OKTik Technology Limited

Digital Workplace Migration

OKTiK’s Digital Workplace migration solution is a user-centric, fully automated process that delivers modern workplace technologies with minimum user impact, zero data loss and real time reporting dashboards to track the project.

Features

• Migrating on-prem user workloads to Microsoft 365
• Tenant-to-Tenant migrations between Microsoft 365 tenants
• Client OS upgrade to Windows 10 or Windows 11
• Migrating a Mobile Device Management solution to Microsoft Intune
• Reducing bandwidth consumption of SCCM software deployments

Benefits

• Best, least disruptive and intuitive migration experience for users
• Fixed plan and costs to deliver
• Customise and build new systems and tools that meet requirements
• Migration of all existing workplace content to the new platforms
• Automation of all migration and technical tasks
• Provide detailed assessment data on end-client user services
• Ability to automate legacy on-premise to cloud, and existing tenant-to-tenant
• Rich and detailed reporting of the ongoing progress
• Verbose logging, support tools and audit history of actions
• Deep understanding of your existing business and systems requirements

£99 to £300 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham.brant@oktik.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

659895891517221

Contact

Graham Brant
07576921445
graham.brant@oktik.net

Service scope

• Service constraints: As the service is hosted within Azure, any service constraints are subject to the services and availability on this platform.; OKTiK customises the solution to meet the customer and project requirements. This includes customisation of tools and any other underlining service provide by OKTiK to facilitate workplace migrations.
• System requirements:
  • Windows 7,8,10/11
  • InTune supported mobile operating systems
  • Active Directory for on-prem to cloud migrations
  • Azure Tenants for cloud to cloud migrations
  • Power BI for real-time dashboard updates and reporting

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is normally provided is with-in EU office hours by default., however alternative/additional support options are available through agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is normally provided is with-in EU office hours by default, however alternative/additional support options are available through agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Installing and deploying infrastructure, tools and another preparatory task required to enable workplace migrations.; ; Pilot runs are conducted to ensure that automated migrations run smoothly, with no disruption to end users.; ; During velocity migrations issues are quickly troubleshoot and resolve issues that may occur when automated migrations are in-flight.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: DOCX
• End-of-contract data extraction: All databases are handed over to the client as part of the offboarding process. The client can access any data collect during the project.; ; All user data is copied to the migrated device as part of the migration process and is accessed using normal methods available prior to migration.
• End-of-contract process: When migrations are complete, a period of hypercare is delivered for 30 days during which the database is handed over to the customer topreserve all data from the project.

Using the service

• Web browser interface: Yes
• Using the web interface: Power BI is used for real-time dashboard updates and reporting and this can be accessed via the PowerBI application or a web browser.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Description needed
• Web interface accessibility testing: Description needed
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Horizontal scaling is used as part of OKtiK's solution. Azure horizontal scaling provides significant advantages:; True cloud scale: Applications are designed to run on hundreds or thousands of nodes, reaching scales that aren't possible on a single node.; Horizontal scale is elastic: You can add more instances if load increases, or remove instances during quieter periods.; Scaling out can be triggered automatically.; Scaling out may be cheaper than scaling up. Running several small VMs can cost less than a single large VM.; Horizontal scaling can also improve resiliency, by adding redundancy. If an instance goes down, the application keeps running.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Workstation migrations
  • Mobile device migrations
  • User migrations
  • User and devices ready to migrate
  • Migrations by country, region and/or department
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • User data and files are backed up prior to migration
  • Migration dashboard and report data
• Backup controls: Migration of all existing workplace content is discussed as part of the requirements gathering process. OKTiK through previous migrations can provide guidance on user content that needs to be backed up and this under reviewed as the project progresses.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: https://azure.microsoft.com/en-gb/support/legal/sla/
• Approach to resilience: The Microsoft Cloud Infrastructure and Operations team designs, builds, operates, and improves the security of the cloud infrastructure. This team ensures that the Azure infrastructure is delivering high availability and reliability, high efficiency, and smart scalability. The team provides a more secure, private, and trusted cloud.; ; Uninterruptible power supplies and vast banks of batteries ensure that electricity remains continuous if a short-term power disruption occurs. Emergency generators provide backup power for extended outages and planned maintenance. If a natural disaster occurs, the datacentre can use onsite fuel reserves.; ; High-speed and robust fibre optic networks connect datacentres with other major hubs and internet users. Compute nodes host workloads closer to users to reduce latency, provide geo-redundancy, and increase overall service resiliency. A team of engineers works around the clock to ensure services are persistently available.; ; Microsoft ensures high availability through advanced monitoring and incident response, service support, and backup failover capability. Geographically distributed Microsoft operations centres operate 24/7/365. The Azure network is one of the largest in the world. The fibre optic and content distribution network connects datacentres and edge nodes to ensure high performance and reliability.
• Outage reporting: The Azure status dashboard; ; https://status.azure.com/en-gb/status

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All access is defined by the microsoft access role assigned to the user. these are clearly defined by role. manager, user, developer etc.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 03/01/2022
• What the ISO/IEC 27001 doesn’t cover: Please see: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=7dde87f6-2648-4eff-8136-4cbabcbddefd&tab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb&docTab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb_ISO_Reports
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 04/06/2016
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Please see:; ; https://cloudsecurityalliance.org/star/registry/microsoft/
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems, Inc.
• PCI DSS accreditation date: 01/06/2018
• What the PCI DSS doesn’t cover: Please see:; ; https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-pci-dss#audit-reports
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: https://docs.microsoft.com/en-gb/azure/compliance/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All development engineers report on security to the principal engineering architect for approval on any change that could impact security. Security is reviewed weekly and on major change events by managing director. Policies are aligned with microsoft azure best practice.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are tracked in the central system databse with audit trails, Security imoact assess via Azure based systems tools and the microsoft check
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As we are delivering within Azure, we work closely with the Microsoft service to be aware of all notified threats and patches are automatically deployed by the cloud vendor
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft framework delivers this. on top of this our application level database will track and audit all activity in the system which is reviewed daily
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are reported through the system embedded ticketing system. incident reports can be provided regularly or via a report initiated from the system dashboard

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft Azure
• How shared infrastructure is kept separate: Access to every resource type in Azure is controlled by an identity stored in a directory service. The directory service stores not only the list of users, but also the access rights to resources in a specific Azure subscription.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: These are microsoft data centres, we do not use our own.

Social Value

• Fighting climate change:

  Fighting climate change

  we fully support microsoft initiatives for this
• Covid-19 recovery:

  Covid-19 recovery

  nothing to note
• Tackling economic inequality:

  Tackling economic inequality

  we employ people across a diverse set of backgrounds but all are paid the standard uk rates for their services regardless of background/location
• Equal opportunity:

  Equal opportunity

  we are an equal opportunity supplier
• Wellbeing:

  Wellbeing

  regular chackes on working hours and well being undertaken weekly for all staff

Pricing

• Price: £99 to £300 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham.brant@oktik.net. Tell them what format you need. It will help if you say what assistive technology you use.