Vodafone Limited

Public Cloud - Microsoft Azure offered by Vodafone (OFFICIAL)

Microsoft Azure allows you to build, manage and deploy applications on a global basis. Azure provides a broad set of infrastructure services, such as computing power, storage options, networking and databases, delivered as a utility: on-demand, available in seconds, with pay-as-you-go pricing.

Features

• Scalable, reliable and secure global computing infrastructure
• Your application can scale up or down based on demand
• End-to-end approach to secure flexible infrastructure

Benefits

• Quick and secure hosting of your applications
• Flexibility to select all the services you need
• No long-term contracts or up-front commitments

£0.01 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks_team@vodafone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

837152359650839

Contact

Frameworks Team
03333 040191
frameworks_team@vodafone.com

Service scope

• Service constraints: Please view detailed Service Description.
• System requirements: Refer to Azure catalogue for system requirements on specific products

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard response time is one hour with support available on a 24/7 basis. The Support Incident Escalation is available to be utilised for critical issues and whenever needed to resolve the issue speedily.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Vodafone will provide you with support for Microsoft Azure. Our Hosting Solutions Support team provides a 24x365 Service Desk and Incident Management team. Support will be provided in English. The Vodafone operational model for support is ITIL based.; If you think there is a fault or problem with your public cloud environment, you are able to raise a fault via your usual Vodafone support route.; Vodafone teams may contact the customer to work on the resolution of the fault. Customers must ensure that the correct contact details are submitted with their request. Vodafone’s support model for Microsoft Azure will triage issues into Microsoft if Vodafone is unable to resolve the issue.; More details : Service Descriptions Support section
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onboarding guidance is provided as part of the service. When the Azure service is ready the customer will be provided with the following:; I. Service Terms – contains Vodafone and Microsoft Azure T&Cs; II. Service Descriptions – a guide to cover all customer information inc. Azure products, support, global infrastructure etc. ; III : Cloud Ready website - Document area for all relevant information pack
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: From the application that uses Azure or through the Admin GUI. Vodafone may also be able to help you minimise the impact of off-boarding through our professional service capability.
• End-of-contract process: Customer must remove all of their data from the Platform notify Vodafone that they wish to terminate the Service. Vodafone will notify Customer of the date that the Service and any remaining data will be removed.; It is Customer’s sole responsibility to remove their data from the Platform and Vodafone shall have no liability whatsoever for any of Customers data that remains on the Platform once Customer has notified Vodafone that Customer wishes to terminate the Service.

