IMPERF CONSULTING LIMITED

Microsoft Dynamics 365 Business Central Services

Dynamics 365 Business Central is Microsoft’s all in one business application. Dynamics 365 Business Central unifies ERP and CRM capabilities allowing you to run your entire business with intelligent applications that work seamlessly together in the cloud. Dynamics 365 Business Central also integrates with Windows, Office 365, PowerBI and PowerApps.

Features

• Strong finance and Operations functionality in Dynamics 365 Business Central
• Dynamics 365 is an all in one business system
• Optimise your operations and supply chain with Dynamics 365
• Requirements analysis, business case creation and Proof of Concept
• Migration to Dynamics Business Central from On-Premises or other systems
• High-quality wideband audio and high-definition video conferencing
• Business Central discovery/health check; remediation and data migration action plan
• Dynamics 365 Business Central is accessible anywhere on any device
• SBuilt in Intelligence dashboards, recommendations and reports

Benefits

• Full flexibility, add users and capability as you need
• Great visual interface and user experience
• All costs are covered in the subscription including hosting
• Full integration with Microsoft solutions including Office 365
• Dynamics 365 Business Central never goes out of date
• Get greater insights into your organisation with built-in Intelligence

£0.03 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sola.famoriyo@imperfconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

657468767448436

Contact

Sola Famoriyo
01634 477555
sola.famoriyo@imperfconsulting.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Dynamics 365 and Custom Application Development to extend functionality to meet you requirements
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • Dependent on that appropriate licensing procured.
  • System requirements are dependent on each project

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support response time depends on severity. The support response times for Developer, Business and Enterprise Support tiers are listed below:; ; Developer:; General guidance cases < 24 business hours; system impaired cases < 12 business hours.; ; Business:; General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases; < 1 hour.; ; Enterprise:; General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour; business-critical system down cases < 15 minutes
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: You can sign in to the Support Centre at https://imperfconsulting.com/support by using the email address and password associated with your partner ID account.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Basic; 24/7 customer service, support forums, 4 Core “Trusted Adviser” checks, personal health dashboard. No TAM. Free; ; Developer:; As above + business hours access to technical/architural Cloud Support Associates via email (one primary contact). ; ; Business:; As above + 24/7 access to Cloud Support Engineers via email, chat and phone for unlimited contacts; architecture, 3rd party software and programmatic case management support. TAM. Greater of £100 or spend-dependent percentage (pm).; ; Enterprise; As above, plus architectural review, operations support, training, assigned concierge, proactive guidance, TAM. Greater of £15,000 or spend-dependent percentage (pm).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Microsoft provides a range of resources to help customers get started on their services. These include: comprehensive documentation (in multiple formats), introductory videos, hands-on labs, online and in-person training, access to a large ecosystem of partners and support from the public sector account team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Kindle
• End-of-contract data extraction: Data may be copied out using API tools to download data.
• End-of-contract process: Buyer may terminate the relationship with Supplier for any reason by (i) providing Supplier with notice and (ii) closing Buyers account for all services for which Supplier provide an account closing mechanism.; ; Buyers pay for the services they use to the point of account termination. Please see the G-Cloud 14 Pricing Document affiliated with this Service in the Digital Marketplace.; ; Supplier customers retain control and ownership of their data. Supplier will not erase customer data for 30 days following an account termination. This allows customers to retrieve content from Supplier services so long as the customer has paid any charges for any post-termination use of the service offerings and all other amounts due.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can interface with this service through the office.com portal or via a dedicated GUI
• Accessibility standards: None or don’t know
• Description of accessibility: Documentation supporting this service is compliant to WCAG 2.0 level A and AA requirements. Certifications for accessibility, security, and other standards are accessed through the customer portal
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: All functionality is exposed via an API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users have full access and can customise most sections of the application.

Scaling

• Independence of resources: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.; ; Microsoft Dynamics cloud solution maintain a capacity planning model to assess operational usage and demands at regular intervals. This capacity planning model supports the advance planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics such as the number of calls taken per month, average time on hold, the number of calls in the queue at one time, and more.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using the Customer Console , API or CLI
• Data export formats: Other
• Other data export formats: Binary Files
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. By giving end users direct control over their content by design through simple powerful tools that allow customers to determine how their content will be secured in transit.; Microsoft enables customers to open a secure, encrypted channel using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wishes to use.; API calls can be encrypted with TLS/SSL to maintain confidentiality

Availability and resilience

• Guaranteed availability: Microsoft currently provides Service level Agreements for several of it's service offering. ; Industry standard implementation strategy on solutions that leverage Microsoft cloud services SLAs
• Approach to resilience: Global Network Infrastructure:; Microsoft's D365 service is designed to be resilient through its global network infrastructure, includes data centers strategically located around the European region, ensuring redundancy and failover capabilities.; High Availability Architecture:; The architecture of D365 is built for high availability, auto-scaling, and fault-tolerant mechanisms in place. This ensures that the service remains accessible even during unexpected spikes in traffic or hardware failures.; Data Replication and Disaster Recovery:; Microsoft employs data replication and disaster recovery strategies to safeguard against data loss and ensure business continuity. ; Continuous Monitoring and Automated Remediation:; D365 implements continuous monitoring of its infrastructure and services to detect issues proactively. Automated remediation processes are in place to address potential problems swiftly, minimizing downtime and service disruptions.; By leveraging geographically distributed data-centers, D365 enhances its resilience to localized disruptions such as natural disasters or network outages. ; Compliance and Security Measures:; Microsoft prioritizes compliance and security measures in the design of D365. By adhering to industry standards and regulations, the service ensures data protection, privacy, and integrity, further contributing to its resilience.; Regular Updates and Service Improvements by Microsoft improves the D365 service to address vulnerabilities, enhance performance, and strengthen resilience.
• Outage reporting: Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging), Alerts and Notification events

