Dynamics 365 Commerce
"Dynamics 365 Commerce helps unify the customer shopping  experience by bringing in-store, back office, and call centre functionality together in one end-to-end platform.
• Improve in-store and e-commerce profitability.
• Drive intelligent business insights to optimize strategy and cost.
• Accelerate buying behaviour through customer experiences."
Features
- Unified Commerce Experience: Seamless buying experiences online & offline channels.
- Instore, call centre and ecommerce platforms / software.
- Customer Insights: Gain a comprehensive view of your customers.
- Scalable Digital Commerce: Grow your business with a unified platform.
- AI-Driven Intelligent Commerce: Infuse intelligence across your sales operations.
- Omnichannel Support: Unify back-office, in-store, e-commerce, and call centre experiences.
- Online Fraud Protection: AI-driven insights, and consortium-based fraud analytics.
- Integrates into Supply Chain management and Finance.
Benefits
- Create immersive shopping experiences across channels.
- Provide exceptional service.
- Optimize retail operations with data-driven insights.
Pricing
£107.67 to £176.02 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 9 9 6 1 5 0 1 9 0 0 1 0 2 5
Contact
    PHOENIX SOFTWARE LIMITED
    
    Mark Pickersgill
    
    
    Telephone: 01904 562200
    
    
    Email: bids@phoenixs.co.uk
    
  
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Dynamics 365 provides a suite of integrated business applications designed to streamline processes, enhance productivity, and drive growth across organizations. It provides pre-built solutions for common use cases, such as sales, customer service, marketing, finance, and operations. While offering out-of-the-box functionality, Dynamics 365 can be customized and extended to match specific organizational requirements. Power Platform empowers users to build tailored solutions that address specific business challenges. Power Platform seamlessly integrates with Dynamics 365, enhancing its capabilities and flexibility. Microsoft continually invests in the development of Microsoft Business Applications, ensuring it evolves to meet changing business needs.
- System requirements
- 
      - Dynamics 365: Fully hosted, managed SaaS; no on-premises infrastructure needed.
- Cost-effective: Eliminates additional IT infrastructure for Onboarding system support.
- Accessibility: Use on any web-enabled device with modern internet browsers.
- Browser Compatibility: Supports Internet Explorer, Edge, Chrome, Safari.
- Mobile Availability: Native apps for Android and iOS devices provided.
 
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 
      Between 8 and 1 hour depending on support plan purchased
 See https://azure.microsoft.com/en-gb/support/plans/
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- 
      Microsoft is committed to developing technology that empowers everyone, including people with disabilities. Microsoft has a Disability Answer Desk where customers with disabilities get support with Microsoft Office, Windows, and other products. Microsoft also has Accessibility Conformance Reports (ACR) which describe how products and services support recognized global accessibility standards.
 https://www.microsoft.com/en-us/Accessibility/disability-answer-desk
 https://www.microsoft.com/en-us/accessibility/conformance-reports
 https://learn.microsoft.com/en-us/windows/apps/design/accessibility/accessibility-testing
- Onsite support
- Yes, at extra cost
- Support levels
- 
      " Microsoft provides three (3) support plan options for Microsoft Business Applications. These include the following:
 - STANDARD/SUBSCRIPTION (included for all customers)
 - PROFESSIONAL DIRECT
 - UNIFIED ENTERPRISE
 For more information, visit:
 - https://www.microsoft.com/en-us/dynamics-365/support
 -https://powerapps.microsoft.com/en-us/support/
 - https://learn.microsoft.com/en-us/power-platform/admin/support-overview
 - https://www.microsoft.com/en-us/unifiedsupport/details"
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- 
      Microsoft provides several resources to help users get started with Microsoft Business Applications:
 *Quick Start Guides: Microsoft offers Quick Start guides for all of its popular Microsoft 365 apps.
 *Partner Resources Guide: This guide provides Business Applications partners with a high-level description of each of the key partner programs and resources provided by Microsoft.
 *Business Applications Partner Activities: These activities provide partners with funding to deliver standardized, partner-led pre-sales, migration, and post-sales activities to customers.
 *WorkLab Guides: Users can explore WorkLab guides for Dynamics 365.
 Please also see:
 • https://support.microsoft.com/en-us/office/microsoft-365-quick-starts-25f909da-3e76-443d-94f4-6cdf7dedc51e
 • https://techcommunity.microsoft.com/t5/business-applications-for/new-business-applications-partner-resources-guide/td-p/3928203
 • https://techcommunity.microsoft.com/t5/partner-news/fy24-business-applications-partner-activities-incentives/ba-p/3955971
 • https://www.microsoft.com/en-us/dynamics-365
- Service documentation
- Yes
- Documentation formats
- 
      - HTML
- Other
 
