Skip to main content

Help us improve the Digital Marketplace - send your feedback

Phoenix Software Ltd

Microsoft Copilot for Service

Microsoft Copilot for Service is an AI-powered productivity tool that integrates with existing CRM solutions. Using AI to enhance customer experiences and boost productivity. By seamlessly working alongside popular Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and Teams, to provide real-time intelligent assistance to enhance creativity and productivity.

Features

  • Generative AI: Enhances customer experiences and agent productivity
  • Seamless integration: No complex installations or integrations required
  • Agent-facing Copilot: Provides real-time support without workflow disruption
  • Content sources: Accesses knowledge in external systems
  • CRM integration: Syncs with Dynamics 365 and external platforms
  • Customizable: Configure conversational greetings and responses

Benefits

  • Enhanced efficiency: Accelerates customer issue resolution
  • Contextual insights: Understands customer intent and history seamlessly
  • Automated responses: Handles routine queries, freeing up agents’ time
  • Consistent service: Ensures uniform responses across interactions
  • Agent training: Assists new agents with real-time guidance
  • Reduced errors: Minimizes human errors during interactions
  • Integration flexibility: Works with existing CRM and knowledge bases
  • Cost savings: Optimizes agent workload and reduces operational costs
  • Customer satisfaction: Enhances overall service quality and satisfaction

Pricing

£38.47 to £42.12 a unit a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 6 4 9 8 6 5 0 3 5 5 4 0 8 0

Contact

Phoenix Software Ltd Jonny Scott
Telephone: 01904 562200
Email: ccs@phoenixs.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Dynamics 365 provides a suite of integrated business applications designed to streamline processes, enhance productivity, and drive growth across organizations. It provides pre-built solutions for common use cases, such as sales, customer service, marketing, finance, and operations. While offering out-of-the-box functionality, Dynamics 365 can be customized and extended to match specific organizational requirements. Power Platform empowers users to build tailored solutions that address specific business challenges. Power Platform seamlessly integrates with Dynamics 365, enhancing its capabilities and flexibility. Microsoft continually invests in the development of Microsoft Business Applications, ensuring it evolves to meet changing business needs.
System requirements
  • Dynamics 365: Fully hosted, managed SaaS; no on-premises infrastructure needed.
  • Cost-effective: Eliminates additional IT infrastructure for Onboarding system support.
  • Accessibility: Use on any web-enabled device with modern internet browsers.
  • Browser Compatibility: Supports Internet Explorer, Edge, Chrome, Safari.
  • Mobile Availability: Native apps for Android and iOS devices provided.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Between 8 and 1 hour depending on support plan purchased
See https://azure.microsoft.com/en-gb/support/plans/
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Microsoft is committed to developing technology that empowers everyone, including people with disabilities. Microsoft has a Disability Answer Desk where customers with disabilities get support with Microsoft Office, Windows, and other products. Microsoft also has Accessibility Conformance Reports (ACR) which describe how products and services support recognized global accessibility standards.
https://www.microsoft.com/en-us/Accessibility/disability-answer-desk
https://www.microsoft.com/en-us/accessibility/conformance-reports
https://learn.microsoft.com/en-us/windows/apps/design/accessibility/accessibility-testing
Onsite support
Yes, at extra cost
Support levels
" Microsoft provides three (3) support plan options for Microsoft Business Applications. These include the following:
- STANDARD/SUBSCRIPTION (included for all customers)
- PROFESSIONAL DIRECT
- UNIFIED ENTERPRISE

