GOOGLE CLOUD EMEA LIMITED

Cloud Identity - Premium Edition

Easily manage users, devices, and apps from one console. Enable employees to work from anywhere, on any device, with one-click access to all the apps they need. Employees can focus on their work, and you can more easily manage thousands of identities as people join, move, and leave the organization.

Features

• User Lifecycle management
• Single sign-on
• Account Security
• Device Management
• Reporting and analytics

Benefits

• Provision/deprovision accounts as people join, change roles, and leave
• Create or import user accounts into a cloud-based directory
• Manage everything from an easy-to-use mobile app
• Allowing users to access multiple apps using the same credentials
• Build a catalog of pre-approved-third-party SaaS-apps that users can use
• Manage Android/iOS/Chrome and desktops from a central console
• Monitor security and compliance posture with reporting and auditing capabilities
• Enforce screen locks, passcodes, and wipe corporate data
• View/search for devices and export details
• Receive alerts for suspicious activity

£0 to £0 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ps-frameworks@google.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

116468523636464

Contact

Iain Burgess
+447876258053
ps-frameworks@google.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Please refer to https://cloud.google.com/identity/ for more information on service constraints.
• System requirements:
  • A modern web browser
  • Please refer to https://cloud.google.com/identity/ for more information on technical requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Support is available free of cost to all Workspace customers and includes 24/7 multi-channel technical support for critical issues (P1). For more information, visit the Google Workspace Customer Care Portfolio (https://workspace.google.com/support/); ; Further support offerings are available at an extra cost, and can be found here: https://workspace.google.com/intl/en_uk/support/; ; Priorities defined: https://support.google.com/a/answer/1047213; ; Technical Support Services Guidelines: https://workspace.google.com/terms/tssg.html
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: Google Workspace customers are eligible for Standard support at no additional cost. Enhanced & Premium Support is available at an additional cost. Enhanced & Premium Support includes improved target response times and Premium Support includes 1:1 consultation with a Technical Account Manager.; ; Support services are described in more detail here: https://workspace.google.com/support/
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Google provides a business transformation framework based on research in accredited universities. An online Getting Started learning path is described at https://support.google.com/; We also provide Google Workspace training which is a plug-in to your Chrome and describes step-by step functionalities and processes.; The Google Workspace Learning Center https://support.google.com/a/users provides numerous documentation, guides, tips, customer examples, and training resources.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Contextual training videos
• End-of-contract data extraction: We provide tools to our customers to export their data. More information can be found here: https://support.google.com/a/answer/100458?hl=en#all
• End-of-contract process: "For information on offboarding, please refer to:; https://support.google.com/a/answer/1257646#direct_step2_cancel_subscriptions"

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We've written native applications for Android and iOS which are designed with those user interface frameworks in mind.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: With the Admin Console you can:; Easily add users, manage devices, configure security and settings so your data stays safe.; Use integrated Cloud Identity features to manage users and set up security options. ; Protect your organization with security analytics and best practice recommendations within the security center.; Distribute apps to employees and keep data secure on employee’s iOS and Android devices. ; Use mobile management to distribute apps and get employees up and running quickly, check usage, manage security settings, and lock or wipe devices remotely.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: It is in our pipeline to test and deliver our products and services to become more accessible for assistive technology users.
• API: Yes
• What users can and can't do using the API: The scope of capabilities exposed via API to Google Workspace/Cloud Identity/Drive/Cloud Search Platform users is very broad and encompasses most major use cases. API's are can be found here: https://developers.google.com/
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Google Apps Script is a JavaScript cloud scripting language that provides easy ways to automate tasks across Google products.; With Apps Script, you can create Add-ons for Google Docs, Macros, menus, and custom functions as well as managing responses for Google Forms.

Scaling

• Independence of resources: Google Workspace provides scalable and elastic cloud services.

Analytics

• Service usage metrics: Yes
• Metrics types: - Highlights: Key metrics and trends including app usage, users status, file visibility, and security.; - Security: Assess overall exposure to data breach. Discover which users not using 2-step verification, installing external apps, or sharing documents indiscriminately.; - Apps Usage Activity: See how your organization uses Google Workspace over a specific period by examining email activity, number of spreadsheets created, number of files shared, and more.; - Account Activity: Access all data from Security, Apps Usage Activity, and Highlights pages in a single master report.; - Audits: View logs of various activity, including admin, mobile activity, and more.; More: https://support.google.com/a/topic/29163?hl=en&ref_topic=4490889
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Data belonging to Google Workspace customers is stored at rest in two types of systems: disks and backup media.; ; Disks are used to write and retrieve data in multiple replicated copies. (Refer to Google Workspace Security Whitepaper.) Google also stores data on offline backup media to help ensure recovery from any catastrophic error or natural disaster at one of our data centers.; ; Data stored at rest is encrypted on both disks and backup media, but for each system we use a distinct approach for encryption to mitigate the corresponding security risks.; ; For policies and compliance reports, download directly from: https://cloud.google.com/security/compliance/compliance-reports-manager#/
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Please refer to; https://support.google.com/accounts/answer/3024190?hl=en
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • DOCX
  • XLSX
  • PPTX
  • PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • DOCX
  • XLSX
  • PPTX
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: During the Term of the applicable Google Workspace Agreement (or prior versions of the agreement governing the use of Google Workspace) (the "Agreement"), the (i) Google Workspace Covered Services web interface will be operational and available to Customer at least 99.9% of the time in any calendar month; and (ii) Google Voice will be operational within 2 business days of Customer's acceptance of the Voice Service Specific Terms via the Admin Console (the "Google Workspace SLA"). If Google does not meet the Google Workspace SLA, and if Customer meets its obligations under this Google Workspace SLA, Customer will be eligible to receive the Service Credits described below. This Google Workspace SLA states Customer's sole and exclusive remedy for any failure by Google to meet the Google Workspace SLA.
• Approach to resilience: All data is redundantly stored across a minimum of 3 data centers, and all services are designed to leverage the redundant data center infrastructure powering Google services.
• Outage reporting: Please refer to the link below; https://www.google.com/appsstatus#hl=en-GB&v=status

