Ceox

Managed Microsoft Azure

Ceox helps Central Government, Arm's Length Bodies and Housing Sector organisations with full-spectrum Cloud Support Services for Microsoft Azure stack. Our MS Azure Cloud Support provides assessment, design, implementation, configuration and managed services for Azure hosting infrastructure (IaaS), platforms (PaaS) and solutions. Ceox integrates Azure into an organisation’s IT environment.

Features

• Deliver websites, portals, mobile and web apps on Microsoft Azure
• Perform integration with your existing on-premise infrastructure, enable home working
• Use a fully managed service or supplement your existing team
• Develop services using Microsoft .NET, Java, PHP, Ruby, Python, DevOps
• Make use of: Compute, Virtual Machine (VM), Windows, Linux, Networking,
• Active Directory (AD) B2C, Storage, Backup, VPN, DNS, Search, Containers,
• Databases, Analytics, Artificial Intelligence (AI), Machine Learning, Bot service, Integration,
• Cognitive services, Internet of Things (IoT) Hub and Edge, SQL
• Service Bus, Multi-Factor Authentication, Load Balancing, Content Delivery Network, LogicApps
• ExpressRoute, MySQL, PostgreSQL, Data Lake and connection to Azure Stack

Benefits

• ITIL based service management providing support via a service desk
• Full support for user research, design, develop, delivery, build, live
• Experts in supporting Local, Central Government departments and other agencies
• Build using agile, iterative, open standards and user-centred methods
• Help understanding licences and licensing including plan selection
• Skills transfer to internal staff including training and project management
• Run finance, Dynamics 365, Office 365, CRM, CMS, Power Platform
• Ensure your infrastructure and information security with SC cleared resources
• Empower your customer resolution team, contact centre, complaints team
• Planning, Setup, Migration, Quality Assurance, Performance Testing, Testing, Cyber Security

£1.00 a unit an hour

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@ceox.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

672910138120437

Contact

Gavin Harte
0333 987 4495
digitalmarketplace@ceox.co.uk

Service scope

• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Incidents are classified under one of four levels depending on severity: Level 1: Critical, Level 2: Major, Level 3: Significant, Level 4: Minor. The levels have the following response and resolve times: Level 1: 1 hour respond, 4 hours resolve; Level 2: 4 hours respond, 8 hours resolve; Level 3: 1 day respond, 3 days resolve; Level 4: 2 days respond, 5 days resolve. Ceox service desk runs during standard UK office hours 08:30 - 18:00 hrs (Monday to Friday excluding Bank Holidays) with 24x7 available at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Ceox can tailor support levels and costs to an organisation depending on requirements. We assign a named Service Delivery Manager for each customer. By default, incidents are assigned one of four levels depending on severity: Level 1: Critical - The reported problem causes a halt to core business processes and no work-around is available. Level 2: Major - The reported problem causes degradation to core business processes and no reasonable work-around exists Level 3: Significant - The reported problem impacts operational environment but does not affect core business processes. A work-around is available. Level 4: Minor - A non-critical problem is causing some disruption but with little or no impact to our business operations. The levels have the following response and resolve times: Level 1: 1 hour respond, 4 hours resolve; Level 2: 4 hours respond, 8 hours resolve; Level 3: 1 day respond, 3 days resolve; Level 4: 2 days respond, 5 days resolve.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The level of onboarding and offboarding support provided by Ceox depends on the customer's requirements. Azure provides a comprehensive dashboard which allows full self-service for customers experienced with Azure. For customers who want more support, Ceox provide a fully managed service which completes all configuration and setup of the cloud service. Likewise, at the end of the engagement, Ceox can provide the level of offboarding support required. Ceox also provides a number of training options including: train the trainer, training for key individuals, classroom training for all users and floor walking support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Microsoft provide online videos and interactive learning portals
• End-of-contract data extraction: Customers can export their data from Azure at any time using the standard export services. Ceox can provide complete support in undertaking this process.
• End-of-contract process: The amount of notification required to end the contract depends on the length of contract taken out and will be included in the call-off contract. At the end of the contract process, Ceox will assist the customer in extracting any data or moving to another supplier as required.

Using the service

• Web browser interface: Yes
• Using the web interface: Using the web interface, customers can have full control to manage and deploy services including increasing and reducing the specification of cloud services. Ceox can assist alongside in-house teams or undertake this on behalf of the customer.; ; More details on what is available in the Azure portal can be found here: https://azure.microsoft.com/en-gb
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: See https://www.microsoft.com/en-us/accessibility
• API: Yes
• What users can and can't do using the API: Users are able to access the Azure Service Management API to programmatically access much of the functionality available through the web interface.
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Microsoft Azure is a hyper-scale public cloud service, loads are balanced across multiple instances in different data centres.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS
  • Other
• Other usage reporting: Face to face in monthly Service Review Meetings