For more information, visit:
- https://www.microsoft.com/en-us/dynamics-365/support
-https://powerapps.microsoft.com/en-us/support/
- https://learn.microsoft.com/en-us/power-platform/admin/support-overview
- https://www.microsoft.com/en-us/unifiedsupport/details"
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Microsoft provides several resources to help users get started with Microsoft Business Applications:
*Quick Start Guides: Microsoft offers Quick Start guides for all of its popular Microsoft 365 apps.
*Partner Resources Guide: This guide provides Business Applications partners with a high-level description of each of the key partner programs and resources provided by Microsoft.
*Business Applications Partner Activities: These activities provide partners with funding to deliver standardized, partner-led pre-sales, migration, and post-sales activities to customers.
*WorkLab Guides: Users can explore WorkLab guides for Dynamics 365.
Please also see:
• https://support.microsoft.com/en-us/office/microsoft-365-quick-starts-25f909da-3e76-443d-94f4-6cdf7dedc51e
• https://techcommunity.microsoft.com/t5/business-applications-for/new-business-applications-partner-resources-guide/td-p/3928203
• https://techcommunity.microsoft.com/t5/partner-news/fy24-business-applications-partner-activities-incentives/ba-p/3955971
• https://www.microsoft.com/en-us/dynamics-365
Service documentation
Yes
Documentation formats
  • HTML
  • Other
Other documentation formats
https://www.microsoft.com/en-us/trust-center/compliance/accessibility#accessibility
End-of-contract data extraction
When the contract ends, your access to Microsoft services, applications, and data go through multiple stages before the subscription is fully turned off, or deleted:
1. Expired Stage (30 days): Users have normal access to applications and files.
2. Disabled Stage (90 days): Data is accessible to admins only. Users can’t access applications. Admins can access the admin centre to buy and manage other subscriptions.
3. Deleted Stage: After the 90-day retention period ends, Microsoft disables the account and deletes the customer data.
During the term of an active subscription, a subscriber can access, extract, or delete customer data stored in your applications. Dynamics 365 data can be exported to Excel in a static worksheet, dynamic worksheet, or PivotTable. In Dynamics 365, there is also a distinction between structured/semi-structured and unstructured documents:
- Structured/Semi-structured Documents have predefined fields, tables, and checkboxes in consistent locations. Examples include invoices, delivery orders, tax forms, and medical tests.
- Unstructured Documents are free-form format documents with no set structure. Information is usually in paragraphs. Examples include contracts, statements of work, and letters.
For more information on data extracts for Microsoft Business Applications, visit:
- https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/basics/import-export-data
- https://learn.microsoft.com/en-us/dynamics365/customer-insights/data/export-manage
- https://learn.microsoft.com/en-us/power-platform/admin/self-service-analytics
- https://learn.microsoft.com/en-us/power-bi/visuals/power-bi-visualization-export-data?tabs=powerbi-desktop
- https://learn.microsoft.com/en-us/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires
End-of-contract process
Microsoft is governed by strict standards and follows specific processes for removing cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. In our Online Service Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.

Please see Data Protection Addendum for full and up to date details about how Microsoft manages your data. https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Microsoft offers distinct experiences on mobile and desktop devices for Microsoft Business Applications.. On desktop, users access the full suite of features, while the mobile app provides a streamlined interface for essential tasks and allows for offline working when there isn't network connectivity.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
*Dynamics 365: Sales, Customer Services, Field Service, Finance & Operations, and Human Resources other other Dynamics 365 applications are each tailored to the specific function, providing relevant tools and features.
*Power Platform: The interface is designed to be user-friendly, allowing even non-technical users to create powerful applications.

https://dynamics.microsoft.com/en-gb/what-is-dynamics365/
https://www.microsoft.com/en-gb/power-platform/
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Microsoft is committed to developing technology that empowers everyone, including people with disabilities. Microsoft has a Disability Answer Desk where customers with disabilities get support with Microsoft Office, Windows, and other products. Microsoft also has Accessibility Conformance Reports (ACR) which describe how products and services support recognized global accessibility standards.
https://www.microsoft.com/en-us/Accessibility/disability-answer-desk
https://www.microsoft.com/en-us/accessibility/conformance-reports
https://learn.microsoft.com/en-us/windows/apps/design/accessibility/accessibility-testing
API
Yes
What users can and can't do using the API
"Microsoft Business Applications offers several customization options to tailor it to your organization’s unique needs.

Direct API Integrations:
The Microsoft Business Applications SKD and API offers a rich set of capabilities for developers to interact with the platform’s data and functionality. This covers all element of the platform allowing developer to build on top of Business Applications.

Custom Connectors:
Purpose: Custom connectors act as wrappers around REST APIs, enabling seamless communication between Dynamics 365 and external services.
Use Cases: You can create custom connectors for APIs you manage or popular public APIs.
Integration: These connectors empower Logic Apps, Power Automate, and Power Apps to interact with the specified APIs.

Custom APIs:
Functionality: Microsoft Business Applications supports creating custom APIs, allowing external applications to invoke specific actions.
Usage: You can call plugins from custom APIs, extending the platform’s capabilities.
Configuration: Set up custom API requests, parameters, and responses within DataVerse.

