GIGASTREAM LIMITED

Microsoft Azure

Gigastream offer the full range of Microsoft Azure services, with pricing models for government, business, education and non-profits. Our managed service optimises your licensing, maintains a secure environment, optionally configured to UK-OFFICIAL best practice, and provides access to premium Microsoft support channels when required.

Features

• Microsoft Azure
• Hybrid and Public Cloud Solutions
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Cloud infrastructure services
• Compute, container, database and application hosting
• Cloud networking, Firewalls, Intrusion Detection, DDOS protection
• Management and Support solutions for Microsoft Azure
• Ensure GDPR, regulatory and security compliance with policies and tools
• Reporting and Analytics

Benefits

• Microsoft Azure configuration support for use in UK-OFFICIAL settings
• Improved productivity
• Reduced costs
• Carbon reduction and ESG benefits of public cloud at scale
• Increased agility
• Secure working practices
• ITIL aligned incident management
• PRINCE2 aligned project management
• ISO 27001 aligned working practices
• Rapid delivery

£0.01 a licence a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@gigastream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

923371398838607

Contact

Christopher Sharp
01865 304050
digitalmarketplace@gigastream.co.uk

Service scope

• Service constraints: Service descriptions for publicly available Microsoft Azure services are indirectly linked from the directory at https://azure.microsoft.com/en-gb/products; Service descriptions for Microsoft 365 and Office 365 products are set out at https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx; Constraints may apply to the scope of cloud support work agreed with your organisation. These will be clearly documented in the Call-Off contract.
• System requirements:
  • Most modern web browsers are supported
  • System requirements differ per product in the portfolio
  • Microsoft publish system requirements on a product specific basis

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets will receive an initial response within 15 minutes. Support response times are dependent upon the service selected.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a variety of support levels as set out in our service description, including 24x7 access to premium Microsoft support channels
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Microsoft Azure cloud specialist will work with you to understand your business needs. The scope and nature of our engagement is flexible and can include defining your product requirements, integration needs, user details and security posture. Gigastream Cloud Support Engineers and Consultants will work to define your strategy, plan and implement your migration and support your users. An initial assessment, prior to contract award, will allow us to define the scope of work and plan any discovery activities prior to defining your project needs. FastTrack helps organisations accelerate deployment, migration, and adoption of their Microsoft cloud products
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Details of how to extract data from Office 365 can be found at https://products.office.com/en-us/business/office-365-online-data-portability Details on retention, deletion and destruction can be found at https://docs.microsoft.com/en-gb/office365/enterprise/office-365-data-retention-deletion-and-destruction-overview
• End-of-contract process: Upon expiration or termination of your Azure subscription or contract, Microsoft will provide you, by default, additional limited access to export your data. A termination plan can be produced and agreed with you, which will be tailored to reflect appropriate roles and responsibilities. It is recommended that you export all data before contract expiration. Data transfer is billed at the prevailing service rates.

Using the service

• Web browser interface: Yes
• Using the web interface: Most service management activities may be undertaken through the Azure portal. Some advanced activities may require use of Powershell, Azure Cloud Shell or APIs
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: DDA compliant testing forms an integral part of Microsoft's routine platform testing
• API: Yes
• What users can and can't do using the API: Virtually all Microsoft Azure services are fully controllable by API
• API automation tools:
  • Ansible
  • OpenStack
  • Terraform
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: Powershell and Azure Cloud Shell modules are available

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machines
  • Storage
  • Databases
  • Configuration metadata
  • Files
  • Customer data and content
• Backup controls: Users must specify the backup controls required
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Encryption of data in transit and at rest by default

Availability and resilience

• Guaranteed availability: Details of Microsoft Service Level Agreements for Online Services can be found here https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services; Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
• Approach to resilience: Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560; Microsoft Azure offers a variety of product specific service resilience options that should be selected to meet the business objectives from which the requirement arises
• Outage reporting: Azure and Office 365 include service status portals

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control. Administrative accounts have access to perform certain roles see https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 18/06/2021
• What the ISO/IEC 27001 doesn’t cover: Assessment reports, certificates and further audit data is available directly from Microsoft at https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-iso-27001?view=o365-worldwide
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 02/12/2011
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Service scope for office 365 is decribed in this document: https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-csa-star-certification?view=o365-worldwide
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman & Company, LLC
• PCI DSS accreditation date: 31/06/2021
• What the PCI DSS doesn’t cover: The full scope of service is available at https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-pci-dss?view=o365-worldwide
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NIST 800-171
  • ENISA IAF
  • ISO 27018
  • SOC 1, SOC 2
  • FEDRAMP
  • FIPS 140-2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Microsoft's Cloud services, are compliant with data protection standards and regulatory requirements, such as International Organization for Standardization (ISO), Service Organization Controls (SOC), National Institute of Standards and Technology (NIST), Federal Risk and Authorization Management Program (FedRAMP), and the General Data Protection Regulation (GDPR), NCSC. The Microsoft Cloud Security Policy is available via the Service Trust Platform https://servicetrust.microsoft.com/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Gigastream is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We rely on vendor support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities by them.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Given the scale of Microsoft Azure, it would be impossible to keep customer data resilient and safe from malware without built-in monitoring that is comprehensive, alerting that is intelligent, and self-healing that is fast and reliable. New mindsets and methodologies needed to be introduced, and whole new sets of technology needed to be created to operate and manage the service in a connected global environment. Microsoft have moved away from the traditional monitoring approach of data collection and filtering to create alerts to an approach that is based on data analysis. https://docs.microsoft.com/en-gb/office365/Enterprise/office-365-monitoring-and-self-healing
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management processes are based around ITIL best-practice. Incidents are categorised based on the incident type, severity and the impact on operations. The severity governs the rate at which an incident is progressed through the relevant support functions and the level of visibility which it is afforded across the organisation. Post-incident and KPI reporting is dependent upon the service level selected.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Details of how Microsoft Azure services adhere to the EU Code of Conduct for Energy Efficient datacentres can be viewed at https://azure.microsoft.com/en-us/blog/azure-gains-100th-compliance-offering-protecting-data-with-eu-cloud-code-of-conduct/

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Public and hybrid cloud technologies support carbon reducing IT initiatives in the fight against climate change

  Covid-19 recovery

  Supporting improvements in economic and public health outcomes following the Covid-19 pandemic

  Tackling economic inequality

  Public and hybrid cloud technology solutions can support clients in offering services to financially and digitally excluded consumers

  Equal opportunity

  Cloud solutions can support clients in offering inclusive services without boundaries

  Wellbeing

  Cloud solutions can improve public wellbeing by reducing the burden to access or operate services

Pricing

• Price: £0.01 a licence a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Some Microsoft Azure products are available for a free trial period. Feature availability in free trials is product specific. Please contact digitalmarketplace@gigastream.co.uk for more information
• Link to free trial: Please contact digitalmarketplace@gigastream.co.uk

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@gigastream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.