Shaping Cloud

Microsoft Cloud Licences

Shaping Cloud Microsoft Cloud Licences allows you to purchase, provision and manage your Microsoft licences and Azure subscriptions directly from us. This offers customers an accessible route to software licenses, storage and cloud compute. In addition, we support customers with advice to get the best out of their cloud investment.

Features

• Office 365 / Microsoft 365
• Windows and End User Compute
• Windows Server and Microsoft SQL
• Azure Services with no minimum spend
• Instantly provision your licencing and cloud
• Optimise licences to match usage
• Managed service support
• Security services
• Public Sector and Education discounts available

Benefits

• Transparent pricing, with no hidden fees
• Flexible monthly or annual licencing
• Licence optimisation to get the most from your spend
• Access to Microsoft support
• Centralised subscription and licence management

£0.01 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@shapingcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

970188775116545

Contact

SC Customer Relationship Team
01614085333
sales@shapingcloud.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Supported internet browsers
  • Hardware meets application requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We typically respond to questions within 30 minutes of asking them, or immediately depending on the method of contact and availability. For support services, we have standard SLAs available for working hours, or 24/7/365. The response times for this are defined with the SLA and depend on the categorisation and prioritisation of incident / query.; We also offer tailored SLAs for all clients - our response times are agreed with each client, defined in the SLA and are flexible according to your needs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Our support arrangements are tailored to your specific needs, as our experience shows that no 'one-size' fits all requirements. We will discuss your customer support requirements (including the support/services, service levels, response times, communication channels and reporting) to agree your specific requirements for the services that you are looking for.; Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to our engineers and technical specialists. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a range of on-boarding services to help organisations get started with the Microsoft product set, including:; ; - Cloud readiness assessment; - Strategy and business case development; - Cloud migration and transformation; - Optimisation; - Managed service
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Please see: https://docs.microsoft.com/en-us/search/?terms=data%20portability
• End-of-contract process: The amount of notification required to end the contract depends on the length of contract taken out and will be included in the call-off contract. At the end of the contract process, Shaping Cloud will support the organisation in extracting any data or moving to another supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User experience will depend on device type.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Service interface will depend on the service accessed.
• Accessibility standards: None or don’t know
• Description of accessibility: Please see: https://www.microsoft.com/en-us/accessibility/features
• Accessibility testing: Please see: https://www.microsoft.com/en-us/accessibility/features
• API: Yes
• What users can and can't do using the API: Please see: https://docs.microsoft.com/en-us/windows/web/apis
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Please see: https://docs.microsoft.com/en-us/search/?terms=customisation

Scaling

• Independence of resources: Microsoft cloud delivers at a global scale. Correctly configured services and components scale to meet business demand. Please see: https://docs.microsoft.com/en-us/search/?terms=independence%20of%20resources

Analytics

• Service usage metrics: Yes
• Metrics types: The Microsoft product set provides metrics in a number of ways. Please see: https://docs.microsoft.com/en-us/search/?terms=service%20metrics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in a number of ways, depending on the Microsoft service. Please see: https://docs.microsoft.com/en-us/search/?terms=data%20export
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Various formats can be exported from the Microsoft product set
  • Shaping Cloud can support export requirements
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Various data formats can be imported into the product set
  • Shaping Cloud will support data import work

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Please see: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection

Availability and resilience

• Guaranteed availability: Please see: https://docs.microsoft.com/en-us/search/?terms=SLAs
• Approach to resilience: Please see: https://docs.microsoft.com/en-us/search/?terms=datacenter%20resilience
• Outage reporting: Microsoft reports service health: https://portal.office.com/servicestatus