Connections:
Entity Connections: Easily establish connections between records across most customizable business and custom entities within Dynamics 365.

https://learn.microsoft.com/en-us/connectors/custom-connectors/
https://learn.microsoft.com/en-us/rest/api/power-platform/"
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
"
Microsoft Business Applications offer a variety of ways for customers to customize their solutions both with minimal development using low code capabilities and traditional development techniques.
*Power Platform: Microsoft Power Platform (which includes Power BI, Power Apps, Power Automate, and Copilot Studio) allows users to build custom apps, automate workflows, develop virtual agents, and analyse data, all without needing extensive coding knowledge.
*Dynamics 365: Dynamics 365 applications provide a wealth of customization options. Users can create custom entities, fields, and forms; build custom workflows and business processes; and even develop custom plug-ins using .NET or extend using the API.
*Training and Learning Resources: Microsoft Learn offers a range of courses and learning paths that can help users understand how to customize and get the most out of their Microsoft Business Applications solutions.

Please also see:
https://learn.microsoft.com/en-us/dynamics365/guidance/implementation-guide/extend-your-solution-scenarios
https://learn.microsoft.com/en-us/power-apps/"

Scaling

Independence of resources
Microsoft Business Applications are designed to handle high demand and ensure that the performance of one user does not adversely affect others.

*Cloud Infrastructure: Being a cloud-based solution, Microsoft Business Applications leverages Microsoft Azure’s robust infrastructure. As your business grows, the system can seamlessly scale up by allocating additional resources.
*Elasticity: Dynamics 365 can dynamically adjust its capacity based on demand. It scales out to accommodate more users or transactions during peak times and scales back down during off-peak periods.
*Performance Monitoring: Microsoft continuously monitors the performance of its services and makes adjustments as necessary to ensure optimal performance.

Analytics

Service usage metrics
Yes
Metrics types
Microsoft’s commitment to service availability through a financially backed 99.9% uptime Service Level Agreement (SLA).

The monthly uptime percentage for calendar month is calculated using the formula where downtime is measured in user-minutes; that is, for each month, downtime is the sum of length (in minutes) of each incident that occurs during that month, multiplied by number of users impacted by that incident. Downtime does not include scheduled downtime, the unavailability of service add-on features, the inability to access the service due to your modifications of the service, or periods where the scale unit capacity is exceeded.

please see https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Microsoft Business Applications provide several ways for users to export their data:
Records can be exported into to a variety of formats including Excel, PDF, CSV, XML, TIFF and Word. Exporting to Word and Excel is a standard feature within Dynamics 365.

Data can be exported directly into Azure Data Lake / Fabric Storage for your organization's business needs.

Alternative the API, prebuild or custom connectors can be used to export data or integrate with external systems.
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • Text-Only (Tab Delimited)
  • Comma-Separated Values (CSV)
  • Extensible Markup Language (XML)
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel Workbook (.xlsx)
  • Comma-Separated Values (.csv)
  • XML Spreadsheet 2003 (.xml)
  • Compressed (.zip)

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Microsoft Business Applications comply with the government's 1st cloud security principle through several measures

Please also see:
• https://learn.microsoft.com/en-us/compliance/assurance/assurance-encryption-in-transit
• https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices
• https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-encrypt-data-in-transit/ba-p/2201008
• https://techcommunity.microsoft.com/t5/microsoft-mvp-communities-blog/mvp-s-favorite-content-bizapps-microsoft-entra-blogs/ba-p/4005503
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Microsoft Business Applications protect data within the network through several measures
Please also see:
• https://learn.microsoft.com/en-us/security/zero-trust/adopt/identify-protect-sensitive-business-data
• https://www.microsoft.com/en-us/security/business/security-101/what-is-data-protection
• https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-for-cloud-apps-data-protection-series/ba-p/3681877

Availability and resilience

Guaranteed availability
Microsoft’s commitment to service availability through a financially backed 99.9% uptime Service Level Agreement (SLA).

The monthly uptime percentage for a calendar month is calculated using the formula where downtime is measured in user-minutes; that is, for each month, downtime is the sum of the length (in minutes) of each incident that occurs during that month, multiplied by the number of users impacted by that incident. Downtime does not include scheduled downtime, the unavailability of service add-on features, the inability to access the service due to your modifications of the service, or periods where the scale unit capacity is exceeded.

