Network Futures Ltd

#CloudFutures Chocolatey Service

#CloudFutures Chocolatey Service enables you to proactively manage the lifecycle of software packages deployed across your modern managed device estate. Chocolatey for Business C4B will help you save time, reduce deployment timelines, and accelerate delivery of updates. Automate software deployment, upgrades, and removal. Reduce time spent managing software.

Features

• Chocolatey Community Repository enables the use of over 7,500 packages
• Host your own repository
• Package Internalizer
• Customise software packages and add branding
• Package Builder
• 30+ PowerShell extensions
• Upgrade all installed software with one command
• Chocolatey Central Manager
• Integration with industry standard tools
• Chocolatey for Business Azure Environment

Benefits

• Package management for Windows
• Seamless end user experience
• Proactively manage the complete lifecycle of software packages
• Automatically creates high-quality packages in seconds
• Supports multiple installer types
• Package throttle in low bandwidth environments
• Substantially reduce package size and enable automatic self-cleanup
• Modern software automation
• Ensures accurate inventory, and enables consistent management and tracking
• Simple pricing

£0 a device a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@netfutures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

954027157873842

Contact

Steve Truman
01428645196
steve@netfutures.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Seamless integrates with Microsoft Intune, Microsoft Systems Centre Configuration Manager (SCCM), Altiris, JFrog Artifactory, Puppet, PowerShell, Octopus Deploy, Otter, ProGet, Sonotype Nexus, SaltStack, Chef, Ansible.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Not applicable
• System requirements:
  • Windows 10, 11 or later
  • Microsoft Windows Server 2012 or later
  • If Microsoft supports the O/S so does Chocolatey
  • Windows PowerShell v2 or later
  • .NET Framework 4 or later
  • MacOS for creation and maintenance of packages (optional)
  • Linux for creation and maintenance of packages (optional)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Pro version: 2 business days, M-F 08:00-17:00 CST; MSP version: P1: 6 business hours, P2: 10 business hours, P3: 2 business days, M-F 08:00-17:00 CST; Chocolatey for Business (C4B) Standard Plan: P1: 4 business hours, P2: 8 business hours, P3: 12 business hours, M-F 08:00-17:00 CST; Chocolatey for Business (C4B) Standard+ Plan: P1: 3 business hours, P2: 6 business hours, P3: 12 business hours, M-F 07:00-18:00 CST; Chocolatey for Business (C4B) Premium Plan: P1: 2 business hours, P2: 4 business hours, P3: 6 business hours, 24*7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide support aligned to industry standards, with rates varying according to the support tier that you select. We can provide a technical account manager and/or a cloud support engineer - please contact us to discuss your requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a webpage entirely devoted to helping our customers get started: https://docs.chocolatey.org/en-us/getting-started
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data is stored in your own repository, we do not store anything on your behalf.
• End-of-contract process: Use of the Chocolatey software and the Chocolatey Community Repository is included in the price. Support is available at an additional fee. When the contract ends, you must stop using the Chocolatey software and your access to the Chocolatey Community Repository will cease. Anything that you have copied from the Chocolatey Community Repository remains available to you in your own repository.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Where mobile devices are laptops running Windows, macOS, or Linux, no difference from desktops.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: All data is stored in your own repository, we do not store anything on your behalf. Most Chocolatey packages on the community feed do not contain actual software distributions, only instructions for getting distributions (in PowerShell). When you copy these from the Chocolatey Community Repository, these are then stored in your own repository and executed from there.

Analytics

• Service usage metrics: Yes
• Metrics types: The service provides information on software that has been deployed using Chocolatey.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Chocolatey Software Inc.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All data is stored in your own repository, we do not store anything on your behalf.
• Data export formats: Other
• Other data export formats:
  • All data is stored in your own repository.
  • We do not store anything on your behalf.
• Data import formats: Other
• Other data import formats:
  • All data is stored in your own repository.
  • We do not store anything on your behalf.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service is hosted in Microsoft Azure.
• Approach to resilience: The service is hosted in Microsoft Azure.
• Outage reporting: The service is hosted in Microsoft Azure.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Named contacts only
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All data is stored in your own repository, we do not store anything on your behalf.
• Information security policies and processes: All data is stored in your own repository, we do not store anything on your behalf.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All of the latest released stable versions of Chocolatey products (Chocolatey CLI, Chocolatey GUI, Chocolatey Central Management, etc.) are fully supported and will periodically receive new features, bug fixes, and security fixes as appropriate. We recommend customers update to the latest versions to benefit from new features and fixes as they are released.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Please see our security page where this is described in detail: https://docs.chocolatey.org/en-us/information/security
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Please see our security page where this is described in detail: https://docs.chocolatey.org/en-us/information/security
• Incident management type: Supplier-defined controls
• Incident management approach: Please see our security page where this is described in detail: https://docs.chocolatey.org/en-us/information/security

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As we grow, we are working towards a Carbon Reduction Plan which will evidence our commitment and set out our roadmap to achieving Net Zero by 2050. ; ; We have a policy in place today that provides staff and subcontractors with guidance on specific carbon reduction measures that we currently promote and support, to ensure that these are applied when performing the contract.

