Fordway

Services for Microsoft Office 365 Enterprise Suite

Ongoing support, management, optimisation and security of Microsoft Office 365 E3, E5 and F3 subscriptions. Includes 24 x7 support, optional O365 backup and device management (where licensed), user and subscription management

Features

• Three different service levels based on Office 365 subscription
• E1/F3/F5 and kiosk users
• E3 and E3 with E3 EM&S
• E5 and E5 with EM&S
• Tailored service specific to your organisations business needs
• Unlock the full licence potential of MS365 Enterprise
• Enhanced security with Microsoft Defender (Licence specific)
• Pro-active dashboards and alerting
• 24/7/365 UK Based Service Desk

Benefits

• Get the most from your Office 365 Enterprise subscription
• Independent feedback on benefits and limitations
• Experienced personnel, UK based with 24/7 service desk
• Comprehensive licence assessment, highlighting benefits
• Three Options dependent on Office 365 subscription
• Detailed knowledge of tools for management and security
• Review of third party licence usage for potential cost reductions
• Costed and aligned to business requirements
• Fully managed service for all levels

£5.00 to £22.50 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

800438707752643

Contact

Richard Blanford
01483 528200
tenders@fordway.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Azure IaaS Operations and Management; Azure SQL DB Management; Azure Virtual Desktop Management; Backup and Service Continuity; Azure Service Management; Microsoft 365 Enterprise Desktop Management; Managed Windows 365 Virtual Desktops; Microsoft 365 Subscription Management; Microsoft 365 Backup for Office 365
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: The service runs active/active across multiple Cloud availability zones, within Azure or locally hosted. There is no requirement for planned downtime of the underpinning service infrastructure, it is available 24x7x365. In normal running, due to operating from a fully resilient and virtualised environment there is no requirement for planned downtime. Depending on the specific services and applications being managed, there may be limited requirement for authorised downtime
• System requirements:
  • Caters for All Windows and most Linux derivatives
  • Will operate and manage any/all components of IT infrastructure
  • In Cloud, on-premise or hybrid
  • Microsoft Office 365 subscription

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 incident 24 x 7, 15 minute response. ; Priority 2 incident 24 x 7, 1 hour response Priority 3 incident 12 x 5, 4 hour response.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Tested integration with JAWS for visually impaired users
• Onsite support: Yes, at extra cost
• Support levels: All service components have specific SLAs with an overall service availability dependent on the services selected and integrated. All services are monitored and secured with manned support and response 24 x 7 x 365 from our UK SOC. Core services are supported with a Service Delivery Manager plus technical account management where applicable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Fordway will discuss the detailed requirements with the customer and agree SLA's and operational processes. These will be managed and reviewed against performance. With regular meetings and direct interaction between the customer and Fordway staff. The full details will be finalised in the Project Initiation Document.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Fordway have an exit procedure where we work with the customer to exit or migrate away from this service, depending on the configuration of the solution. This exit procedure will include any data, performance statistics and service records as described within the contract along with any associated costs. Exit process is detailed in the Service Description.
• End-of-contract process: Fordway have an exit procedure where we work with the customer to exit or migrate away from this service, depending on the configuration of the solution. This exit procedure will include any performance statistics and service records as described within the contract along with any associated costs. Process requirements are detailed in the Service Description.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None apart from formatting due to screen size
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Web based dashboard and on-line real time reporting, with regular reporting
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Tested with Microsoft Teams and Windows capabilities
• API: No
• Customisation available: Yes
• Description of customisation: This service is fully customisable to fit what the customer requires from an IT service. Fordway can take over all or part of the IT function for a company based on their inherent skills. This will be explored during the Project Initiation phase.

Scaling

• Independence of resources: Users are guaranteed scalability through solution design and Fordway's ISO27001 accreditation on their service structure

Analytics

• Service usage metrics: Yes
• Metrics types: Fordway will provide metrics on server, storage, network performance with dashboards and reporting. Alerts will be sent through via email if thresholds are exceeded. If security is included full security and audit logs, along with identity and authentication issues will be included. Regular meetings will be held with the customer and a Service Delivery Manager optionally may be assigned (depending on customer requirements)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data on request and in an agreed format depending on their requirements
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Native application file format
  • Export to OneDrive, Dropbox or other hosted file storage
  • Export to portable hard disk
  • Azure Blob storage, Azure Files
  • AWS S3, AWS File, AWS Glacier
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Native application file format
  • Azure Blob storage, Azure files
  • AWS S3, AWS files, AWS Glacier
  • Portable hard disk
  • OneDrive, Dropbox or other hosted file service

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Disclosed on request
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Disclosed on request

Availability and resilience

• Guaranteed availability: Fordway provide a standard SLA with availability of 99.95% measured annually; 99.9% any quarter. Fordway recompense users with a credit of 2.5% of the monthly service contract value for each working hour the service has not met the SLA up to a maximum of 20% of the monthly service charge
• Approach to resilience: Fordway use inherent resilience within Azure, with customer data located in different availability zones and regions as necessary.; ; All elements of the service are operated and secured to ISO27001 under Fordway’s existing certification. Fordway is accredited to manage OFFICIAL-SENSITIVE classifications.
• Outage reporting: The service provides service updates which are notified into the client dashboard in their portal and can be configured to send email alerts if desired. The service operates under Fordway's standard SLA and any service outages will be reported as per the SLA which can be tailored to the customer's requirements.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: None
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 14/03/2022 (recertification) original certification March 2008
• What the ISO/IEC 27001 doesn’t cover: ISO27001/27017/27018 Statement of Applicability disclosed on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • List N (Nuclear Industry)
  • PSN Code of Conduct and Compliance
  • NHS IGSoC for N3/HSCN certification
  • PAS555
  • ISO27017
  • ISO27018
  • GCloud Assured

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: These are defined and audited as part of Fordway's ISO27001/27017/27018 certification, with regular senior management review. Details and supporting documentation will be made available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Fordway change and configuration process aligns with ITIL v3.0 and ISO27001 and ISO20000
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Fordway's risk management aligns with ISO27001
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Fordway's security incident and event monitoring conforms to ISO27001 and DPA requirements. Any incident will be assessed for risk and prioritised accordingly.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Fordway incident management process complies to ISO27001:2013 and aligns to ITIL best practise and ISO20000. Incident management and reporting is defined within Fordway's standard SLA and tailored to customer requirements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Using Cloud offers considerable efficiency and consumption savings compared to running in house, on premises and hosted environments

Pricing

• Price: £5.00 to £22.50 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.