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: More details on data protection in Azure can be found here: https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files, Folders, Virtual Machines and Databases can be backed up
  • Ceox can provide advice on backups
• Backup controls: Azure requires backups to be manually created in order to occur. Ceox can advise customers on the best backup strategy for their data and then implement a suitable solution. Customers have full control over what is backed-up and when.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Azure provides a number of different encryption options for connections between a customer network and the Azure cloud. Ceox can advise and implement a solution which works best for an organisation and takes into account the level of information security required.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Azure also enables the configuration of network security groups, more information can be found here: https://azure.microsoft.com/en-us/blog/network-security-groups/

Availability and resilience

• Guaranteed availability: The level of availability guaranteed by Azure is dependent on the configuration. At a minimum, Azure can provide 99.9% availability (based on 24x7). However, for instance, virtual machines can be configured into availability sets to provide 99.95% or 99.99% guaranteed availability. More details on the level of SLA provided for each service can be found here: https://azure.microsoft.com/en-gb/support/legal/sla/
• Approach to resilience: Azure provides multiple layers of redundancy in order to ensure resilience. There are 50 regions worldwide, including 2 in the UK and Azure can provide resilience between data centres. Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/ for more information.
• Outage reporting: Azure provides a dashboard showing current issues and outages. A personalised dashboard with notifications can also be configured for each customer. In addition, if a fully managed service is taken Ceox will act as an intermediary and notify the customer of any servere impact to service. More details can be found here: https://azure.microsoft.com/en-us/status

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
• Other user authentication: Most customers choose to implement a link between their on-premise Entra ID (formerly Active Directory) and Azure Entra ID (formerly Azure Active Directory - Azure AD). This permits a single sign-on experience to any services implemented in Azure along with other cloud services. More details on Entra ID can be found here: https://www.microsoft.com/en-gb/security/business/identity-access/microsoft-entra-id
• Access restrictions in management interfaces and support channels: Entra ID restrictions are implemented by administrators within Azure Entra ID. Administrators can then assign permissions to users for the service. Ceox can act as administrators for customers or give advice on the best configuration to suit a certain purpose.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 28/11/2023
• What the ISO/IEC 27001 doesn’t cover: The certification covers the scope of the Microsoft Azure cloud service.; Ceox also have ISO certification covering the scope of all our activities.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 06/12/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: The Certification covers the scope of the Microsoft Azure cloud services.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc
• PCI DSS accreditation date: 07/03/2024
• What the PCI DSS doesn’t cover: The scope of the certification covers the Microsoft Azure cloud services.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ceox use ISO27001 certified policies and procedures to ensure that information security risk is controlled adequately. There is a Security Working Group (SWG) which handles the assessment and control of information security risk.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.; ; Ceox uses configuration and change management procedures produced inline with ISO9001 and ISO27001. These are based on the ITIL framework and make use of DevOps tooling where possible.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.; ; On top of Azure's vulnerability management, for Virtual Machines, Ceox can provide an automated patching and virus scanning process to ensure VMs are kept up to date and the latest virus definitions are installed.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.; ; Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Ceox runs an incident management process based upon ITIL's Service Operation practices. These include detailed processes for handling security incidents.; ; Microsoft has developed robust processes to facilitate a coordinated response to incidents. The process is Identification > Containment > Eradication > Recovery > Lessons Learned

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Microsoft have multiple controls to ensure customer's data is kept separate. More details can be found here: https://www.microsoft.com/en-us/trustcenter; ; Ceox has internal processes to ensure that each customer is managed in such a manner as to ensure a separation of data between each customer environment.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting Climate Change is a key value for Ceox, and a key element of the Social Value themes outlined in PPN 06/20. Our commitment to Fighting Climate Change is demonstrated by our stated objective of maintaining Net Zero. We are committed to maintaining Net Zero emissions and have expanded our measurement to include Scope 1 and 2 and have put in place measuring and offsetting for scope 3 emissions.; ; At Ceox we monitor and assess our emissions based on historic baselines going back to when we were founded. These provide a record of the greenhouse gases that Ceox produced along with the offsetting we put in place to achieve Net Zero.; ; For 2024 our aim is to maintain our Scope 1 & 2 emissions at Net Zero whilst continuing to offset all our Scope 3 emissions and put in place better measuring so that more sources such as Homeworking, Employee Commuting, Purchases of equipment are included within our Scope 3 measurements.; ; With our 2023 total CO2 production at 0.6 tCO2e we have put in place ambitious targets for tree planting initiatives that offsets our carbon production by 4x our measurements and beyond this we will be seeking to switch to true carbon capture technology which permanently removes CO2 from the atmosphere.; ; Fighting Climate Change and our supporting Carbon Reduction Plan has been completed in accordance with PPN 06/21 and our Senior Management Team are fully committed to raising our teams awareness of this critical issue and embedding processes to Fight Climate Change and reduce emissions with our ways of working.