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Identity and Access Management (IAM) system allows you to control access to Microsoft services/resources. No actions are permissible without authentication.; Encouraging Single Sign-on(SSO) with Azure Active Directory(AAD) IAM facilitates the issuance of access permissions per user/group. MFA is available at no extra cost.; ; We also support other Authentication and Authorisation models, (OAuth and OpenID Connect) . Enforcing password policies and security using Microsoft graph or APT/JWT tokens.
• Access restrictions in management interfaces and support channels: IAM provides user access control to Microsoft D365 portals, APIs and specific resources. Other controls include just-in-time, originating IP address, SSL use, and whether users authenticated via MFA devices and are accessing from a known location.; ; API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’; ; API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 22/03/2022
• What the ISO/IEC 27001 doesn’t cover: Excludes Wisdom, VoiceID and High-Volume Outbound Communications
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 22/03/2022
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Excludes Wisdom, VoiceID and High-Volume Outbound Communications
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc.
• PCI DSS accreditation date: 14/12/2021
• What the PCI DSS doesn’t cover: Excludes Wisdom, VoiceID and High-Volume Outbound Communications
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27017
  • ISO27018
  • SOC1/2/3

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27017, ISO27018, SOC1/2/3
• Information security policies and processes: Microsoft implements strong data encryption mechanisms, both at rest and in transit, to protect sensitive information from unauthorized access.; D635 cloud services enforce robust identity and access management policies, including multi-factor-authentication, role-based-access-control, and privileged identity management.; Microsoft Cloud adheres to various industry standards and regulatory requirements, such as ISO 27001, SOC 1 and SOC 2, HIPAA, GDPR, and others. ; Threat Detection and Response:; Through the use of advanced security tools and technologies, Microsoft continuously monitors for potential threats, conducts threat intelligence analysis, and employs rapid incident response measures to mitigate security risks.; Data Residency and Compliance Controls:; Microsoft offers customers the ability to control the geographical location where their data is stored, helping them comply with data residency requirements, the platform provides features such as data loss prevention and information protection to assist in compliance efforts.; Microsoft applies a rigorous security development lifecycle (SDL) to its cloud services, ensuring that security considerations are integrated into the entire software development process. ; Transparency and Customer Control:; Microsoft provides transparency regarding its security and compliance practices through regular reporting, audit trails, and customer-controlled encryption keys. ; Microsoft cloud services maintains continuous improvement and adaptation to address emerging security threats, vulnerabilities, and best practices.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.; Configuration Item Identification; Configuration Baseline Establishment; Change Control and Approval; Configuration Item Status Accounting; Configuration Verification and Audit; Version Control and; Change Request Submission; Impact Assessment and Analysis; Risk Assessment; Change Approval and Authorisation; Change Implementation and Testing; Back-out Planning and Post-implementation Review
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability Identification and Assessment:; Microsoft utilises a combination of internal security-research, external bug bounty programs, and collaboration with security-researchers and partners to identify vulnerabilities in its products and services, by conducting thorough assessments to understand the nature and potential impact of each vulnerability.; Microsoft applies a risk-based approach to prioritise vulnerabilities based on severity, potential impact, and the likelihood of exploitation. ; Microsoft develops and releases security updates, patches, and fixes to address the identified security flaws deployed via regular security-patches and updates for users devices.; Microsoft leverages threat intelligence and continuous monitoring in the security response and communication
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Continuous Real-Time monitoring; Alerting and Notification:; Comprehensive incident response plans are developed to outline the steps and procedures to follow in the event of a security breach or incident.; In the event of a security incident, forensic analysis is conducted to gather evidence, determine the scope of the incident, and identify the root cause.; The monitoring processes incorporate threat intelligence feeds and information from external sources ; User behaviour analytics ; SIEM solutions are deployed to aggregate, correlate, and analyse security event data from various sources by providing visibility into security events, enable proactive threat-detection, and support compliance requirements.; Regular Security Audits:
• Incident management type: Supplier-defined controls
• Incident management approach: 1. Activation and Notification Phase; 2. Recovery Phase; 3. Reconstitution Phase; ; To ensure the effectiveness of the Incident Management plan, Imperf conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.; ; The Incident Response Test Plan is executed bi-annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting detection avenues.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Social Cohesion by reducing economic inequality, we promote a sense of shared identity and mutual support among diverse social groups. This cohesion fosters trust, cooperation, and stability . Ensuring equality of Opportunity to ensures that every individual has a fair chance to succeed regardless of their background through Addressing economic inequality to help open up avenues for equal access to education, healthcare, employment, and resources, allowing everyone to pursue their goals and aspirations on an even playing field. Empowerment of individuals and promoting quality of life by narrowing the economic gap, we enhance the overall quality of life for all members of society. Improved access to resources, better healthcare, education, and living conditions contribute to the well-being of individuals and communities.

  Equal opportunity

  We encourage social value in areas of equal opportunity by; Promoting Fairness and Justice Encouraging Diversity and Inclusion Boosting Economic Growth Encouraging Social Cohesion and Harmony. Empowering Marginalized Groups. Promoting Innovation and Creativity. Long-Term Social Development to ensure sustainable social development, by investing in education, training, and support systems that promote equal access, societies can create a foundation for long-term growth and prosperity for all individuals.

Pricing

• Price: £0.03 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: https://dynamics.microsoft.com/en-gb/business-central/pricing/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sola.famoriyo@imperfconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.