SIMPLEX SERVICES (UK) LIMITED

Microsoft 365

Our Digital Workspace Technical Advisory, Consultancy and Support Services provides:1. Inputs and validation for Greenfield collaboration services and/or integration with legacy infrastructure. 2. Identification, finalisation and governance for medium and large projects. 3. Formulate/validate existing architecture covering business aligned technology vision, principles, policies, standards and roadmap to target cloud architecture.

Features

• Strategy and Consulting to choose the right Collaboration platform
• Solution Architecture
• Compliance and Assurance
• Packaged Services including software licenses for as-a-service requirements
• Office, Outlook, Exchange Online, OneDrive for Business, Microsoft Intune
• Chat-based workspace, online meetings, and more in Microsoft Teams
• Stream, Yammer, Planner, SharePoint Online, Power Apps, Flow
• Scheduling Apps – Bookings, StaffHub
• Business Apps – Outlook Customer Manager, MileIQ, Invoicing
• Office 365 Advanced Threat Protection, Microsoft Defender Exploit Guard

Benefits

• Enhanced credibility for your existing strategy
• Address business needs, maintain quality of outputs and control
• Align user needs to cloud offerings
• Tangible outputs conforming to technology framework
• Diverse skillsets and scalable (up and down) model
• Self-service password reset for hybrid Azure Active Directory accounts
• Office 365 Data Loss Prevention
• Unlimited email archiving
• Windows AutoPilot, Windows Pro Management
• Device & App Management

£1 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mohit@simplex-services.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

789994916647131

Contact

Mohit Bajaj
+447946789222
mohit@simplex-services.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Third party software for specific customer needs. This will be dependant on the components and services that require enhanced and/or custom capabilities and are not completely met by M365 out of the box solutions/services.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No immediate constraints. The standard constraints can be accessed at https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-service-descriptions-technet-library?redirectedfrom=MSDN.
• System requirements:
  • Appropriate licensing is procured
  • System requirements are dependent on each individual project and customer

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The response times are defined as per customer's requirements and budgets. We broadly classify our support into three categories: Standard, Important and Critical. Standard: General guidance cases < 24 business hours; system impaired cases < 12 business hours. Important: General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour. Critical: General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour; business-critical system down cases < 15 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have not directly done web interface testing for assistive technology users but can work and channelise with partners to bring those testing experience for our clients.
• Onsite support: Yes, at extra cost
• Support levels: We offer 9am to 5pm or 24/7 support dependent on client needs and can be a combination of on-site and remote support. We have a team of consultants and specialists who are certified in the specific technology and cloud services area. We provide the 1st line and 2nd line support using our in house resources and we leverage on our relationship with the cloud service providers for any 3rd line support. We support three levels titled: Standard, Important and Crticial. We work with clients to understand their business requirements and cost implications and then align workloads to support levels. We have Technical Account Manager and Cloud Specialist to help our clients define these support levels and ensure right fit throughout the contract. This activity is carried during the initial setup and can be altered if our client's requirement changes providing flexibility.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our onboarding services are tailored to customer’s requirements and can be combination of onsite training, online training, and/or user documentation/guides. Our standard methodology is to adopt a train-the-trainer approach. This allows knowledge to cascade throughout the organisation to all users. ; ; The key on-boarding tasks include Governance Model, Requirements and Delivery approach, End User communication and Commercials.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All the existing and data created in relation to the services in question will remain the property of the customer. The data can be extracted in an agreed format and within agreed timescales. ; ; Microsoft M365 data extraction specific details can be found here: https://docs.microsoft.com/en-us/office365/Enterprise/office-365-data-retention-deletion-and-destruction-overview
• End-of-contract process: A contract termination plan will be produced and agreed with the customer. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The core functionalities are available across all platforms. However, some of the services are optimised for mobile, desktop and tablet use and there are differences. See https://support.office.com/en-us/article/Office-Online-browser-support-AD1303E0-A318-47AA-B409-D3A5EB44E452
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Please see https://products.office.com/en-gb/business/office-365-administration
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have not directly done web interface testing for assistive technology users but can work and channelise with partners to bring those testing experience for our clients.
• API: Yes
• What users can and can't do using the API: Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Various level of customisation can be done. This is subject to customer business requirements and contract discussion.

