BESPOKE SOLUTIONS CONSULTANCY LIMITED

Bespoke Power Platform Assessment, Governance COE & Application Development Services

Bespoke can provide assessment services for Power Platform, Implement a Centre of Excellence, and development applications to enhance your governance maturity, bolster security measures, and streamline platform management.

Features

• Comprehensive strategy for scaling adoption of Power Platform.
• Adoption tailored for your organisation.
• Outlined roadmap focusing on key apps and workloads.
• Implement essential components for your enterprise.
• Design and launch of high-priority solutions.
• Empower your team with skills needed.
• Power Platform suite of features.

Benefits

• Continuous business benefits.
• Enhanced efficiency and productivity.
• Modernise your legacy applications.
• Tailored applications to your needs.
• Robust governance strategy and COE approach.
• Mitigate risk through centralised controls.
• Unified data source for valuable insights.
• Promote organisation wide adoption.

£625.50 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jordan.brookes@bespoke-xyz.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

762701775388175

Contact

Jordan Brookes
01618832655
jordan.brookes@bespoke-xyz.com

Service scope

• Service constraints: Bespoke can provide assessment services for Power Platform, Implement a Centre of Excellence, and development applications to enhance your governance maturity, bolster security measures, and streamline platform management.
• System requirements: Access to client tenant

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The service level agreement is bespoke to each client and their requirements
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Low, Medium, High, and Critical. We also provide a support manager to help with any questions they may have.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We help users through a pre-sales discovery and guidance call to help them identify needs and pain points for their business.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Not applicable.
• End-of-contract process: Not applicable.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Not applicable.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics: Power Platform metrics which can be monitored.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Microsoft ensures service availability. The admin centre enables you to view any potential downtime or issues that might have caused system disruptions for various reasons.
• Approach to resilience: Multiple data centres around the globe
• Outage reporting: The Power Platform has admin controls where users can monitor applications in real-time.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Within the Power Platform, there is highly granular permission capability including business units, teams, and security roles. All the way down to field level security.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber essentials.
• Information security policies and processes: Information and cyber security risks are managed through Staff onboarding training, refreshers of training and policies, and periodic review of the above documents. This is supplemented by technical controls such as deployment of Microsoft Defender for Office 365 and regular review of the Microsoft security portal.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We always recommend working with an agile project management methodology so that the client is in control of which requirements are addressed and when through the sprint deliveries. In terms of technical change control, we recommend separate Development, Test and Live environments, so that all changes, as well as the deployment steps themselves, are tested prior to a solution impacting the live environment. In addition, all our documentation and system releases are version-controlled, enabling a history of changes to be tracked.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All user accounts have Microsoft Defender for Office 365 licences, and all company owned devices have Defender Antivirus. Bespoke will be working on Power Platform solutions on the client's tenant. Potential threats and patching are largely managed by Microsoft. The latest Power Platform penetration tests may be found on the Microsoft Service Trust Portal: Power Platform security FAQs - https://learn.microsoft.com/en-us/power-platform/admin/security/faqs#where-can-i-find-power-platform-or-dynamics-365-penetration-tests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Bespoke will be working on Power Platform solutions on the client's tenant. Potential threats and patching are largely managed by Microsoft. The latest Power Platform penetration tests may be found on the Microsoft Service Trust Portal: Power Platform security FAQs - https://learn.microsoft.com/en-us/power-platform/admin/security/faqs#where-can-i-find-power-platform-or-dynamics-365-penetration-tests
• Incident management type: Supplier-defined controls
• Incident management approach: Bespoke provide an ongoing support service. Price on request depending on the complexity of the solution and the volume of users.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft Power Platform
• How shared infrastructure is kept separate: This is a feature within Power Platform as part of best governance and security practices.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Not applicable

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Bespoke upholds principles of equity and fairness throughout its operations, firmly denouncing any form of discrimination. Equal opportunities have been a cornerstone of our employment practices, underpinned by our comprehensive equal opportunities policy. Breaches of this policy will result in disciplinary proceedings and, where warranted, disciplinary action. The policy aims to prevent any discrimination, whether direct or indirect, based on factors such as race, colour, ethnic or national origin, religious belief, political opinion or affiliation, sex, marital status, sexual orientation, gender reassignment, age, or disability. We ensure this policy is shared with recruitment agencies responsible for our hiring process, and it is readily available to all employees and applicants for employment.

  Wellbeing

  Bespoke prioritises the well-being of its employees across all aspects of its operations. Our commitment to promoting employee wellbeing, has long been integral to our employment practices.

Pricing

• Price: £625.50 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jordan.brookes@bespoke-xyz.com. Tell them what format you need. It will help if you say what assistive technology you use.