  Covid-19 recovery

  Helping with the UK’s recovery from the Covid-19 Pandemic is important to the management team at Ceox, and forms part of the Social Value themes outlined in PPN 06/20. Our commitment to supporting the Covid-19 Recovery is demonstrated by our stated objective of supporting communities and individuals adversely affected by the Pandemic.; ; Our Covid-19 initiative has identified several actions to support hard- hit communities, industries, and individuals. These initiatives have been identified by Ceox staff and reach across the UK. These initiatives are identified and then prioritised according to impact and ease of implementation.; ; These initiatives are reviewed regularly by the Resource Team to assess progress and ensure that the activities deliver on their objectives within timescales required. Ceox Covid-19 recovery initiatives have included:; ; - Recruitment plan to employ groups adversely affected by the Pandemic e.g. Graduates. This initiative has been a massive success with 80% of our recruits since 2020 being Covid-19 graduates.; Widening our supply chain to include companies in areas of high unemployment particularly where Ceox has limited geographical coverage.; -Enabling staff to re-locate and work on non-office based roles supporting more remote and deprived locations across UK.; -Providing further training and Personal Development Plans rather than furlough or redundancy. We have recently upskilled 3 Developers to enable them to fulfil Testing and Functional Consultant roles.; -Improving Mental Health and Wellbeing with a attractive place of work where staff can work flexibly, interact easily and socialise.

  Tackling economic inequality

  Tackling Economic Inequality in UK is a major consideration for Ceox. It is part of the Social Value themes outlined in PPN 06/20. Ceox have policies in place to support businesses and people from different parts of the country and with varied track record of delivery or employment.; ; Ceox Management have devised a dual programme to tackle economic equality. The programme covers both individuals and businesses.; ; -Businesses – our Procurement Team source over £1 million of goods and services from UK industry. The Team ensure that our preferred supplier list includes a range of companies all of whom deliver high quality services. We ensure they are from different geographic regions including more deprived areas, different scale from blue chip to SMEs and ranging from establish companies to start-up. Our focus is on quality of product or service and the Procurement Team report to the CEO to demonstrate that our spend is spread across a diverse range of companies that includes those in deprived areas or in start-up.; ; - People – our HR team are tasked with tackling inequality and ensuring our staff reflects society. To achieve this they are set KPIs and report quarterly to the Management Team. They encourage job applicants from all over the country using digital media but also local job boards and advertising. They provide financial support for people to ensure there are no barriers to interviewing or accepting job offers. They also run training schemes and apprenticeships to train people without IT background, training or qualifications to transition into the IT Industry or develop capabilities where there is a UK shortage in skills.

  Equal opportunity

  Equal Opportunities for all is a key value for Ceox as well as being a legal requirement and one of the Social Value themes outlined in PPN 06/20. We aim to treat all individuals fairly with regards to recruitment, training, promotion and remuneration amongst others. ; ; As an equal opportunity employer all aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, colour, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, or any other status protected under law.; ; The Senior Management Team at Ceox are fully committed to supporting the Social Themes outlined in PPN 06/20 and in particular raising our team’s awareness of Equal Opportunities. Clear procedures are defined and KPI’s monitored monthly to support embedding processes that ensure the Equal Opportunities Policy is upheld.; ; This approach is led from the top by our CEO with the Executive team defining our Equal Opportunity Policy and putting in place annual training and key measures which they review regularly to ensure fair recruitment policies and workplace for everyone. ; To support the management of the policy, key KPIs are recorded and reviewed including: Gender, Race, Religion, Age; For each KPI we have a baseline level and a 5-year target as well as a 1-year target. Every year as part of the Executives annual planning, the CEO presents the current baseline and sets the target for the next year. In the past year Ceox has met the target across all measured KPIs and we have set new targets for the company year ending in 2025.

  Wellbeing

  Ceox take staff wellbeing seriously and have a structured approach to delivering it within the work environment. As part of the Management Team our Resource Director takes the lead reporting to the CEO on wellbeing KPIs which are monitored quarterly to identify trends, monitor progress, address any issues and improve the wellbeing of our staff and their families.; Ceox wellbeing focus is on:; -KPI performance management –Resource Director manages wellbeing KPIs: Retention Rate, Staff Satisfaction and Feedback. We look after our staff well which is evidenced by our 90% retention rate. Where issues arise these are addressed at an organisational or individual level.; -Individual Support – each staff member has 3 channels available to raise issues. The alternative channels ensures that the staff member is always able to raise an issue or escalate. The staff manager provides regular quarterly reviews. Alternatively the staff member will also have a project manager providing an independent channel to raise issues. Finally, the Resource Director is accessible to all staff. This multi-tiered approach ensures the staff member has a variety of channels they can utilise.; -Organisational Support – Ceox provide a range of facilities to support staff:; -Benefits Package - includes an independent confidential helpline and counselling for staff.; -Workplace – flexible work policies enable staff to work flexibly including working from home. We also encourage staff to come to the Ceox workplace to develop relationships, and a community which we find is beneficial to staff wellbeing. To encourage the development of the Ceox community we hold staff events, monthly workplace gatherings and weekly community lunches.; -Community Events and Volunteering – annually Ceox organise an annual community event where staff vote for a local cause or charity which they volunteer at.

Pricing

• Price: £1.00 a unit an hour
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Ceox can assist customers who wish to make use of Microsoft's free trial offer. Details of which can be found here: https://azure.microsoft.com/en-us/free
• Link to free trial: https://azure.microsoft.com/en-us/free

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@ceox.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.