Scaling

• Independence of resources: We provide an agile and scalable service in order to meet the fluctuations in demand for each individual service. These services are underpinned by a set of pre-agreed SLAs with each individual customer, ensuring continuity of the services being provided and are backed by Microsoft's Investment and SLA's.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide various levels of metrics and can be customised as per customer's need. Further details can be found here - https://docs.microsoft.com/en-gb/microsoft-365/admin/activity-reports/activity-reports?redirectSourcePath=%252fen-us%252farticle%252fActivity-Reports-in-the-Office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263&view=o365-worldwide
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Multiple. Specific customer, components, services that require custom/enhanced capabilities

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Tailored to customer’s requirements. Further detail can be found at https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365?view=o365-worldwide and https://docs.microsoft.com/en-us/office365/Enterprise/office-365-data-retention-deletion-and-destruction-overview.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The SLAs can be accessed here - https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement and https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description
• Approach to resilience: As your cloud collaboration provider we have partnered with Microsoft to continuously earn our customers trust by providing solutions that function consistently and that our users love. ; ; When any given service is unavailable, this is called downtime. The definition of downtime varies for each Microsoft 365 service, but they commonly focus on any period of time when users are unable to use the essential functionality of the service. ; ; Details of how Microsoft defines and ensures resiliency in the M365 service can be found here: https://docs.microsoft.com/en-us/microsoft-365/enterprise/ebcm-m365-service-resiliency?view=o365-worldwide
• Outage reporting: M365 service status portal for tracking any outages are available in a real time basis and can be accessed here - https://status.office365.com/. Customer specific services health status can be accessed here - https://portal.office.com/adminportal/home#/servicehealth

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We support Modern Authentication enables Active Directory Authentication Library (ADAL)-based sign-in for Office client apps across different platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), smart card, and certificate-based authentication.; ; MFA for Office 365 - users are required to acknowledge a phone call, text, or an app notification on their smartphone after correctly entering their password.; ; Further details can be found here - https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/user-account-management?redirectedfrom=MSDN
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: INTERNATIONAL REGISTER OF QUALITY ASSESSED ORGANISATIONS
• ISO/IEC 27001 accreditation date: 24/02/2024
• What the ISO/IEC 27001 doesn’t cover: NA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: To ensure security for our customers, we cover it right from the requirements phase through to implementation supporting the complete Security Development Lifecycle.; ; We address information security concerns and compliance requirements for our customers by designing the access to the customer’s sensitive data with complete adherence and traceability.
• Information security policies and processes: We have designed detailed policies for information security with ultimate responsibility resting with our CISO. We are Cyber Essentials certified. Our associates go through security checks like The BS7858 screening, DBS and any customer specific requirements. ; ; The screening comprises of ID verification check, Address verification check, Right to Work check, Personal/character reference, Full UK credit check (includes bankruptcy/insolvency check, CCJ check and up to date credit score), Five years employment verification, Gap verification and Basic DBS check (criminal record check).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Simplex is committed to ITIL aligned Change and Configuration Management for effective management and control of their customer's infrastructure. ; ; We work with our customers to align with their Change Management Database (CMDB), service support and delivery requirements to ensure a complete and accurate view of their assets.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Simplex subscribe to vendor support services and in M365 case with Microsoft to ensure the environment is operating in line with the latest recommendations and we make our customers of any potential vulnerabilities. The patch deployment policy is ITIL aligned and undertaken in accordance with customer's security policy. For exceptional and emergency patching, our processes allow proper process to protect customer services from vulnerabilities. Regular notifications are sent to ensure that customers are informed of planned works and all patches are tested before deployment to live.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We makes use of cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. Subsequently, a real-time analytics engine is used to correlate events, logs and performance metrics across customer's cloud and on-premise infrastructure. We configure a comprehensive suite of highly configurable rules to allow the alerts to be sent in response to malicious activity and performance-impacting events.; ; M365 specific monitoring details can be found here: https://docs.microsoft.com/en-us/office365/enterprise/office-365-monitoring-and-self-healing
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our ITIL-aligned Incident Management process and Service Desk is the first point of contact and manages incidents and escalations until resolution. This ensures that we respond to any reported faults and sets out target response and resolution times to ensure that these are fixed within agreed timeframes. ; ; The customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Involved in activities like:; ; - Support Green initiatives in our projects internal and external delivered to our customers. We have Green Project Management certified PMs.; ; - Deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.; - Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.

  Covid-19 recovery

  We are involved in activities like below in the delivery of the contract and our services to customers:; - Create employment and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors.; - Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services including remote and hybrid working.; ; - Support the mental health of people affected by COVID-19.; - Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions and only travel when needed.

  Tackling economic inequality

  Involved in activities like:; - Providing internship and training opportunities to address skills gaps and giving them pathway to employment.; ; - Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.

  Equal opportunity

  Involved and supporting activities in reduce the disability employment gap like:; ; - Influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people. Our co-founder and CEO is a Governor in a college of special needs and advocates and support the students inclusion in the employment.

  Wellbeing

  Involved and supporting activities in improving health and wellbeing like:; ; - Support the health and wellbeing, including physical and mental health, in the contract workforce.; - Influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.

Pricing

• Price: £1 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: For latest free trial options, please check - https://www.microsoft.com/en-gb/microsoft-365/try?SilentAuth=1

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mohit@simplex-services.com. Tell them what format you need. It will help if you say what assistive technology you use.