please see https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services
Approach to resilience
Microsoft's datacentre setup is designed to be resilient and align with the UK Government's 2nd Cloud Security Principle "Asset Protection and Resilience".
* Redundant Architecture: Microsoft online services achieve service resilience through redundant architecture, which involves deploying multiple instances of a service on geographically and physically separate hardware. This provides increased fault-tolerance for Microsoft online services.
* Data Replication and Automated Integrity Checking: Data replication and automated integrity checking are also part of Microsoft's strategy to ensure service resilience.
* Compliance with UK G-Cloud: Every year, Microsoft prepares documentation and submits evidence to attest that its in-scope enterprise cloud services comply with the 14 Cloud Security Principles of G-Cloud. This gives potential G-Cloud customers an overview of its risk environment.
* ISO/IEC 27001 Certification: The compliance process relies on the ISO/IEC 27001 certification. A Government Digital Service (GDS) accreditor then performs several random checks on the Microsoft assertion statement, samples the evidence, and makes a determination of compliance.
* UK OFFICIAL Data: The appointment of Microsoft services to the Digital Marketplace means that UK government agencies and partners can use in-scope services to store and process UK OFFICIAL government data.
Outage reporting
Microsoft provides several ways to report service outages for Microsoft Business Applications and Azure Cloud:
*Public Dashboard: Microsoft provides a public dashboard where users can view the health of their Microsoft services, including Microsoft Business Applications and Azure. The dashboard indicates whether there is an active service issue and links to the detailed Service Health page.
*API: Microsoft offers the Service Communications API in Microsoft Graph, which allows users to access the health status and message centre posts about Microsoft cloud services. For Azure, users can get information about outage-impacted resources programmatically by using the Events API.
*Email Alerts: Users can sign up for email notifications of new incidents that affect their tenant and status changes for an active incident. Azure Service Health also allows users to set up Service Health alerts to be automatically notified about service issues by email.
In addition to the public dashboard, API, and email alerts, Microsoft provides a few more methods for service outage notifications:
*Mobile Push Notifications
*IT Service Management Tools
*Power BI Notifications

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The identity and access management features that are built into Microsoft Business Applications products and services help protect your organizational and personal information from unauthorized access while making it available to legitimate users whenever and wherever they need it. These features enable you to manage user identities, credentials, and access rights from creation through retirement, and help automate and centralize the identity lifecycle processes. Microsoft uses multiple security practices and technologies across its products and services to manage identity and access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Certification Body of Schellman & Company, LLC
ISO/IEC 27001 accreditation date
November 28, 2023 for Certificate version 13. Original registration date: November 29, 2011
What the ISO/IEC 27001 doesn’t cover
Not Applicable
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
2013
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Not Applicable
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire, an independent Qualified Security Assessor (QSA) company
PCI DSS accreditation date
15/03/2021
What the PCI DSS doesn’t cover
Not Applicable
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
https://learn.microsoft.com/en-us/compliance/regulatory/offering-home?view=o365-worldwide

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
Microsoft adheres to numerous, rigorous security and compliance standards, including CSA CCM version 3.0, ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP, and HITRUST, among others. For more on specific compliance, visit:
- https://learn.microsoft.com/en-us/compliance/assurance/assurance-governance
- https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365-maturity-model--governance-and-compliance
- https://servicetrust.microsoft.com/
Information security policies and processes
Microsoft follows a comprehensive approach to information security policies and processes for its internal operations. Here's an overview:
*Microsoft Security Policy (MSP): Microsoft implements a comprehensive security governance program as part of the Microsoft Policy Framework. The MSP organizes Microsoft's security policies, standards, and requirements so they can be implemented across all Microsoft engineering groups and business units.
*Business Unit Responsibility: Individual business units are responsible for specific implementations of Microsoft security policies.
*Alignment with Regulatory and Compliance Frameworks: Microsoft's security governance program is informed by and aligns with various regulatory and compliance frameworks. Security requirements are constantly evolving to account for new technologies, regulatory and compliance requirements, and security threats.
*Policy Updates
*Operational Security Practices: Microsoft Operational Security Assurance Practices provide a set of practices that aim to improve software security in a cloud-based infrastructure. These include providing training, using multi-factor authentication, enforcing least privilege, protecting secrets, minimizing attack surface, encrypting data in transit and at rest, implementing security monitoring, implementing a security update strategy, protecting against DDOS attacks, validating the configuration of web applications and sites, and performing penetration testing.
*Reporting Structure
*Ensuring Policies are Followed

