Content Formula

Lightspeed SharePoint Online modern intranet

We help organisations get the best value out of their SharePoint intranet with a service that covers requirements gathering, information architecture, UX design, branding, configuration, QA testing, content planning and migration, training, and launch support. Add-on WebParts are also available for enriching the employee experience.

Features

• Requirements gathering for intranet and digital workplace
• Information Architecture planning for intranet and digital workplace
• UX design for intranet and digital workplace
• Branding for intranet and digital workplace
• News communications for employees
• Policy management for employees
• Departmental self-service guidance for employees - 'How do I?'
• Enterprise social network integration
• Intranet training - including live sessions and video content
• Adoption and change management services (webinars, clinics, training, promotional materials)

Benefits

• Understand employee needs and focus areas for your intranet
• Structure your organisational information in an intuitive way to users
• Deliver news and communications to the right people
• Launch a best practice intranet quickly
• Launch an intranet that is aligned with your brand
• Support knowledge owners in sharing their information effectively
• Get feedback on the effectiveness of your intranet
• Facilitate adoption of your intranet through promotion and training

£25,000 to £150,000 an instance

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dhawtrey@contentformula.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

816472404880610

Contact

Dan Hawtrey
020 4534 3460
dhawtrey@contentformula.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft SharePoint Online, Microsoft Teams, Microsoft Yammer
• Cloud deployment model: Private cloud
• Service constraints: Support is limited to customers on Microsoft 365 with SharePoint Online
• System requirements:
  • Microsoft 365
  • Microsoft SharePoint Online

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response times depend on the SLA we have in place with the customer. ; ; Office hours are 0900-1730 (UK), Mon-Fri.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide level 2 and 3 support to our customers own support teams. We do not provide level 1 (end-user) support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a guided end-to-end onboarding programme. This includes requirements gathering through to training and ongoing support post launch.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customer data resides on their own Microsoft 365 tenant and not with Content Formula.
• End-of-contract process: Depending on the contract type (Bronze, Silver or Gold) there are different inclusions and exclusions. These are detailed in our Statement of Work which is issued at the start of any project. Any requirements outside of the scope specified in this document would be estimated and added to the cost of the project.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our service works on mobile devices in different ways depending on the apps you use. It includes support for the following mobile apps:; ; Native mobile web browser (e.g. Safari on iOS), Microsoft Teams, SharePoint; ; The mobile apps provide near to 100% of the desktop features, but with adaptations to layout (responsive design).
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Customers can choose from 3 main levels of service: Bronze, Silver and Gold.; ; Silver and Gold have the same technical features, but a larger amount of consultancy services.; ; Customers can also choose to add Lightspeed Modules - a suite of WebParts which enrich the user experience.

Scaling

• Independence of resources: We do not provide the technical infrastructure for our service - this is provided by Microsoft as part of their 365 platform.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide usage metrics through the standard Microsoft 365 reporting tools. These can be augmented through PowerBI reports if: (a) the customer has PowerBI licences in place and (b) if the customer agrees to an additional project/cost for configuration of the PowerBI reports by our consultants.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Federal Information Processing Standard (FIPS) Publication 140-2 https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest#:~:text=Azure%20Storage%20encryption%20for%20data,encryption%20with%20your%20own%20keys.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users do not need to export their data from our service as we do not store data. Customer data remains stored on their own Microsoft 365 tenant. Users can export data from that platform as per Microsoft guidelines.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have a service uptime commitment of 99.7% We provide service credits if we drop below our service uptime commitment.
• Approach to resilience: Available on request
• Outage reporting: We report significant outages by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All support and managerment interfaces that Lightspeed SharePoint uses are permission controlled and require fully authenticated sessions. Lightspeed SharePoint management interfaces are only enabled for explicitly defined users by a main Lightspeed SharePoint administrator. Our support channels allow for explicit access to single support requests or views from the entire organisation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have implemented ISO27001 but are not certified
• Information security policies and processes: We have a number of information security policies in place which include: Data sanitisation policy, Encryption policy, Password policy, Joiners and leavers process, Security vetting policy, Business continuity and disaster recovery policy, Risk management policy, Information classification policy, Internet and email conditions of use policy, Back procedures, USB drive policy, Data disposal policy, Remote access policy, Incident response policy, Software patching policy (incl. antivirus), Information storage and transfer policy, PC audit procedure, Annual cyber security training

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All of our Lightspeed products are tracked and managed through a Dev Ops process using Microsoft's Azure DevOps. The Content Formula technology team regularly carry out peer code reviews of each component of the Lightspeed solution.; ; Any changes are managed through this same DevOps life cycle and reviewed internally for any potential security impact by the Content Formula technology team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All aspects of the Lightspeed solution are client-hosted within the customers SharePoint platform. ; ; Any product patches are deployed peridocially by the customer who has a consultant on had should they require any extra help.; ; Our platform utilises standard Microsoft threat protection features such as Defender for Cloud Apps to ensure the application is safe guarded.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As Lightspeed is a solution that lives within the client hosted environment and has been built using standard SharePoint extensibility frameworks, any protective monitoring that has been set up within your Microsoft 365 environment will be applied to all Lightspeed components
• Incident management type: Supplier-defined controls
• Incident management approach: For any incidents, users can report them using the Content Formula service support desk - this is a JIRA application dedicated to providing support for the Lightspeed application.; ; Because Lightspeed is a client hosted application, there is no centralised platform that could cause outage that is controlled by Content Formula and as such we do not provide service status updates / pages.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Because our service is based in the Microsoft cloud will benefit from Microsoft's own sustainability standards, monitoring and controls. For example, a 2018 study found that using the Microsoft Azure cloud platform can be up to 93 per cent more energy-efficient and up to 98 per cent more carbon efficient than on-premises solutions. Go here to learn more: https://azure.microsoft.com/en-gb/global-infrastructure/sustainability/
• Covid-19 recovery:

  Covid-19 recovery

  Most organisations have put in place Covid-19 policies. Our service helps ensure that these policies are understood and adhered to.
• Tackling economic inequality:

  Tackling economic inequality

  Most organisations have policies in place to govern their corporate social responsibility. Our service helps ensure such policies are understood and adhered to.
• Equal opportunity:

  Equal opportunity

  Most organisations have policies in place to govern their corporate social responsibility. Our service helps ensure such policies are understood and adhered to.
• Wellbeing:

  Wellbeing

  Most organisations have policies in place to their employee wellbeing. Our service helps ensure such policies are understood and adhered to.

Pricing

• Price: £25,000 to £150,000 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dhawtrey@contentformula.com. Tell them what format you need. It will help if you say what assistive technology you use.