- Other documentation formats
- https://www.microsoft.com/en-us/trust-center/compliance/accessibility#accessibility
- End-of-contract data extraction
- 
      When the contract ends, your access to Microsoft services, applications, and data go through multiple stages before the subscription is fully turned off, or deleted:
 1. Expired Stage (30 days): Users have normal access to applications and files.
 2. Disabled Stage (90 days): Data is accessible to admins only. Users can’t access applications. Admins can access the admin centre to buy and manage other subscriptions.
 3. Deleted Stage: After the 90-day retention period ends, Microsoft disables the account and deletes the customer data.
 During the term of an active subscription, a subscriber can access, extract, or delete customer data stored in your applications. Dynamics 365 data can be exported to Excel in a static worksheet, dynamic worksheet, or PivotTable. In Dynamics 365, there is also a distinction between structured/semi-structured and unstructured documents:
 - Structured/Semi-structured Documents have predefined fields, tables, and checkboxes in consistent locations. Examples include invoices, delivery orders, tax forms, and medical tests.
 - Unstructured Documents are free-form format documents with no set structure. Information is usually in paragraphs. Examples include contracts, statements of work, and letters.
 For more information on data extracts for Microsoft Business Applications, visit:
 - https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/basics/import-export-data
 - https://learn.microsoft.com/en-us/dynamics365/customer-insights/data/export-manage
 - https://learn.microsoft.com/en-us/power-platform/admin/self-service-analytics
 - https://learn.microsoft.com/en-us/power-bi/visuals/power-bi-visualization-export-data?tabs=powerbi-desktop
 - https://learn.microsoft.com/en-us/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires
- End-of-contract process
- 
      Microsoft is governed by strict standards and follows specific processes for removing cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. In our Online Service Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.
 Please see Data Protection Addendum for full and up to date details about how Microsoft manages your data. https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1
Using the service
- Web browser interface
- Yes
- Supported browsers
- 
      - Microsoft Edge
- Firefox
- Chrome
- Safari
 
- Application to install
- Yes
- Compatible operating systems
- 
      - Android
- IOS
- MacOS
- Windows
 
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Microsoft offers distinct experiences on mobile and desktop devices for Microsoft Business Applications.. On desktop, users access the full suite of features, while the mobile app provides a streamlined interface for essential tasks and allows for offline working when there isn't network connectivity.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- 
      *Dynamics 365:  Sales, Customer Services, Field Service, Finance & Operations, and Human Resources other other Dynamics 365 applications are each tailored to the specific function, providing relevant tools and features.
 *Power Platform: The interface is designed to be user-friendly, allowing even non-technical users to create powerful applications.
 https://dynamics.microsoft.com/en-gb/what-is-dynamics365/
 https://www.microsoft.com/en-gb/power-platform/
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- 
      Microsoft is committed to developing technology that empowers everyone, including people with disabilities. Microsoft has a Disability Answer Desk where customers with disabilities get support with Microsoft Office, Windows, and other products. Microsoft also has Accessibility Conformance Reports (ACR) which describe how products and services support recognized global accessibility standards.
 https://www.microsoft.com/en-us/Accessibility/disability-answer-desk
 https://www.microsoft.com/en-us/accessibility/conformance-reports
 https://learn.microsoft.com/en-us/windows/apps/design/accessibility/accessibility-testing
- API
- Yes
- What users can and can't do using the API
- 
      "Microsoft Business Applications offers several customization options to tailor it to your organization’s unique needs. 
 Direct API Integrations:
 The Microsoft Business Applications SKD and API offers a rich set of capabilities for developers to interact with the platform’s data and functionality. This covers all element of the platform allowing developer to build on top of Business Applications.
 Custom Connectors:
 Purpose: Custom connectors act as wrappers around REST APIs, enabling seamless communication between Dynamics 365 and external services.
 Use Cases: You can create custom connectors for APIs you manage or popular public APIs.
 Integration: These connectors empower Logic Apps, Power Automate, and Power Apps to interact with the specified APIs.
 Custom APIs:
 Functionality: Microsoft Business Applications supports creating custom APIs, allowing external applications to invoke specific actions.
 Usage: You can call plugins from custom APIs, extending the platform’s capabilities.
 Configuration: Set up custom API requests, parameters, and responses within DataVerse.
 Connections:
 Entity Connections: Easily establish connections between records across most customizable business and custom entities within Dynamics 365.
 https://learn.microsoft.com/en-us/connectors/custom-connectors/
 https://learn.microsoft.com/en-us/rest/api/power-platform/"
- API documentation
- Yes
- API documentation formats
- 
      - HTML
- Other
 
