Infinity Group

UNITE: Secure Core Elite

UNITE: Secure Core simplifies security infrastructure management by providing proactive monitoring, updates, and protection for business identities, applications, devices, and data. As an IT Manager, you’ll appreciate its comprehensive defence against cyber threats, including malware, viruses, phishing attacks, and data breaches.

Features

• Microsoft Defender for Business: Antivirus, firewall, threat intel, proactive monitoring
• Security Hardening: MFA, access control, backup, recovery, branding, mobile management
• Device Management: Encryption, patching, inventory, compliance, reporting, and analytics
• OS and Product Updates: Enhance security, productivity, maintain current devices

Benefits

• Enhanced security against cyber threats, reducing successful attacks risk
• Improved productivity by minimising downtime, data loss, and interruptions
• Simplify and streamline IT by managing devices from one platform
• Enhanced security posture by commitment to security through proactive measures
• Avoid costs associated with data breaches such as legal fees
• Ensure compliance and help to avoid fines
• Help to avoid breach costs
• Reduce data breach risk with access restrictions
• Robust endpoint protection with automated threat detection and response.

£25 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@infinitygroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

960192895383731

Contact

Bid Management
03301913473
bidmanagement@infinitygroup.co.uk

Service scope

• Service constraints: Technical support and deployment of UNITE: Secure Core will be remote only.
• System requirements: Microsoft 365 Business Premium licences as a minimum

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Immediate telephone response, 1st response within 10 minutes; Priority 2 - Immediate telephone response, 1st response within 1 business hour; Priority 3 - Immediate telephone response, 1st response within 4 business hours; Priority 4 - Immediate telephone response, 1st response within 8 business hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: As part of UNITE: Secure Core we provide the following:; First Line Support: In managed IT outsourcing, first line support handles basic customer queries and common technical issues, acting as the initial point of contact.; Second Line Support: Second line support tackles more complex technical issues that first line support couldn't resolve, requiring a deeper level of technical expertise; Third Line Support: Third line support manages high-level, complex issues, often collaborating directly with software or hardware vendors to find solutions.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide UNITE: Secure Core as a fully managed service on behalf of the buyer, so there is no user training required. However, we do provide user guides, statement of works and scope of works documents.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As part of this service, the buyer's data remains in their Microsoft Tenant. The buyer will retain the configuration within their cloud services, but when the contract ends technical support and product evergreening updates will both cease.
• End-of-contract process: The buyer will retain the configuration within their cloud services, but when the contract ends technical support and product evergreening updates will both cease.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Our technical support team work to strict SLA's when dealing with customer queries and tickets which are constantly monitored. If required we can add additional resource into the team depending on an increased demand.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Within Microsoft 365, data at rest is protected through several key practices. These include network security measures like Private Link Service, private endpoints, and public access control. By combining these strategies, Microsoft ensures secure data governance, classification, and audit logging while adhering to regulatory requirements
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: There is no data transition between the buyer's network and our network as part of this service. Our users access the buyer's Microsoft 365 Tenant for purposes of providing this managed service
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: This service is based within the buyer's Microsoft 365 tenant, and Microsoft provide the SLAs.
• Approach to resilience: This service is based within the buyer's Microsoft 365 tenant.
• Outage reporting: This service is based within the buyer's Microsoft 365 tenant