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 01/01/2022
• What the ISO/IEC 27001 doesn’t cover: Please see https://docs.microsoft.com/en-gb/compliance/regulatory/offering-ISO-27001?view=o365-worldwide
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 12/02/2019
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: None
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc
• PCI DSS accreditation date: 01/11/2017
• What the PCI DSS doesn’t cover: Service Scope is identified here http://aka.ms/azure-pci
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • FACT
  • FedRamp
  • NIST 800-171
  • FIPS 140-2
  • CCSL (IRAP)
  • CDSA
  • ISO 27001 (ISMS), 27017 (Cloud Security), 27018 (Personal Data)
  • SOC 1, SOC 2, SOC 3
  • 22301 (Business Continuity), 9001 (Quality Management)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Shaping Cloud is Cyber Essentials Plus certified.
• Information security policies and processes: Shaping Cloud uses Cyber Essentials Plus aligned information security policies and processes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.; ; Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape. ; Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management recommendations focus on addressing issues related to continuously acquiring, assessing, and acting on new information in order to identify and remediate vulnerabilities as well as minimizing the window of opportunity for attackers.; 1: Run automated vulnerability scanning tools; 2: Deploy automated operating system patch management solution; 3: Deploy automated patch management solution for third-party software titles; 4: Compare back-to-back vulnerability scans; 5: Use a risk-rating process to prioritize the remediation of discovered vulnerabilities; For more information https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources as well as those in your hybrid environment.; ; Defender for Cloud performs continuous security assessments of your connected resources and compares their configuration and deployment against the Azure Security Benchmark to provide detailed security recommendations tailored for your environment.; ; In addition Intelligent Security Graph provides real-time threat protection. It uses advanced analytics that link a threat intelligence and security data to provide insights that can strengthen organisational security.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Microsoft has developed robust processes to facilitate a coordinated response to incidents. ; • Identification – System and security alerts may be harvested, correlated, and analyzed. ; • Containment – The escalation team evaluates the scope and impact of an incident. ; • Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred. ; • Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.; • Lessons Learned – Each security incident is analysed to protect against future reoccurrence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Consuming cloud services from the main hyper-scale cloud providers and being a part of their commitment to being carbon neutral by 2025 and carbon negative by 2030. Right sizing workloads in the cloud and regularly reviewing consumption further supports these targets and ensures minimum carbon footprint. ; ; As part of our engagement with any Customer, we are able to measure the reduction in carbon footprint as a result of adopting cloud services in preference to traditional technology. This supports each organisation in achieving their own plans to become net zero.; ; We are a 100% cloud-based SME, with a minimal carbon footprint and a target to have a zero-carbon footprint by 2030 - so partnering with us also supports moving to a zero carbon footprint in your supply chain.; ; Microsoft's view https://www.microsoft.com/en-us/corporate-responsibility/sustainability/operations
• Covid-19 recovery:

  Covid-19 recovery

  We are a UK-based SME who creates UK jobs. We have programmes to recruit from a diverse base, including career changers. We are already a diverse workforce and have targets to ensure we continue to be diverse.; We are committed to supporting our Customers in the public sector with their plans to support help communities manage and recover from the impact of COVID-19.; ; Use of cloud services ought to ensure your organisation is agile in the response to recovery. Right-sizing and optimising your use of cloud, which we can help you with, will ensure a sound investment of public funds - retaining as much funding as possible for deliver of public services and interventions such as Covid-19 recovery.; ; Microsoft's view https://news.microsoft.com/covid-19-response/
• Tackling economic inequality:

  Tackling economic inequality

  We are a UK SME with a diverse workforce. We recognise the benefits from having a diverse workforce and therefore target people from all backgrounds to work at Shaping Cloud. ; ; We support career changers and measure values and culture alignment along with career potential higher than formal education - ensuring equal opportunity for those from all economic backgrounds. We partner with a variety of organisations to provide digital training for those from diverse and deprived backgrounds – providing them with their first employment experience subsequent to this training.; ; All our employees are paid above the Living Wage and receive additional benefits, such as private health - having a positive impact on themselves and their families and communities.; All our employees receive training in digital as well as five days paid leave for learning every year.; ; We pay all genders equally, according to merit.; ; Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact
• Equal opportunity:

  Equal opportunity

  We are a UK SME with a diverse workforce. We recognise the benefits from having a diverse workforce and therefore target people from all backgrounds to work at Shaping Cloud. ; ; We measure values alignment along with career potential higher than formal education and background - ensuring equal opportunity for those from all economic and racial backgrounds, as well as those who require additional support or technology in order to carry out their work effectively. E.g. individuals with visual, auditory, physical, speech, cognitive, language, learning, behavioural or neurological impairment, as well as the needs of those for whom English is not their first language.; ; Our recruitment practices value each person according to their experience as well as their potential and do not discriminate in any way on the grounds of race, colour, religion, gender, or sexual orientation.; ; All employees have a personal development plan and access to a personal coach to support them in their professional and personal development - ensuring everyone has equal opportunity for career progression. Each person's performance and contribution is reviewed at least annually, which includes 360 degree views, to determine whether they are ready for career progression. This career progression is awarded on the basis of readiness and not on the basis of a post becoming available or an individual line manager making that decision. In this way, every person has equal opportunity.; ; Implementation of digital services requires consideration to ensure no user is excluded from using the service. This is all the more important with respect to public services. We support our customers with advice with respect to accessibility, and we tailor our solutions and services to our client’s needs in this area.; ; Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact/
• Wellbeing:

  Wellbeing

  We prioritise the wellbeing of our workforce, with private health, excellent work-life balance, flexible working location and hours, coaching, and personal development.; ; We regularly canvas for feedback from our employees to ensure they all enjoy work and feel rewarded for their efforts.; ; We have an always available Wellbeing group internally, which arranges activities and challenges throughout the year to promote good health as well as providing a variety of suggestions and opportunities to ensure good mental health.; ; We provide two paid volunteering days per year per employee, and encourage use of these to improve the communities we are a part of.; ; Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact/

Pricing

• Price: £0.01 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Please see https://azure.microsoft.com/en-gb/free
• Link to free trial: https://azure.microsoft.com/en-gb/free/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@shapingcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.