Using the service

• Web browser interface: Yes
• Using the web interface: The Microsoft Azure public cloud provides a self-service web portal (Azure Resource Manager also known as ARM) and application programming interfaces (Azure Resource Management REST API) for the provision and management of Azure services. Both the API and web portal are available over the public Internet to Vodafone and our customers. Please note that the Azure classic portal is not provided as part of this product.; ; https://docs.microsoft.com/en-us/azure/azure-resource-manager/
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: It is accessible anywhere through an internet connection over HTTPs and end to end security can be assured by using Vodafone's secure networks.
• API: Yes
• What users can and can't do using the API: The Microsoft Azure public cloud provides a self-service web portal (Azure Resource Manager also known as ARM) and application programming interfaces (Azure Resource Management REST API) for the provision and management of Azure services. Both the API and web portal are available over the public Internet to Vodafone and our customers. Please note that the Azure classic portal is not provided as part of this product.; ; https://docs.microsoft.com/en-us/azure/azure-resource-manager/
• API automation tools:
  • Ansible
  • Chef
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Windows
  • MacOS
  • Other
• Using the command line interface: Please visit; https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Azure has more global regions than any other cloud provider – offering the scale needed to bring apps closer to users around the world, preserving data residency and offering comprehensive compliance and resiliency options for customers.
• Usage notifications: Yes
• Usage reporting: Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Broad set of global compute, storage, database analytics
  • Machine Learning and IoT
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: In Azure, organizations can encrypt data at rest without the risk or cost of a custom key management solution. Organizations have the option of letting Azure completely manage Encryption at Rest. Additionally, organizations have various options to closely manage encryption or encryption keys. See:; ; See:; https://docs.microsoft.com/en-us/azure/security/azure-security-encryption-atrest; ; With regards to Billing, Provisioning and other customer metadata, it is understood that most of this data is not encrypted at rest.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Replaces your existing on-premises or off-site backup solution
  • Azure Backup offers multiple components that you download and deploy
  • Back up data to a Recovery Services vault in Azure
• Backup controls: Backup applications need to be purchased by Azure portal. No Operational Support System (OSS) tooling is deployed (monitoring, backup, patch management and anti-malware).
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Azure networking supports the following secure remote access scenarios:; -Connect individual workstations to a virtual network (Point-to-site VPN); -Connect your on-premises network to a virtual network with a VPN (site-to-site VPN ); -Connect your on-premises network to a virtual network with a dedicated WAN link; -Connect virtual networks to each other (IPSEC tunnel); ; For all details see:; https://docs.microsoft.com/en-us/azure/security/security-network-overview
• Data protection within supplier network: Other
• Other protection within supplier network: An Azure virtual network provides a secure, logical network that's isolated from other virtual networks and supports many security controls that you use on your premises networks; ; For all details see:; https://docs.microsoft.com/en-us/azure/security/security-network-overview

Availability and resilience

• Guaranteed availability: Refer to Azure availability SLAs from here : https://azure.microsoft.com/en-gb/support/legal/sla/
• Approach to resilience: Azure has more global regions than any other cloud provider – offering the scale needed to bring apps closer to users around the world, preserving data residency and offering comprehensive compliance and resiliency options for customers.; ; An Azure Region is a set of data centres deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. With more global regions than any other cloud provider, Azure gives customers the flexibility to deploy apps where they need to. Azure is generally available in 42 regions around the world, with plans announced for 12 additional regions.; ; Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more data centres equipped with independent power, cooling and networking.; Availability Zones allow customers to run mission-critical apps with high availability and low-latency replication.; ; See https://azure.microsoft.com/en-gb/global-infrastructure/regions/ for more information.
• Outage reporting: As part of the service offering you have access to Azure Service Health that provides personalised guidance and support when issues in Azure services affect you. It can notify you, help you understand the impact of issues and keep you updated as the issue is resolved. It can also help you prepare for planned maintenance and changes that could affect the availability of your resources.; ; Further information on Azure Service Health can be found here:; https://azure.microsoft.com/en-gb/features/service-health/

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: By default, Vodafone customers have no access to their Azure subscription and the CSP Partner (Vodafone) must grant the customer with access to the directory. The suggested subscription permissions will be using AoBo (Admin on Behalf of).; ; Each Vodafone customer is provisioned each subscription with 1 Global Administrator which will be a separate account from the subscription owner. The customer is provisioned each subscription with 1 subscription owner which will be a separate account from the Azure AD Global administrator.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 01-Jan-2021
• What the ISO/IEC 27001 doesn’t cover: Available upon request to review in detail
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Services
• PCI DSS accreditation date: Various
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Vodafone policies align to ISO27002:2013

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Formal management responsibilities and procedures within Vodafone are in place to ensure satisfactory control of all changes. When changes are made, an audit log containing all relevant information is retained on the Vodafone change management system. Changes to operational systems are only made when there is a valid business reason to do so, such as an increase in the risk to the system.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Cloud provider controls. ; Refer to https://docs.microsoft.com/en-us/azure/security-center/
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Vodafone has logging and monitoring capabilities in place along with appropriate storage of log data. The monitoring capability and events are managed and stored within the SIEM solution. The SIEM solution has been built in line with GPG13 DETER
• Incident management type: Undisclosed
• Incident management approach: Incident management processes are in line with ITIL best practice, and integrated with event, problem and change management processes.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft
• How shared infrastructure is kept separate: Please see our detailed Service Description document (refer to Azure Shared responsibility model)

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Available upon request.