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We restrict access utilising the following security methodologies - user consent, 2 factor authentication, device management, location based and risk based policies.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 08/03/2024
• What the ISO/IEC 27001 doesn’t cover: Please see all the security related certificates as part of this application which are not covered by our ISO/IEC 27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • IASME Cyber Assurance Level One
  • ISO 14001: 2015
  • ISO 9001: 2015
  • Data Protection Registration Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have an integrated management system that incorporates ISO27001, ISO9001, and ISO14001. The owner of the IMS is our Managing Director, with all subordinate roles defined and assigned to individual owners. e.g., Data Protection Owner, Information Security Owner, etc. ISMS policies are available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have a robust and mature change management process and a supplier due diligence process with conforms to ISO/IEC 27001:2013 and Cyber Essentials standards. Configuration changes within our infrastructure, including new suppliers / service providers undergo these processes to assess risk, impact, and security implications.; Suppliers / Service Providers / 3rd party data processors are listed in a data processing index.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft Defender for Enterprise, Defender for Identity, and Sentinel: Deployed to all machines, these next-generation behavioral XDR solutions identify vulnerabilities, potential data breaches, and more.; Email Alerts: Critical vulnerabilities in applications and operating systems trigger email alerts. If severe, they automatically create SOC board tickets, proactively addressed during office hours.; Patching:; Endpoint Applications and OS: Daily patching via ConnectWise Automate RMM. Devices reboot after 4 days if left on continuously.; Servers: Fortnightly patching.; Boundary Firewalls: Patched within 2 weeks of new firmware releases (including security updates)
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We employ a SIEM solution, which is monitored by SOC. ; P1 (Critical) 10 minute response time: Incidents that have a severe impact on business operations, affecting multiple users or critical systems.; P2 (High) 1 hour response time: Incidents have a significant impact on business operations, affecting a large number of users or important systems.; P3 (Medium) 4 hour response time: Incidents have a moderate impact on business operations, affecting individual users or non-critical systems.; P4 (Low) 8 hour response time: Incidents have a minor impact on business operations, causing inconvenience to individual users but not affecting critical systems or services.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Reporting: Users report incidents via Phone, Portal, and Email.; ; Process Overview:; ; Identification: Incidents are recognised by users or automated systems.; Logging: Details are recorded in ITSM software.; Categorisation: Incidents are prioritised (P1 to P4) based on impact and urgency.; Assignment/Escalation: Incidents are assigned to engineers or escalated as needed.; Investigation/Diagnosis: Engineers determine root causes and impacts.; Resolution: Incidents are resolved through fixes or workarounds.; Communication: Ongoing updates are provided to clients.; Closure/Documentation: Incidents are documented and closed; P1 incidents include a Root Cause Analysis.; SOC Incidents: Follow similar steps with additional focus on preparation, containment, eradication, recovery, and assessment.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft Azure adheres to the EU Cloud Code of Conduct (CoC), demonstrating its commitment to data protection requirements in the EU

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Infinity Group is fully committed to fighting climate change, including sustainability and UK net zero carbon strategy. All Directors, management and employees are responsible for adhering to our Environmental Policy, ensuring consideration is given to environmental issues and our aim of net zero carbon throughout our day-to-day working activities. Measures taken to reduce our carbon emissions and fight climate change include: ISO 14001 - fully committed to implementing and maintaining an environmental management system in compliance with ISO 14001. Adhering to this standard minimises our environmental footprint, achieves the company environmental objectives and ensures compliance with relevant legal requirements. BCORP certification - committed to achieving BCORP certification by end of financial year 2024. Cloud solutions and Software as a Service (SaaS) - Infinity Group only delivers cloud and SaaS solutions. Partnering with Microsoft - Our primary partner, Microsoft, is committed to net zero, operating as carbon-neutral since 2012 and a commitment to be carbon-negative by 2030. Further, Microsoft has launched the Microsoft Cloud for Sustainability, a SaaS solution leveraging the Sustainability Common Data Model to help organisations measure, manage, and reduce carbon emissions. Infinity Group has employees awarded the Microsoft Cloud for Sustainability Certification. Electric Car Scheme - Infinity Group recently implemented a salary sacrifice electric car scheme. Minimum Waste Policy - We promote this policy by taking care during our normal duties to avoid unnecessary or extravagant use of services, time and energy. Cloud-first solutions - we promote a policy of Cloud-first solutions. Implementation with environmental considerations - In initial phases of implementation, face-to-face meetings are essential in ensuring the relationship is developed with the joint team of client and Infinity. As the implementation advances, we utilise Teams if preferred by the client and provided there is no impact on the successful delivery of the project.

  Covid-19 recovery

  Infinity Group is steadfast in its commitment to aiding the UK’s recovery from the COVID-19 pandemic. We urge our customers, suppliers, and other stakeholders to join us in these efforts. Here are some examples of our initiatives: 1. Flexible Work Arrangements: To limit the virus’s spread during the pandemic’s peak and support work-life balance post-pandemic, Infinity provides flexible work options, including remote working and flexible hours. 2. Support for Local Businesses: We strive to support local businesses adversely affected by the pandemic. In addition, we actively contribute to the local community near our head office in Tunbridge Wells, Kent, by partnering with various local charities and community organisations. We offer complimentary IT services and highly discounted IT, Telecoms, and software products. 3. Adherence to Safe Practices: We persistently enforce safety measures, such as regular sanitisation within our premises, to ensure a safe working environment. 4. Investment in Digital Transformation: We assist companies in expediting their digital transformation efforts, fostering a resilient business model capable of withstanding future crises. Our customers support this initiative by embracing these digital changes. 5. Charitable Contributions and Volunteering: Infinity and our employees regularly donate to relevant causes and organise volunteering initiatives. We welcome our customers to participate in these initiatives or contribute to these causes independently. 6. Promotion of Mental Health: Recognising the significant impact of the pandemic on mental health, Infinity provides free mental health support to our employees. 7. Assistance for Job Seekers: Infinity offers apprenticeship schemes for those interested in pursuing a career in IT. By implementing these measures, Infinity Group continues to play a pivotal role in the UK’s recovery from the COVID-19 pandemic.