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- 
      "
 Microsoft Business Applications offer a variety of ways for customers to customize their solutions both with minimal development using low code capabilities and traditional development techniques.
 *Power Platform: Microsoft Power Platform (which includes Power BI, Power Apps, Power Automate, and Copilot Studio) allows users to build custom apps, automate workflows, develop virtual agents, and analyse data, all without needing extensive coding knowledge.
 *Dynamics 365: Dynamics 365 applications provide a wealth of customization options. Users can create custom entities, fields, and forms; build custom workflows and business processes; and even develop custom plug-ins using .NET or extend using the API.
 *Training and Learning Resources: Microsoft Learn offers a range of courses and learning paths that can help users understand how to customize and get the most out of their Microsoft Business Applications solutions.
 Please also see:
 https://learn.microsoft.com/en-us/dynamics365/guidance/implementation-guide/extend-your-solution-scenarios
 https://learn.microsoft.com/en-us/power-apps/"
Scaling
- Independence of resources
- 
      Microsoft Business Applications are designed to handle high demand and ensure that the performance of one user does not adversely affect others. 
 *Cloud Infrastructure: Being a cloud-based solution, Microsoft Business Applications leverages Microsoft Azure’s robust infrastructure. As your business grows, the system can seamlessly scale up by allocating additional resources.
 *Elasticity: Dynamics 365 can dynamically adjust its capacity based on demand. It scales out to accommodate more users or transactions during peak times and scales back down during off-peak periods.
 *Performance Monitoring: Microsoft continuously monitors the performance of its services and makes adjustments as necessary to ensure optimal performance.
Analytics
- Service usage metrics
- Yes
- Metrics types
- 
      Microsoft’s commitment to service availability through a financially backed 99.9% uptime Service Level Agreement (SLA).
 The monthly uptime percentage for calendar month is calculated using the formula where downtime is measured in user-minutes; that is, for each month, downtime is the sum of length (in minutes) of each incident that occurs during that month, multiplied by number of users impacted by that incident. Downtime does not include scheduled downtime, the unavailability of service add-on features, the inability to access the service due to your modifications of the service, or periods where the scale unit capacity is exceeded.
 please see https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller (no extras)
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- 
      - United Kingdom
- European Economic Area (EEA)
- Other locations
 
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- 
      - Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
 
- Data sanitisation process
- Yes
- Data sanitisation type
- 
      - Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
 
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- 
      Microsoft Business Applications provide several ways for users to export their data: 
 Records can be exported into to a variety of formats including Excel, PDF, CSV, XML, TIFF and Word. Exporting to Word and Excel is a standard feature within Dynamics 365.
 Data can be exported directly into Azure Data Lake / Fabric Storage for your organization's business needs.
 Alternative the API, prebuild or custom connectors can be used to export data or integrate with external systems.
- Data export formats
- 
      - CSV
- Other
 
