Essential Computing

AvePoint Policies and Insights for Microsoft 365 Management

AvePoint Policies & Insights for Microsoft 365 helps to find, prioritise, and fix permissions, membership, and configuration issues across your workspaces. Monitor Microsoft 365 objects, including Teams, Groups, users, SharePoint, and OneDrive. Get control over your content, external sharing, and settings

Features

• Gain insight into Team, Group, SharePoint, OneDrive permissions
• Set access policies for external users based on workspace metadata
• Identify known and potential security issues, prioritise by content sensitivity
• Security dashboards track exposure, anonymous links, external users over time
• Monitor for, automatically notify, or adjust unauthorised or out-of-policy changes.
• Manage permissions for sensitive workspaces or files
• Library of rules to enable automatic policy enforcement

Benefits

• Gain critical insights into potential security risks
• Identify gaps, apply policies to address them
• Build policies to meet organisational IT security needs
• Give admins the ability to focus on critical issues
• Dashboards for instant visibility across your data
• Central monitoring for Microsoft 365

£0.95 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@essential.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

729246591385664

Contact

Clare Knight
01275 343199
info@essential.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Office 365, Microsoft 365, Microsoft Office 365, M365
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Supplier support based on 1 hour Monday to Friday UK Office hours 9-5pm.; Vendor support included with 24/7 access to support through ticketing system
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Please contact us for further information about web-chat usage by assistive technology users and to discuss testing.
• Onsite support: Yes, at extra cost
• Support levels: We provide a range of support levels and technical development to our clients depending on their specific needs and our commercial contract with them.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding services are defined and agreed in a Statement of Work.; We then provide an onboarding service which starts with a planning workshop, to review the required outcomes. The AvePoint environment is then provisioned. The Essential technical team will remotely assist with configuration in line with the agreed requirements, and then follow up 4-6 weeks later to check in. Full product documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may request a copy of the data via our support team.
• End-of-contract process: The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users have access to available functions through our GUI based on their permissions or role.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users have access to available functions through the GUI based on their permissions or role.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: AvePoint complies with common accessibility guidelines. In addition, extensive Quality Assurance testing is performed before any release. Customers can optionally subscribe to "Insider Releases" to gain early access to updates, and provide feedback.
• API: No
• Customisation available: No

Scaling

• Independence of resources: We employ a number of methods including elastic scaling to manage performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Administration and Audit Reports provide basic information on all site collections, sites, Office 365 users, Office 365 Groups, and Microsoft Teams managed by AvePoint Cloud Management.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AvePoint

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Not applicable.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is set within the SLA.
• Approach to resilience: AvePoint leverages Microsoft Azure for hosting it's cloud service, which has a number of data centers for HA.
• Outage reporting: Portal notifications with additional direct communication when appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All authentication is carried out against Microsoft Azure or any supported Azure authentication method.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Kompleye
• ISO/IEC 27001 accreditation date: 21.6.2021
• What the ISO/IEC 27001 doesn’t cover: Nothing.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 29.3.2017
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: None.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC2
  • FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: AvePoint has a documented and functional configuration and change management process which includes testing of all changes in production environments and documented approval process of changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use AppScan to perform OWASP testing on every patch release
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to reducing our environmental impact as part of how we operate as a digital business.; As a digital services provider, we enable our customers to realise sustainable hybrid workplaces for positive wellbeing and environmental impact through the technology solutions we provide, and through the way we collaborate to implement the solutions for long term success.; Our focus is on reducing energy and resource usage, reducing the need to travel where possible, and enabling team communications and education to support these objectives. We proactively support our customers, and vendors to do the same by delivering projects in a way which considers environmental factors at the planning stage. ; In recent years, we have reduced our office footprint to support hybrid working, minimising travel requirements for our teams. Our services are delivered fully remotely to customers, to pass on the same benefits.

  Equal opportunity

  We provide technology solutions which help level the playing field for people across the workforce. Accessibility is a key consideration, and we work with solutions which integrate with Microsoft’s advanced accessibility capabilities wherever possible

  Wellbeing

  The solutions we provide are aimed at making day to day working life better for the people using it, by enabling them to achieve more from within their Microsoft365 applications, reducing digital friction.; Doing the right thing is a core value of our business. This starts with commitment to our team, to be a responsible, fair and supportive employer, by offering a safe and welcoming environment to do their best work and providing development pathways where possible.; Our belief is that if our people are supported well, they can do the best they can for our customers.; Underpinning all the above, is the choice to work with vendors with aligned values in terms of their positive impact on their people, teams, partners, and customers.

Pricing

• Price: £0.95 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Contact us for details. It is possible to trial the product for a limited period. info@essential.co.uk

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@essential.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.