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Microsoft follows a broad approach to configuration and change management processes. Here's an overview:
Configuration Management
Change Management
Assessing Changes for Potential Security Impact
This is a high-level overview. For more detailed information, you may want to explore the resources on Microsoft's official website.
Please also see:
• https://learn.microsoft.com/en-us/mem/configmgr/
• https://learn.microsoft.com/en-us/mem/configmgr/core/understand/introduction
• https://learn.microsoft.com/en-us/mem/configmgr/apps/deploy-use/management-tasks-applications
• https://techcommunity.microsoft.com/t5/microsoft-365-blog/simplifying-change-management-of-microsoft-365/ba-p/3738912
• https://www.microsoft.com/en-us/insidetrack/about-us
• https://www.microsoft.com/investor/reports/ar23/index.html
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The Microsoft Detection and Response Team (DART) actively looks for cyberthreats that have penetrated an environment, looking beyond known alerts or malicious threats to discover new potential threats and vulnerabilities. They use a tiered data collection model and start by collecting a snapshot of the densest, most indicator-rich data they can from every object and endpoint they can reach.
Deploying Patches
The pace at which Microsoft deploys patches is dependent on specific requirements.
Sources of Information About Potential Threats
Microsoft aggregates data from various sources to gather information about potential threats. These sources include first-party threat intelligence feeds .
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Azure security has defined requirements for active monitoring. Service teams configure active monitoring tools in accordance with these requirements. Active monitoring tools include the Microsoft Monitoring Agent (MMA) and System Centre Operations Manager.
The Initial Response Time varies with both the support plan and the Business Impact of the request (also known as Severity). For a breakdown of initial response times by several level and business impact, please visit https://azure.microsoft.com/en-us/support/plans/response/
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft strives to respond quickly and effectively to protect Microsoft services and customer data. Microsoft employs incident response strategy designed to investigate, contain, and remove security threats quickly and efficiently.

Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents.

Microsoft’s approach to managing a security incident conforms to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, and Microsoft has several dedicated teams that work together to prevent, detect, and respond to security incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)
  • Other
Other public sector networks
  • Microsoft 365 Guidance for UK Government
  • Microsoft in Public Sector
  • Business Applications Partner Activities

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Effective stewardship of the environment with activities that deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.
We can support customers environmental goals by providing annual carbon emissions on contract and reduction plans.

We will run free of charge sustainability infrastructure reviews for customers to understand how they can reduce carbon emissions of their IT services.

We are working towards 2040 Net-Zero GreenHouseGas emissions.
Since 2021 we have been Carbon Neutral with Gold Standard Certified carbon credits - partner Ecologi.
By 2026 we aimed to reduce Scope 1 and 2 emissions by 50% from a 20/21 baseline year and which we have now achieved.
By 2030 we aim to reduce all of our emissions (including Scope 3) by 50% this is from a 22/23 baseline year.

Achievement of 2030 50% reduction targets (based on last FY) would mean a minimum carbon reduction of 142tCO2e per year for the public sector.

We record and monitor our usage/ conversion to carbon emissions monthly and progress is published annually on the website in accordance with PPN06/21 and SECR guidelines. We are ISO14001 certified, and our targets are currently being verified by SBTi.

Overall, the business:
-Generates solar energy (85%) with REGO renewable purchased energy.
-Zero waste to landfill waste management
-Minimises travel emissions by 60%
-Uses water wisely – reduced by 15%

Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.

We work hard to influence others and change behaviours to help fight climate change.

Workforce:
-Sustainability inductions
-Sustainability training
-Staff campaigns
-Volunteering opportunities
-Family woodland tree planting

Suppliers:
-Supply-chain reviews
-Sustainability training
-Blogs/ media content
-Sustainability training

Customers:
-Sustainability Infrastructure Review
-Hardware Carbon-Assessments
-Circular-Economy support
-Sustainability training

Covid-19 recovery

Help local communities to manage and recover from the impact of COVID-19 with activities in the delivery of the contract which:
Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors.
- Phoenix Employability Outreach Programme - Unique access to Microsoft Career Essentials programme
Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.
-Phoenix Small Business Digital Skills Outreach programme – webinars supporting cyber security, accessibility and licensing.
-Phoenix VCSE Digital Skills Outreach Programme – webinars supporting cyber security, accessibility and licensing.
Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.
-Phoenix Digital Skills Outreach Programme – Supporting people to access services services online e.g NHS app and Banking apps.
Examples of our working with London and Quadrant Housing Association to deliver befriending calls for tenants who were lonely and isolated as a result of Covid19.
We have also worked with Liverpool City Council to promote employability courses to those left unemployed by Covid-19 and who are now in employment.
We provided free of charge IT service desk to 15 charities during the pandemic and have worked closely with them to support them with returning to full operation again.