  Covid-19 recovery

  We continued to grow during the pandemic through significant investment in new technologies to enable new ways of working and remote collaboration, enabling our organisation to undertake new economic activities including new opportunities in both high growth sectors and areas of specialist skills in short supply.; ; Our investment in fully modern managed devices supported staff and subcontractors enabling increased economic activity to manage and recover from the impacts of COVID-19. ; ; Our modern managed solution provides contactless delivery of devices which are configured over a wireless connection enabling rapid access to a secure, working device. This enables individuals working remotely, to fully engage in the delivery of services. ; ; We utilise modern technology including unified communication solutions to collaborate, whilst also having a defined policy that encourages use of face to face virtual communication, prioritising that over face to face physical meetings, to provide combined, effective, and powerful visual and audio communication. This subsequently vastly reduced the carbon footprint of our organisation by enabling effective remote working for teams, reducing the need for travel or putting staff at risk during pandemic periods of social distancing. ; ; In addition, this has supported the physical and mental health of people affected by COVID-19, reducing the demand on health and care services. Modern communication technologies have the added benefit that colleagues can be quickly alerted to issues that need attention for the mutual care and mental wellbeing of all the team.

  Tackling economic inequality

  We actively support and encourage other businesses, creating opportunities to help new, small, and long established but struggling small businesses to engage in economic activity. ; ; We have helped to remove perceived barriers and enabled entry into new opportunities for skilled specialists in short supply, and in high growth sectors. For example, we actively worked to encourage experienced and senior professionals, disadvantaged by the pandemic, who concluded through lack of available jobs that retirement was the only answer, to reengage in highly skilled specialist economic activity to accelerate contract delivery.; ; We actively encourage and support our own staff training scheme to attain industry recognised specialist professional qualifications, which are actively used in the delivery of the contract. ; ; We encourage all suppliers and subcontractors to maintain their own high standards of professional qualification, to open up further opportunities for economic activity.

  Equal opportunity

  We are open to, and actively seek cognitive diversity. We conduct aptitude based recruitment which by definition is blind to colour, race, creed, national origin, sexual orientation, gender identity, age, disability, or sex. ; ; We are responsive to each individuals’ requirements, are supportive and encourage flexible working patterns. We actively encourage and support our own staff training scheme to attain industry recognised specialist professional qualifications, which are actively used in the delivery of the contract. ; ; Our actions to identify and manage risks of modern slavery in our supply chain involve:; • recruitment processes which verify staff and subcontractor documentation, including banking details and criminal record checks;; • vigilance to staff members having common addresses with other workers; ; • induction process signposts the warning signs for modern slavery;; • we oblige our staff to actively report all these concerns within a confidential and safe environment;; • we look for are workers who may have unexplained injuries, suffer from fatigue or poor physical health or those who do not have access to appropriate personal protective equipment; and; • we conduct risk assessments to seek out and eradicate modern slavery in the workplace, and the supply chain.

  Wellbeing

  We encourage all staff and subcontractors to take care of their wellbeing, physical and mental health. We support requests for time off, be it a planned holiday, personal needs, physical health, family needs, emotional needs, or the occasional duvet day. ; ; We recognise that for everyone, finding ways to take care of wellbeing is key. Common areas include relaxing and reducing stress, finding ways to learn and be creative – both inside and outside of work, spending time in nature, connecting with others, looking after physical health, and getting enough sleep.; ; We recognise that it is not easy to start with caring for our wellbeing, understanding that people are individuals, and that it’s OK to ask for help. We suggest that individuals only try what feels comfortable to them, and others around them, taking time to figure out what works and what doesn’t. We encourage everyone to go at their own pace. Small steps lead to larger steps, and different pathways can also lead to success.; ; We also encourage looking for additional guidance, support and treatment for wellbeing, physical and mental health. Taking time out to do what is right for each and every individual, leads to a much better chance of happiness, comfort with experiences, daily life, or just what feels possible for the moment in time.

Pricing

• Price: £0 a device a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: You can trial Chocolatey using the Chocolatey Open Source version free of charge. The Pro version is chargeable. The Chocolatey for Business (C4B) is chargeable. Compare versions here: https://chocolatey.org/compare
• Link to free trial: https://chocolatey.org/compare

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@netfutures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.