- Other data export formats
- 
      - Microsoft Excel
- Text-Only (Tab Delimited)
- Comma-Separated Values (CSV)
- Extensible Markup Language (XML)
 
- Data import formats
- 
      - CSV
- Other
 
- Other data import formats
- 
      - Excel Workbook (.xlsx)
- Comma-Separated Values (.csv)
- XML Spreadsheet 2003 (.xml)
- Compressed (.zip)
 
Data-in-transit protection
- Data protection between buyer and supplier networks
- 
      - Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
 
- Other protection between networks
- 
      Microsoft Business Applications comply with the government's 1st cloud security principle through several measures
 Please also see:
 • https://learn.microsoft.com/en-us/compliance/assurance/assurance-encryption-in-transit
 • https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices
 • https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-encrypt-data-in-transit/ba-p/2201008
 • https://techcommunity.microsoft.com/t5/microsoft-mvp-communities-blog/mvp-s-favorite-content-bizapps-microsoft-entra-blogs/ba-p/4005503
- Data protection within supplier network
- 
      - TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
 
- Other protection within supplier network
- 
      Microsoft Business Applications protect data within the network through several measures
 Please also see:
 • https://learn.microsoft.com/en-us/security/zero-trust/adopt/identify-protect-sensitive-business-data
 • https://www.microsoft.com/en-us/security/business/security-101/what-is-data-protection
 • https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-for-cloud-apps-data-protection-series/ba-p/3681877
Availability and resilience
- Guaranteed availability
- 
      Microsoft’s commitment to service availability through a financially backed 99.9% uptime Service Level Agreement (SLA).
 The monthly uptime percentage for a calendar month is calculated using the formula where downtime is measured in user-minutes; that is, for each month, downtime is the sum of the length (in minutes) of each incident that occurs during that month, multiplied by the number of users impacted by that incident. Downtime does not include scheduled downtime, the unavailability of service add-on features, the inability to access the service due to your modifications of the service, or periods where the scale unit capacity is exceeded.
 please see https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services
- Approach to resilience
- 
      Microsoft's datacentre setup is designed to be resilient and align with the UK Government's 2nd Cloud Security Principle "Asset Protection and Resilience".  
 * Redundant Architecture: Microsoft online services achieve service resilience through redundant architecture, which involves deploying multiple instances of a service on geographically and physically separate hardware. This provides increased fault-tolerance for Microsoft online services.
 * Data Replication and Automated Integrity Checking: Data replication and automated integrity checking are also part of Microsoft's strategy to ensure service resilience.
 * Compliance with UK G-Cloud: Every year, Microsoft prepares documentation and submits evidence to attest that its in-scope enterprise cloud services comply with the 14 Cloud Security Principles of G-Cloud. This gives potential G-Cloud customers an overview of its risk environment.
 * ISO/IEC 27001 Certification: The compliance process relies on the ISO/IEC 27001 certification. A Government Digital Service (GDS) accreditor then performs several random checks on the Microsoft assertion statement, samples the evidence, and makes a determination of compliance.
 * UK OFFICIAL Data: The appointment of Microsoft services to the Digital Marketplace means that UK government agencies and partners can use in-scope services to store and process UK OFFICIAL government data.
- Outage reporting
- 
      Microsoft provides several ways to report service outages for Microsoft Business Applications and Azure Cloud:
 *Public Dashboard: Microsoft provides a public dashboard where users can view the health of their Microsoft services, including Microsoft Business Applications and Azure. The dashboard indicates whether there is an active service issue and links to the detailed Service Health page.
 *API: Microsoft offers the Service Communications API in Microsoft Graph, which allows users to access the health status and message centre posts about Microsoft cloud services. For Azure, users can get information about outage-impacted resources programmatically by using the Events API.
 *Email Alerts: Users can sign up for email notifications of new incidents that affect their tenant and status changes for an active incident. Azure Service Health also allows users to set up Service Health alerts to be automatically notified about service issues by email.
 In addition to the public dashboard, API, and email alerts, Microsoft provides a few more methods for service outage notifications:
 *Mobile Push Notifications
 *IT Service Management Tools
 *Power BI Notifications
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 
      - 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
 