Social Value

• Fighting climate change:

  Fighting climate change

  We believe that urgent and sustained action is required to address the climate emergency. Business success should not come at a cost to the environment, and we are committed to ensure the greening of all our activities. We also see a key role for our digital networks and technologies in helping to address climate change. Digitalisation is key to saving energy, using natural resources more efficiently and creating a circular economy; Report:; https://www.investors.vodafone.com/esgaddendum
• Covid-19 recovery:

  Covid-19 recovery

  At Vodafone, we believe that everyone, everywhere should have access to technology. That is why our initiative – everyone.connected – aims to close the digital divide.; The COVID-19 pandemic has caused a global economic crisis, creating a greater need for focus on inclusion and equality. As a technology brand, we are determined to support those who need it most – students, jobseekers, small businesses, remote communities and the elderly. This is because we know that being connected creates endless opportunities; from remote working, to education and staying in touch.; We will keep doing all we can to make sure nobody is left behind – because when people are connected, equal opportunities are created and the future is brighter.
• Tackling economic inequality:

  Tackling economic inequality

  As a global telecommunications company, Vodafone is committed to tackling economic inequality by helping to create new businesses, jobs, and skills. Since forming in 1982, we have purchased products and services globally to innovate and achieve business growth. ; Today, Vodafone works with over 11,000 suppliers. We’re strong advocates of the ‘one company, local roots’ concept. By creating opportunities for new businesses and supporting supply chain resilience, we enable our suppliers to recruit and grow. In turn, our partners maintain their own diverse supply chains of smaller, local partners, technology start-ups and market specialists. ; We also work with leading public service provider, PeoplePlus, to help create opportunities for individuals from lower income households who may face barriers to employment. They are a national UK wide company and extension of the UK Job Centre who aim to deliver skills and training to ensure people can access the right employment and enhance their career prospects.
• Equal opportunity:

  Equal opportunity

  We currently use gender neutral advertising for vacancies posted. We run the advertisements through a gender decoder to make sure the way we advertise uses inclusive language. Ensuring we do not use masculine language means we can try and appeal to more people. ; Our recruitment team also actively ensure diverse shortlists are provided to hiring managers as well as having diverse interview panels. This is to ensure the candidate feels as comfortable as possible throughout the process. ; ; Senior leadership gender split: Talent initiatives, SMART targets, reverse mentoring, and inclusive leadership training. Our GMT has a 50:50 gender split. ; External collaboration: External partnerships, thought leadership from commissioned research. Participants in BITC’s BAME Cross-Organisational Mentoring Programme and the Black British Business Awards’ Talent Accelerator Programme. Signatories of the Race at Work Charter, Disability Confident Scheme and Hidden Disabilities Sunflower Scheme.
• Wellbeing:

  Wellbeing

  Our Group Health, Safety and Wellbeing Policy expands on the Code of Conduct, setting out our commitment to establish a robust and durable health, safety and wellbeing culture. This policy is accompanied by detailed standards setting out the specific steps that must be taken to manage our greatest risks.; https://www.vodafone.com/about-vodafone/who-we-are/people-and-culture/workplace-safety/our-approach-to-safety; For example: ; Family: Industry leading Maternity/Paternity Policies; and a flexible working culture. ; Work-life balance: An award-winning ReConnect return to work programme; an award-winning Domestic Abuse Policy, both recognised by the WorkingMums.co.uk Top Employer Awards. ; Learning and Development: Inclusion 4 All and Challenge 4 Change training, including senior leaders. Our new mandatory Withstander Programme focused on bystander intervention and active allyship launched globally in November 2020.

Pricing

• Price: £0.01 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks_team@vodafone.com. Tell them what format you need. It will help if you say what assistive technology you use.