Skip to main content

Help us improve the Digital Marketplace - send your feedback

NAK Consulting Services Ltd

Microsoft Azure Service Bus

Resilient, standards-based Messaging Bus

Features

  • Queues
  • Topics

Benefits

  • A PaaS approach for Messaging

Pricing

£0.04 to £0.05 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howes@nak.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 7 3 5 5 3 9 7 4 2 4 8 3 6 5

Contact

NAK Consulting Services Ltd Richard Howes
Telephone: 08450 230 286
Email: richard.howes@nak.co.uk

Service scope

Service constraints
Underlying maintenance arrangements and other restrictions as stipulated by Microsoft Azure
System requirements
Azure subscription procured through NAK

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 (Critical Business Impact) – 15 minutes
P2 (Moderate Business Impact) – 1 hour
P3 (Minimum Business Impact) – 24 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Relay of Azure Support Requests to Microsoft - Response SLA:
P1 (Critical Business Impact) – 15 minutes
P2 (Moderate Business Impact) – 1 hour
P3 (Minimum Business Impact) – 24 hours

Relay of Quota Increase Requests to Microsoft - Response SLA:
8 hours

Creation of Azure Reservations and Azure Savings Plans:
- Response SLA of two business days
- Resolution SLA of two business days (once buyer has provided all required information)
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Depending on the level of service taken, NAK will provide varying levels of assistance to users when onboarding the service. If a fully managed type service is chosen, NAK will run through an onboarding exercise and provide documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
NAK are providing Azure services, when a contract ends the users can move their Azure services to another Microsoft CSP and retain their data in the same way. If users want to remove their data from Azure, NAK can facilitate on a chargeable basis.
End-of-contract process
Any requests outside of the scope of support defined in the service at the end of a contract would be an additional cost.

Using the service

Web browser interface
Yes
Using the web interface
All operations provided and supported by the Microsoft Azure web-based Portal
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The Azure Portal is developed and maintained by Microsoft in line with generally-accepted industry accessibility standards
Web interface accessibility testing
None - the Azure Portal is provided by Microsoft Azure
API
Yes
What users can and can't do using the API
All operations supported by the underlying Microsoft Azure API
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
Other API automation tools
  • PowerShell
  • Bicep
  • Azure Resource Manager
API documentation
No
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
All operations supported by the underlying Microsoft Azure API and associated providers (such as Az PowerShell and the Azure Command Line Interface - az cli)

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Microsoft Azure manages the underlying infrastructure and handles servicing user demand, including separating demand from different groups of users
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Incoming Requests
  • Successful Requests
  • Server Errors
  • User Errors
  • Throttled Requests
  • Server Send Latency
  • Incoming Messages
  • Outgoing Messages
  • Messages
  • Active Messages
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft Azure

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is as per underlying Microsoft Azure SLAs
Approach to resilience
Resilience is per support provided by underlying Microsoft Azure capabilities and options
Outage reporting
Microsoft Azure provides a public dashboard tracking any service outages

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
NAK utilises a multi-tenant ITSM toolset, this ensures all customer data is kept separately within it's own tenant. Individual buyer users are validated during the onboarding process. Technical access for buyer users to Azure resources is facilitated by granting the minimum set of roles or permissions to Entra ID groups whose members receive the roles or permissions. Access for NAK staff to Azure resources is granted using Granular Delegated Admin Privileges (GDAP).
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QAS International
ISO/IEC 27001 accreditation date
27/01/2024
What the ISO/IEC 27001 doesn’t cover
NAK's lab environment
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Below is the list of processes and policies we follow. NAK go through an annual surveillance audit and at least 3 annual internal audits of the various components. All identified non-compliances are reported to NAK's Information Security Management Committee.

Information Security Policy
Access Control Policy
Acceptable Use of Assets Policy
Business Continuity Procedure
Change Management Procedure
Communications Policy
Cryptographic Controls Policy
Human Resource Security Policy
Information Classification Policy
Information Security Incident Management Procedure
Mobile Device Policy
Operating Procedures for IT Management
Password Security Policy
Secure System Engineering Principles Policy
Supplier Security Policy
Server Maintenance Procedure
Determining the Scope of the ISMS Policy
Performance Evaluation Procedure
Planning to Achieve security Objectives
Risk Assessment Procedure
Document, Records & Data Control
Internal Audit Procedure
Management Review
Control of Nonconforming Product
Multi-Factor Authentication Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
NAK manage a Configuration Management Database through our ITSM toolset. NAK's Change Management process is run and managed through our ITSM toolset.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We assess vulnerabilities on their CVE score. CVE vulnerabilities of 8+ will be remediated within 14 days, providing a patch is available. NAK receives alerts from key vendors of any vulnerabilities and we also scan vendor security updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromises are picked up through Microsoft Defender and Deep Instinct. Once identified, the compromise would be handled as part of NAK's standard Incident Management process
Incident management type
Supplier-defined controls
Incident management approach
NAK run a standard ITIL Incident/Major Incident process. Users are able to report incidents via telephone, e-mail or portal. For Major Incidents, NAK will provide a root cause analysis report detailing a timeline of events, the cause of the incident and any remedial actions.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft Azure
How shared infrastructure is kept separate
This is handled within Microsoft Azure

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
In an independent review, SCOPE Europe determined that Microsoft Azure datacentres meet the EU Cloud CoC Second Level of Compliance

Social Value

Social Value

Social Value

Tackling economic inequality

Tackling economic inequality

Buyers who procure Microsoft Azure Services support the economic growth of NAK Consulting Services as an SME, resulting in the creation of new jobs and distribution of new skills.

Pricing

Price
£0.04 to £0.05 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howes@nak.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.