Focus Group

Focus Group Microsoft Cloud Solutions & Licencing

Focus Group are a Tier-1 Cloud Solutions Provider (CSP) allowing your organisation to benefit from license consultancy, procurement of services such as M365 licenses, Microsoft software licenses and Azure subscriptions as well as support, underpinning these services by leveraging Microsoft Premier Support.

Features

• Self-Service License Provisioning
• Microsoft Cloud Solutions Provisioning
• Azure Subscriptions
• Perpetual and subscription licenses
• Pay-as-you-go license models
• Public sector, not for profit and commercial licensing
• Support & guidance on license purchasing

Benefits

• Self-Manage access to services
• Consumption based services
• Transparent pricing, with no hidden fees
• Centralised subscription and licence management
• Flexible monthly or annual licencing

£0.81 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.team@focusgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

890823536924999

Contact

Focus Group
03300242000
bid.team@focusgroup.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Each user requires their own user license
  • Hardware meets application requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Service Level Targets are as follows:; ; P1 - Total loss of service at a customer premise/s, or critical service failure = 1 Hour; ; P2 - Partial loss of service to critical systems = 4 Hrs; ; P3 - Partial loss of service = 6 Hours; ; P4 - Configuration changes = by NBD
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is available through our infocus customer portal
• Web chat accessibility testing: Web chat testing with assistive technology users is currently being developed, including user testing, where individuals reliant on assistive tools like screen readers or voice recognition software interact with the chat. Their feedback informs iterative improvements with beta testing involving inviting assistive technology users to test chat features before launch, ensuring real-world usability
• Onsite support: Yes, at extra cost
• Support levels: Our Service Level target fix times are as follows:; ; P1 - Total loss of service at a customer premise/s, or critical service failure = 8 hours target fix time.; ; P2 - Partial loss of service to critical systems = 8 hours target fix time.; ; P3 - Partial loss of service = 24 hours target fix time.; ; P4 - Configuration changes = by NBD
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An account manager will manage the onboarding and offboarding of licenses as part of the initial transaction. There is also a serf-service portal for customers to manage their own licenses post initial deployment.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customer will have options to either extend the contract or move their licenses to another provider. Should the customer wish to cancel services, the customer will be required to manually extract their data from services.
• End-of-contract process: The licenses/services will cease to operate and will get suspended. The customer will be required to either renew their licenses/service or move their procurement to another partner or have access revoked.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: A web-based administration portal that provides access for an administrator.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessible via a standard web browser, providing full access to all features and functions expected of a comprehensive business licencing solution.
• Accessibility testing: None
• API: No
• Customisation available: No

Scaling

• Independence of resources: Microsoft provides SLAs and availability metrics to manage the services.

Analytics

• Service usage metrics: Yes
• Metrics types: A number of metrics are provided, all dependant on what licencing services are procured.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers will be expected to export their data manually from each of their services whilst licenses are active. Post license/service expiration, customers will need to extend their subscriptions to continue accessing the data to be able to extract it.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Microsoft SLAs can be accessed here:; Online Services: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services; Azure: https://azure.microsoft.com/en-gb/support/legal/sla/
• Approach to resilience: Please see: https://docs.microsoft.com/en-us/search/?terms=datacenter%20resilience
• Outage reporting: Major Service Outages (MSO) are communicated via email alerts to the main account contact email address. We have a virtual MSO team with dedicated responsibilities who react promptly when an MSO occurs. We negotiate bespoke updates from our suppliers to ensure we communicate efficiently to our customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All accounts are named account with the appropriate account security protections in place, confirming to ISO27001 and Cyber Essentials standards
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISO Quality Services Ltd
• ISO/IEC 27001 accreditation date: 30/06/2023
• What the ISO/IEC 27001 doesn’t cover: Not Applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cyber Essentials

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A change record has to be created and approved by Board which has to adhere to our Change Management Policy. The change record will only be approved if included there are details of the change being made, impact to the business, a security impact assessment, and a full backout plan. Without any of this information the change will not be accepted.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Microsoft operate a Security Operations Centre which provide ongoing vulnerability management and regular communications to threats as part of their offering to customers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have event and audit logging enabled on our Active Directory which monitors key events. We have monitoring on our O365 looking for suspicious behaviour or malicious emails.; ; Alerts are raised to the Information Security Manager when key events occur. These are evaluated for potential compromises.; ; Potential compromises are investigated internally withing 1 hour and brought to resolution.; ; Potential compromises are responded to in real-time in line with our monitoring.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Incident Management Process used by our Helpdesk, in which users can raise tickets or call into to report an incident.; ; The Helpdesk will then review the incident, will resolve the issue, and provide a Route Cause Analysis (RCA), and then produce an incident report for the client.; ; All incidents that come in are logged in our Incident Management Log file which can be evaluated over time and historically reviewed.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Our G-Cloud service provision is committed to fighting climate change ; ; Carbon Footprint Reduction: Our infrastructure is designed with energy efficiency in mind, minimising carbon emissions associated with hosting and delivering cloud services. We prioritise data center locations powered by renewable energy sources to reduce the carbon footprint of our operations.; ; Remote Work and Collaboration Tools: By offering robust remote work and collaboration tools, we facilitate telecommuting and virtual meetings, reducing the need for commuting and business travel. This helps decrease greenhouse gas emissions from transportation, a significant contributor to climate change.; ; By aligning with these social value themes outlined in PPN 06/20, our G-Cloud service provision demonstrates a tangible commitment to fighting climate change and promoting environmental sustainability.

Pricing

• Price: £0.81 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.team@focusgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.