Tackling economic inequality

Create new businesses, new jobs and new skills with activities that, in the delivery of the contract:
Create opportunities for entrepreneurship and help new, small organisations to grow, supporting economic growth and business creation.
-60% of our supply chain are SME’s
-We are signatories and adhere to the Prompt Payment Code
-Host Dragons Den SME supply chain sessions for new suppliers to showcase their services for our customers.
Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas.
- The Phoenix Employability Outreach Programme provide unique access to Microsoft Career Essentials digital literacy programme, career talks and employability advice.
Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors.
-Graduate work placements
-Phoenix Employability Outreach Programme - Unique access to Microsoft Career Essentials programme for certifications to skill up for roles in the IT sector.
-We work with our supply-chain to create job roles with shared apprenticeship heads and promotion to permanent employment.
Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.
-Apprenticeships whereby we aim for c.10 graduating apprentices and all are moved into permanent employment with Phoenix.
-Skills City Bootcamp where we deliver career talks and provide projects to 19+ year olds seeking to upskill for employment in the technology sector.
Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
-Our programmes are delivered in partnership with our customers, supply chain and workforce, including Career talks, mentoring and IT challenge activities.

Equal opportunity

Reduce the disability employment gap with activities that:
Demonstrate action to increase the representation of disabled people in the contract workforce.
-We are certified Disability Confident Employers (level 2).
-We provide Digital Accessibility training for all staff so we can communicate with each other and our customers in an inclusive manner.
-We are exploring the use of the Voluntary Reporting Framework for understanding the disability makeup of the workforce.
Tackling workforce inequalities with activities that demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce.
- We focus on ensuring an inclusive and unbiased recruitment strategy, with unconscious-bias training, blind recruitment processes, and reviewing language and placement of advertisements.

-All staff trained receive mandatory EDI training annually.

Various initiatives include
-Signatories of the Race at Work Charter,
-Disability Confident Committed Employer
-Signatories of the Armed Forces Covenant
-Gender-Neutral toilets
-Prayer room
-Milk-pumping room
-Sponsor York Pride
-We have specific policies for Menopause, and LGBTQ+.
-We have established an Accessibility-Centre-of-Excellence to display the latest technology
-We monitor our workforce statistics and report on them:
Gender 65% male /35% female (industry-average 20%)
Ethnicity 5.6% (local-area 3.9%)
Staff turnover 12.3% (industry-average 13.2%)
Using the Voluntary Reporting Framework, we are working on what and how we can report metrics around disabled people in the workforce, including those with hidden disabilities.

We have been recertified as a Great Place to Work™ and UK's Best Workplaces™ for Women.

Wellbeing

The mental health and well-being (MHWB) of our staff is of the utmost importance to us and our MHWB Policy aims to provide a working environment that promotes and supports the MHWB of all employees.
Activities that demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce at Phoenix include:
-We utilise different resources not least those from Mental Health at Work Commitment, NHS Every Mind Matters, and the MIND employer toolkit to improve our employee MHWB programme.
-All our staff heavily discounted private health insurance includes mental wellness. Plan members access a range of health treatments including face to face counselling and cognitive behaviour therapy.
-Phoenix invests in the St Johns Ambulance Mental Health First Aid training course to ensure we have MH first aiders in the business and the skills to address MH in the workplace.
-The new challenges the pandemic has raised, on our employee’s MHWB, has led to the creation of a staff network group who meet monthly, to ensure that all we do and say truly covers all aspects of MHWB.
-All employees are given a monthly wellbeing hour to take for their own personal time and are also supported with monthly tea and toast sessions discussing and normalising MHWB topics.

We influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.
-We provide Digital Accessibility training for all staff so we can communicate with each other and our customers in an inclusive manner.
-We have established an Accessibility-Centre-of-Excellence to display the latest technology to the workforce, supply chain and our customers
-We deliver digital accessibility training to customers
-We are sponsors of the Neurodiversity Awards

Pricing

Price
£38.47 to £42.12 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Trial versions of Dynamics 365 Applications and the Power Platform are generally available for 30 days and provide full capabilities to enable customers to test the functionality meets their requirements.
Link to free trial
"Dynamics 365 - https://dynamics.microsoft.com/en-us/dynamics-365-free-trial/ Power Platform - https://www.microsoft.com/en-us/power-platform/try-free"

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.