NEXER ENTERPRISE APPLICATIONS LIMITED

Microsoft Dynamics 365 Installation & Consultancy Services

NEXER are a reseller of Microsoft Dynamics licenses and we provide installation, consultancy / implementation services and Application Management and Support (AMAS). This includes D365 Finance, SCM, Commerce, Retail, Sales, Marketing, Customer Service, Field Service, HR Project Operations and supporting technology such as Business Intelligence and the PowerPlatform.

Features

• Cloud (Azure) based modern Finance, ERP, CRM and HR solutions
• Based on industry standard business processes
• Inbuilt industry leading Business Intelligence (PowerBI)
• Global solution which is localised for individual country regulatory requirements.
• Scalable architecture in the cloud
• Continual updates to remain on the latest versions of software
• Integrated with the wider Microsoft stack of applications
• Proven implementation methodology for successful adoption and deployment
• Local and global helpdesk for ongoing help and support

Benefits

• Access systems and information any time from anywhere across device
• Utilise, centralise and standardise business processes
• Improve user experience with a modern Microsoft user interface
• Improve speed of insight with accurate business intelligence
• Make the most of your existing investment in Microsoft
• Low risk investment given the significant ongoing investment from Microsoft
• Integrated business applications across Microsoft Dynamics 365
• Centralised and standardised data
• Proven implementation methodology for successful adoption and deployment
• Local and global helpdesk for ongoing help and support

£6 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.burden@nexergroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

948030978624974

Contact

Martin Burden
07395021600
martin.burden@nexergroup.com

Service scope

• Service constraints: N/A
• System requirements:
  • Speed of internet access for users as requested by Microsoft
  • Each user must have a license for system access
  • Device system access based on specifications provided by Microsoft
  • Internet browser access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: NEXER provide in country and global Application Management and Support Services (AMAS) covering office working hours, 24x5, 24x7 or a tailored times to suit your business. The typical SLAs for incident response are as follows: P1: (Initial Response 20 minutes and Target Resolution Time 2 hours). P2: (Initial Response 20 minutes and Target Resolution Time 4 hours). P3: (Initial Response 20 minutes, Target Resolution Time 8 hours). P4: (Initial Response 30 minutes, Target Resolution Time 16 hours). P5: (Initial Response 30 minutes, Target Resolution Time 72 hours).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: NEXER have multiple support offerings from a per incident tickets, an hourly rate or a fixed price agreement all set against SLAs which means the price for our service can be as low as £6k per year. Our service is typically a second line support service to the Clients team but we can offer first line support also. NEXER also has an Advanced Support for Partners) agreement with Microsoft directly which is in place to support the client with issue escalation with Microsoft should there be any issues with the software. NEXER will assign a Client Lead and Support Lead as escalation points for the agreement and NEXER provides access to a team of functional and technical consultants to resolve the incidents. The incidents are routed to the correct resource(s) depending on the nature of the question.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: NEXER provide comprehensive services to help with installation, implementation, training and support in making sure that Microsoft Dynamics 365 is setup and operating in the best way for your business.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Excel
  • Azure DevOps
• End-of-contract data extraction: Should the client wish to stop using the Microsoft Dynamics business applications then the client is able to extract data using the data management tools that is part of the standard solution. There are no additional costs or restrictions for accessing data.
• End-of-contract process: NEXER will provide implementation services to install software and configure the solution(s). NEXER then provide optional Application Management and Support (AMAS) for ongoing BAU support. NEXER will also support with any further optimisation work.

Using the service

• Web browser interface: Yes
• Using the web interface: Microsoft is committed to making the products easy for all to access. The user interface is very intuitive and easy to use as it is a Microsoft product and similar to using other Microsoft UI tools such as Microsoft 365. The UI also includes integration business intelligence and reporting.; ; Users are provided a link to access software on signing an order which provides full access to the software including security roles to allow users different levels of access to the software. As a full system administration user, these users have full access to view and update the system if required.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Windows Narrator and keyboard-only access: Every field and control has a label and a description of applicable shortcuts. A screen reader can read the label and description. Shortcuts for the most frequently performed actions: For most users, everyday system use involves lots of data entry and keyboard interaction. To enhance the user experience, we have created shortcuts to help you "jump" around the screen and shortcuts for specialized actions.
• API: Yes
• What users can and can't do using the API: Microsoft Dynamics has a set of prebuilt APIs allowing for efficient import and export of data. The APIs are provided as standard with the solution but these can also be updated or new APIs created.
• API automation tools: Other
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility: Windows
• Using the command line interface: .

