well as influencing Buyers on all call-off contracts under the framework to make more sustainable choices, for example moving away from the linear IT Hardware model of produce, use and dispose to a more circular approach including responsible reuse-and-recycle procedures at the end of the hardware lifecycle.; ; Carbon Emissions: We are committed to continuous reduction of our carbon footprint. Our Environmental Policy includes provisions around minimising our emissions by a smart approach to travel and printing, lowering the use of electricity, water, heating, and promoting climate change and sustainability charity/community work. We are aiming to reduce this by 5% over the next year and are committed to achieving Net Zero emissions by 2050.; ; Hybrid Working: We have implemented 80% working from home policy for all employees. Where needed/agreed with the Buyers, Advania resources will be working onsite.; ; Travel: We encourage staff to use technology wherever possible. Where travel to the client site is required, we will require all staff to consider alternative transport options and optimise car sharing.; ; Reducing IT waste: Our Equipment Recycling Policy ensures hardware devices like laptops and desktops are managed throughout their lifecycle. When devices are replaced, they are either transferred to our recycling centre or donated to local charities post data sanitisation.; ; Sustainability Training: Our proactive approach towards environmental stewardship incorporates training on sustainable practices at all operational levels. We actively raise staff awareness through online training on environmental impacts and sustainability benefits.

Pricing

• Price: £1.51 to £40.08 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The following trials are available:; Enterprise Mobility + Security E5; Microsoft 365 Business Premium; Microsoft 365 Business Standard; Microsoft 365 F1 ; Microsoft Teams Commercial Cloud ; Office 365 E3; Office 365 E5; Office 365 E5 without Audio Conferencing; Project Plan 1; Windows 10 Enterprise E3

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@advania.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.