  Tackling economic inequality

  Economic inequality is a pressing concern in the UK. At Infinity, we are committed to playing a pivotal role in mitigating this issue. We invite our customers, suppliers, and other stakeholders to join us in this endeavour. Here are some ways Infinity contributes: 1. Fair Wages and Benefits: We ensure our employees receive fair wages, supplemented with comprehensive benefits such as unlimited holiday, private healthcare, and pension contributions. We also provide avenues for career advancement. These measures help alleviate income disparity and enhance our employees quality of life. 2. Supporting Local and Small Businesses: We are dedicated to supporting local and small businesses. Our active contributions to the local community around our head office in Tunbridge Wells, Kent, include partnerships with various local charities and community organisations. We provide complimentary IT services and offer significant discounts on IT, Telecoms, and software products. 3. Inclusive Recruitment: We uphold inclusive recruitment practices, creating opportunities for individuals from diverse backgrounds. 4. Ethical Business Practices: We choose to collaborate with ethical businesses. We refrain from associating with companies in the gambling industry or those that exploit economic inequality. 5. Charitable Contributions and Volunteering: We actively support and donate to charities. We provide all staff with volunteering days, which can be utilised to assist charities combating economic inequality. Through these initiatives, Infinity aims to make a meaningful contribution towards reducing economic inequality in the UK.

  Equal opportunity

  Our vision is for Infinity Group to be a successful, caring and welcoming place for staff and clients. We create a supportive and inclusive environment where our staff can reach their full potential without prejudice or discrimination. We are committed to a culture where respect and understanding is fostered and the diversity of people's backgrounds and circumstances is positively valued. Our Equal Opportunity and Diversity Policy sets out how Infinity Group promotes diversity at every stage of the employee lifecycle and how it ensures that employees are treated fairly and equally. We aim to achieve equality by removing any potential discrimination in the way that potential applicant, employees and workers are treated by the company, including: · people with disabilities · people of different sexual orientations · transgendered and transsexual people · people of different races · people on the grounds of their sex · people of faith and of no faith · people in relation to their age · people in relation to their social class or medical condition · people who work part-time · people who are married or in a civil partnership · women who are pregnant, have recently given birth or are breastfeeding We maintain a neutral working environment in which no employee or worker feels under threat or intimidated. We maintain and review the employment records of all employees in order to monitor the progress of our Equal Opportunity and Diversity Policy. We consider discrimination as unacceptable. Any behaviour that may be perceived as discriminatory, including bullying, harassment or victimisation, or shown to go against the intent and spirit of this policy, will lead to disciplinary proceedings and, if appropriate, disciplinary action.

  Wellbeing

  Our vision is for Infinity Group to be a successful, caring and welcoming place, prioritising the wellbeing of staff and clients. Infinity prioritises staff wellbeing through a number of strategies and activities including: • Flexible Working – as client projects allow, staff can choose to work from home, an Infinity office or from client offices, during hours suited to their circumstances. • Unlimited Holiday – staff take advantage of unlimited holiday provided no impact to customer project. All staff must take statutory minimum holiday. • Shared Values – Infinity Group follows core values within our business and encourage staff and contractors to adopt these values. We strive to work with companies who share a similar values structure. These values are: o Empathy - We value kindness, compassion and working together to create a supportive, inclusive atmosphere. o Creativity - Our creativity drives innovation, achieves sustainability, and helps us do more with less. o Ambition - We encourage a thirst for learning, pursuit of mastery and the drive to amaze our clients. o Authenticity - We celebrate diversity, encourage inclusivity, and always do the right thing for each other and our clients. o Confidence - Confident people aren’t afraid to fail, and they take pride in making others look great. • Share Option Scheme – all staff are eligible for the scheme. • Quarterly Companywide Events – including a Spring Social, Family Day, and Awards. • Learning and Development – Employees are encouraged to continue professional development with Microsoft certifications and relevant training. • Clear Career Pathways – Career progression within Infinity is encouraged, as confirmed in our staff retention rate which is higher than the industry national average. • Charitable Workdays – Each member of staff is allowed time away from work to volunteer for a charity of their choice.

Pricing

• Price: £25 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@infinitygroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.