- Access restrictions in management interfaces and support channels
- The identity and access management features that are built into Microsoft Business Applications products and services help protect your organizational and personal information from unauthorized access while making it available to legitimate users whenever and wherever they need it. These features enable you to manage user identities, credentials, and access rights from creation through retirement, and help automate and centralize the identity lifecycle processes. Microsoft uses multiple security practices and technologies across its products and services to manage identity and access.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 
      - 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
 
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The Certification Body of Schellman & Company, LLC
- ISO/IEC 27001 accreditation date
- November 28, 2023 for Certificate version 13. Original registration date: November 29, 2011
- What the ISO/IEC 27001 doesn’t cover
- Not Applicable
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 2013
- CSA STAR certification level
- Level 2: CSA STAR Attestation
- What the CSA STAR doesn’t cover
- Not Applicable
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire, an independent Qualified Security Assessor (QSA) company
- PCI DSS accreditation date
- 15/03/2021
- What the PCI DSS doesn’t cover
- Not Applicable
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- https://learn.microsoft.com/en-us/compliance/regulatory/offering-home?view=o365-worldwide
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- 
      - CSA CCM version 3.0
- ISO/IEC 27001
- Other
 
- Other security governance standards
- 
      Microsoft adheres to numerous, rigorous security and compliance standards, including CSA CCM version 3.0, ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP, and HITRUST, among others. For more on specific compliance, visit:
 - https://learn.microsoft.com/en-us/compliance/assurance/assurance-governance
 - https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365-maturity-model--governance-and-compliance
 - https://servicetrust.microsoft.com/
- Information security policies and processes
- 
      Microsoft follows a comprehensive approach to information security policies and processes for its internal operations. Here's an overview:
 *Microsoft Security Policy (MSP): Microsoft implements a comprehensive security governance program as part of the Microsoft Policy Framework. The MSP organizes Microsoft's security policies, standards, and requirements so they can be implemented across all Microsoft engineering groups and business units.
 *Business Unit Responsibility: Individual business units are responsible for specific implementations of Microsoft security policies.
 *Alignment with Regulatory and Compliance Frameworks: Microsoft's security governance program is informed by and aligns with various regulatory and compliance frameworks. Security requirements are constantly evolving to account for new technologies, regulatory and compliance requirements, and security threats.
 *Policy Updates
 *Operational Security Practices: Microsoft Operational Security Assurance Practices provide a set of practices that aim to improve software security in a cloud-based infrastructure. These include providing training, using multi-factor authentication, enforcing least privilege, protecting secrets, minimizing attack surface, encrypting data in transit and at rest, implementing security monitoring, implementing a security update strategy, protecting against DDOS attacks, validating the configuration of web applications and sites, and performing penetration testing.
 *Reporting Structure
 *Ensuring Policies are Followed
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- 
      Microsoft follows a broad approach to configuration and change management processes. Here's an overview:
 Configuration Management
 Change Management
 Assessing Changes for Potential Security Impact
 This is a high-level overview. For more detailed information, you may want to explore the resources on Microsoft's official website.
 Please also see:
 • https://learn.microsoft.com/en-us/mem/configmgr/
 • https://learn.microsoft.com/en-us/mem/configmgr/core/understand/introduction
 • https://learn.microsoft.com/en-us/mem/configmgr/apps/deploy-use/management-tasks-applications
 • https://techcommunity.microsoft.com/t5/microsoft-365-blog/simplifying-change-management-of-microsoft-365/ba-p/3738912
 • https://www.microsoft.com/en-us/insidetrack/about-us
 • https://www.microsoft.com/investor/reports/ar23/index.html
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- 
      The Microsoft Detection and Response Team (DART) actively looks for cyberthreats that have penetrated an environment, looking beyond known alerts or malicious threats to discover new potential threats and vulnerabilities. They use a tiered data collection model and start by collecting a snapshot of the densest, most indicator-rich data they can from every object and endpoint they can reach. 
 Deploying Patches
 The pace at which Microsoft deploys patches is dependent on specific requirements.
 Sources of Information About Potential Threats
 Microsoft aggregates data from various sources to gather information about potential threats. These sources include first-party threat intelligence feeds .
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- 
      Azure security has defined requirements for active monitoring. Service teams configure active monitoring tools in accordance with these requirements. Active monitoring tools include the Microsoft Monitoring Agent (MMA) and System Centre Operations Manager.
 The Initial Response Time varies with both the support plan and the Business Impact of the request (also known as Severity). For a breakdown of initial response times by several level and business impact, please visit https://azure.microsoft.com/en-us/support/plans/response/
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- 
      Microsoft strives to respond quickly and effectively to protect Microsoft services and customer data. Microsoft employs incident response strategy designed to investigate, contain, and remove security threats quickly and efficiently.
 Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents.
 Microsoft’s approach to managing a security incident conforms to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, and Microsoft has several dedicated teams that work together to prevent, detect, and respond to security incidents.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- 
      - Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
- Other
 