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Microsoft through the Azure cloud provides an elastic and scalable infrastructure to support your business. Microsoft's technical landscape scales automatically to support the business needs and there is also a Microsoft Dynamics Service Engineering team who monitor the systems.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Microsoft Dynamics 365 Application
  • Database
  • Data
• Backup controls: As part of the Azure cloud environment that Microsoft Dynamics 365 is hosted on, automate backup is included due to Microsoft system resilience with automated backup to other data centres to support the SLAs that are in place with Microsoft.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Microsoft Dynamics operating on the Azure cloud has a 99.9% uptime SLA with service penalties if Microsoft fail to meet this SLA. Should a client believe that the SLA has not been met then the client can make a claim to Microsoft. For NEXER helpdesk issues that are addressed through the Application Management and Support (AMAS) service, NEXER most typical provide a target SLA but can also provide a model to include service credits if needed.
• Approach to resilience: Microsoft's Enterprise Business Continuity Management (EBCM) team oversees business continuity management and disaster recovery activities across Microsoft services and cloud offerings. Representatives from Microsoft business units coordinate with the EBCM team to develop business continuity plans and validate compliance with business continuity requirements. This three-phase process is designed to be adaptable so it can be implemented by a wide variety of business models across Microsoft. It begins with an Assessment phase to identify critical processes and objectives that should be included in the business continuity program. The Assessment phase also requires a Business Impact Analysis (BIA). The Planning phase focuses on developing and implementing resilience and recovery strategies and documenting them in official business continuity plans. Finally, Capability Validation tests business continuity plans and their implementations to verify effectiveness and identify potential improvements. Microsoft online services business continuity strategies use hardware, network, and datacenter redundancy. Data replication between datacenters provides high availability and reliability during a catastrophic incident. It also increases resilience to mundane incidents such as isolated hardware failure or data corruption.
• Outage reporting: Microsoft has a feature called Report production outage. This feature provides a quick and effective channel to escalate issues to Microsoft Support in the event that the services in a production environment are degraded or become unavailable. This is a public facing portal. It is typical to get emails and alerts from Microsoft where there is a known issue.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Each user in the system is assigned a role which has security associated which restricts users to the functions that they are provided access to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: RISE
• ISO/IEC 27001 accreditation date: 12/04/2021
• What the ISO/IEC 27001 doesn’t cover: Our certification covers the provision of IT consulting and management consulting as well as provision of managed services in the area of development, maintenance, operation and support of IT solutions. All in accordance with Statement of Applicability v4. We have the required level of certification for the work carried out by NEXER.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 15/08/2018
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: As Microsoft is the solution that NEXER provide services to implement, Microsoft have the relevant certifications in place.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: NEXER will provide access to Microsoft licenses to use the Microsoft Dynamics 365 business applications. Microsoft provide comprehensive security policies and processes in line with the cloud software that is provided. NEXER are GDPR and security compliant with ISO9001, 140001 and 27001 certifications in place. NEXER also have data breach policies in place and a security officer available should any breaches occur.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration review is included in Nexer’s methodology through configuration and playback workshop cycles. Nexer typically include three iterations to cover configuration in every area of the solution. Further validation of the configurations is carried out during System Integration testing and Scenario User testing. Maintenance updates i.e. security and operating system updates, to the Production environment are undertaken by Microsoft on a regular schedule. Microsoft software updates are either deployed by Microsoft to the nominated Sandbox and Production environments on a schedule configured in Lifecycle Services, or by the Customer if the update is required sooner than the Microsoft schedule.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Microsoft have responsibility with the Dynamics 365 SaaS model for the infrastructure and hosting of the cloud solution. Microsoft rate vulnerabilities as either Critical, Important, Moderate or Low. These are described/determined as follows: https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system. Microsoft perform regular vulnerability testing for the Dynamics 365 platform. Microsoft issue notifications to Lifecycle Services Project Owners for D365 environments, and to tenant administrators via the Microsoft admin centre. Validation of security controls relating to vulnerability management can be found at https://docs.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management. During implementation, Nexer deliver workshops relating to application security design and best practices.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Dynamics 365 leverages the Microsoft Cyber Defence Operations Center (CDOC), which brings together security response experts from across the company to help protect, detect, and respond 24/7 to security threats against Microsoft's infrastructure and services. Microsoft Malware Protection Center’s team of researchers identify, reverse engineer, and develop malware signatures and then deploy them across the Microsoft infrastructure for advanced detection and defence. Dynamics 365 is ISO 27001, ISO27017 and ISO 27018 certified (https://servicetrust.microsoft.com/). Dynamics 365 is also compliant with TISAX Standard (https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-tisax-germany?view=o365-worldwide Dynamics 365 is designed on the principles of the Software Development Lifecycle ( SDL) and embedding security requirements.
• Incident management type: Supplier-defined controls
• Incident management approach: Microsoft conform to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 in managing security incidents. Several teams at Microsoft provide varying and related services as a preventative measure, including monitoring, detection and response. Examples include the “Microsoft Security Response Center” to identify, monitor, resolve and respond to security incidents and vulnerabilities; “Microsoft Datacenter Security Team” whose remit is to ensure common security investments are in place to protect, detect and respond to threats; "Microsoft security response teams” and "Customer experience communication teams"

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: .

Social Value

• Fighting climate change:

  Fighting climate change

  .
• Covid-19 recovery:

  Covid-19 recovery

  .
• Tackling economic inequality:

  Tackling economic inequality

  .
• Equal opportunity:

  Equal opportunity

  .
• Wellbeing:

  Wellbeing

  .

Pricing

• Price: £6 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A monthly trial version is available for organisations to look at the standard software.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.burden@nexergroup.com. Tell them what format you need. It will help if you say what assistive technology you use.