- Other public sector networks
- 
      - Microsoft 365 Guidance for UK Government
- Microsoft in Public Sector
- Business Applications Partner Activities
 
Social Value
- Social Value
- 
      Social Value - Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
 Fighting climate change Effective stewardship of the environment with activities that deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.
 We can support customers environmental goals by providing annual carbon emissions on contract and reduction plans.
 We will run free of charge sustainability infrastructure reviews for customers to understand how they can reduce carbon emissions of their IT services.
 We are working towards 2040 Net-Zero GreenHouseGas emissions.
 Since 2021 we have been Carbon Neutral with Gold Standard Certified carbon credits - partner Ecologi.
 By 2026 we aimed to reduce Scope 1 and 2 emissions by 50% from a 20/21 baseline year and which we have now achieved.
 By 2030 we aim to reduce all of our emissions (including Scope 3) by 50% this is from a 22/23 baseline year.
 Achievement of 2030 50% reduction targets (based on last FY) would mean a minimum carbon reduction of 142tCO2e per year for the public sector.
 We record and monitor our usage/ conversion to carbon emissions monthly and progress is published annually on the website in accordance with PPN06/21 and SECR guidelines. We are ISO14001 certified, and our targets are currently being verified by SBTi.
 Overall, the business:
 -Generates solar energy (85%) with REGO renewable purchased energy.
 -Zero waste to landfill waste management
 -Minimises travel emissions by 60%
 -Uses water wisely – reduced by 15%
 Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.
 We work hard to influence others and change behaviours to help fight climate change.
 Workforce:
 -Sustainability inductions
 -Sustainability training
 -Staff campaigns
 -Volunteering opportunities
 -Family woodland tree planting
 Suppliers:
 -Supply-chain reviews
 -Sustainability training
 -Blogs/ media content
 -Sustainability training
 Customers:
 -Sustainability Infrastructure Review
 -Hardware Carbon-Assessments
 -Circular-Economy support
 -Sustainability trainingCovid-19 recovery Help local communities to manage and recover from the impact of COVID-19 with activities in the delivery of the contract which:
 Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors.
 - Phoenix Employability Outreach Programme - Unique access to Microsoft Career Essentials programme
 Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.
 -Phoenix Small Business Digital Skills Outreach programme – webinars supporting cyber security, accessibility and licensing.
 -Phoenix VCSE Digital Skills Outreach Programme – webinars supporting cyber security, accessibility and licensing.
 Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.
 -Phoenix Digital Skills Outreach Programme – Supporting people to access services services online e.g NHS app and Banking apps.
 Examples of our working with London and Quadrant Housing Association to deliver befriending calls for tenants who were lonely and isolated as a result of Covid19.
 We have also worked with Liverpool City Council to promote employability courses to those left unemployed by Covid-19 and who are now in employment.
 We provided free of charge IT service desk to 15 charities during the pandemic and have worked closely with them to support them with returning to full operation again.Tackling economic inequality Create new businesses, new jobs and new skills with activities that, in the delivery of the contract:
 Create opportunities for entrepreneurship and help new, small organisations to grow, supporting economic growth and business creation.
 -60% of our supply chain are SME’s
 -We are signatories and adhere to the Prompt Payment Code
 -Host Dragons Den SME supply chain sessions for new suppliers to showcase their services for our customers.
 Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas.
 - The Phoenix Employability Outreach Programme provide unique access to Microsoft Career Essentials digital literacy programme, career talks and employability advice.
 Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors.
 -Graduate work placements
 -Phoenix Employability Outreach Programme - Unique access to Microsoft Career Essentials programme for certifications to skill up for roles in the IT sector.
 -We work with our supply-chain to create job roles with shared apprenticeship heads and promotion to permanent employment.
 Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.
 -Apprenticeships whereby we aim for c.10 graduating apprentices and all are moved into permanent employment with Phoenix.
 -Skills City Bootcamp where we deliver career talks and provide projects to 19+ year olds seeking to upskill for employment in the technology sector.
 Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
 -Our programmes are delivered in partnership with our customers, supply chain and workforce, including Career talks, mentoring and IT challenge activities.Equal opportunity Reduce the disability employment gap with activities that:
 Demonstrate action to increase the representation of disabled people in the contract workforce.
 -We are certified Disability Confident Employers (level 2).
 -We provide Digital Accessibility training for all staff so we can communicate with each other and our customers in an inclusive manner.
 -We are exploring the use of the Voluntary Reporting Framework for understanding the disability makeup of the workforce.
 Tackling workforce inequalities with activities that demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce.
 - We focus on ensuring an inclusive and unbiased recruitment strategy, with unconscious-bias training, blind recruitment processes, and reviewing language and placement of advertisements.
 -All staff trained receive mandatory EDI training annually.
 Various initiatives include
 -Signatories of the Race at Work Charter,
 -Disability Confident Committed Employer
 -Signatories of the Armed Forces Covenant
 -Gender-Neutral toilets
 -Prayer room
 -Milk-pumping room
 -Sponsor York Pride
 -We have specific policies for Menopause, and LGBTQ+.
 -We have established an Accessibility-Centre-of-Excellence to display the latest technology
 -We monitor our workforce statistics and report on them:
 Gender 65% male /35% female (industry-average 20%)
 Ethnicity 5.6% (local-area 3.9%)
 Staff turnover 12.3% (industry-average 13.2%)
 Using the Voluntary Reporting Framework, we are working on what and how we can report metrics around disabled people in the workforce, including those with hidden disabilities.
 We have been recertified as a Great Place to Work™ and UK's Best Workplaces™ for Women.Wellbeing The mental health and well-being (MHWB) of our staff is of the utmost importance to us and our MHWB Policy aims to provide a working environment that promotes and supports the MHWB of all employees.
 Activities that demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce at Phoenix include:
 -We utilise different resources not least those from Mental Health at Work Commitment, NHS Every Mind Matters, and the MIND employer toolkit to improve our employee MHWB programme.
 -All our staff heavily discounted private health insurance includes mental wellness. Plan members access a range of health treatments including face to face counselling and cognitive behaviour therapy.
 -Phoenix invests in the St Johns Ambulance Mental Health First Aid training course to ensure we have MH first aiders in the business and the skills to address MH in the workplace.
 -The new challenges the pandemic has raised, on our employee’s MHWB, has led to the creation of a staff network group who meet monthly, to ensure that all we do and say truly covers all aspects of MHWB.
 -All employees are given a monthly wellbeing hour to take for their own personal time and are also supported with monthly tea and toast sessions discussing and normalising MHWB topics.
 We influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.
 -We provide Digital Accessibility training for all staff so we can communicate with each other and our customers in an inclusive manner.
 -We have established an Accessibility-Centre-of-Excellence to display the latest technology to the workforce, supply chain and our customers
 -We deliver digital accessibility training to customers
 -We are sponsors of the Neurodiversity Awards
Pricing
- Price
- £107.67 to £176.02 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Trial versions of Dynamics 365 Applications and the Power Platform are generally available for 30 days and provide full capabilities to enable customers to test the functionality meets their requirements.
- Link to free trial
- "Dynamics 365 - https://dynamics.microsoft.com/en-us/dynamics-365-free-trial/ Power Platform - https://www.microsoft.com/en-us/power-platform/try-free"