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: A built-in Password Monitor is visible to the end user upon password; creation and to the System Administrators of the tenant whom can decide to force a password change on any user that is later detected to have a password that is weak. Google's native authentication has; protections in place that would detect a brute force attack and challenge the user to solve a Captcha and would auto lock the account if suspicious activity is detected. The tenant's System Administrators can; reset that account for the end user
• Access restrictions in management interfaces and support channels: Google Workspace provides administrative features made available to Customer within the Admin Console for the management of Google-hosted accounts, mobile devices, and application within the Customer’s domain. Advanced security and control features may be subject to an additional charge; ; Support services are only provided to authorized customer administrators whose identities have been verified in several ways. Googler access is monitored and audited by our dedicated security, privacy, and internal audit teams.; ; https://cloud.google.com/iam/; https://services.google.com/fh/files/misc/google_security_wp.pdf; https://services.google.com/fh/files/misc/sep_2021_caiq_self_assessment.pdf
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Google's native authentication requires a minimum 8 character complex password. Tenants can set the; maximum or increase the minimum. A Password Monitor is visible to the end user upon password; creation and to the System Administrators of the tenant. Google's native authentication has; protections in place that would detect a brute force attack and challenge the user if suspicious activity is detected. System Administrators can reset that account for the end user.; Google provides the capability for domain administrators to enforce Google's 2-step verification. The 2nd; factor could be a code generated via several supported mechanisms.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 25/1/2024
• What the ISO/IEC 27001 doesn’t cover: See certificate for full list of products covered, anything not listed is not covered. The latest certificates should be downloaded from our Compliance Reports Manager found here: https://cloud.google.com/security/compliance/compliance-reports-manager#/
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/8/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: The supported list of services is available at https://cloud.google.com/security/compliance/csa-star/
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Full list available at https://cloud.google.com/security/compliance/compliance-reports-manager#/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: For all of our policies and compliance reports, please download directly from our compliance manager - https://cloud.google.com/security/compliance/compliance-reports-manager#/
• Information security policies and processes: Google's cloud services are designed to deliver better security than many traditional on-premises solutions. Google makes security, and protection of data it's primary design criteria, which is the cornerstone of it's overall security governance and compliance audits. Google’s third party audit approach is designed to be comprehensive to provide assurances of Google’s information security capabilities. Customers may use these third party audits to assess how Google’s products can meet their compliance and data-processing needs.; https://cloud.google.com/security/overview/whitepaper; https://cloud.google.com/security/compliance

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: In Google production environments, software updates are manually vetted to ensure the stability of the system. Changes are then tested and cautiously rolled out to systems. The details vary somewhat depending on the service being considered, but all development work is separated from the operation systems, testing occurs in a multi-staged fashion in both environments and in dedicated test settings. Additionally, changes to code go through a process of code review involving additional engineer(s).; ; For all of our policies and compliance reports, please download directly from our compliance manager - https://cloud.google.com/security/compliance/compliance-reports-manager#/
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive-automated and manual-penetration efforts, quality-assurance processes, software-security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. The vulnerability management team tracks and follows up frequently until remediated. Google also maintains relationships with members of the security research community to track issues in Google services and open-source tools.; ; https://cloud.google.com/security/overview/whitepaper#vulnerability_management; ; Refer to: https://cloud.google.com/security/compliance/compliance-reports-manager#/
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: At many points across our global network, internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of open-source and commercial tools for traffic capture and parsing. A proprietary correlation system built on top of Google technology also supports this analysis. Network analysis is supplemented by examining system logs to identify unusual behavior, such as attempted access of customer data. Google security engineers place standing search alerts on public data repositories to look for security-incidents that might affect the company’s infrastructure.; ; https://cloud.google.com/security/overview/whitepaper#monitoring; ; Refer to: https://cloud.google.com/security/compliance/compliance-reports-manager#/
• Incident management type: Supplier-defined controls
• Incident management approach: We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information.; ; https://cloud.google.com/security/overview/whitepaper#incident_management; ; Refer to: https://cloud.google.com/security/compliance/compliance-reports-manager#/

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Google shares its commitment to socially responsible goals. Google Cloud can demonstrate this commitment through a broad set of sustainability principles and activities. These principles focus on a people-centric framework that is robust, integrated, diverse, and designed with unique locations, scalability, and longevity in mind. Sustainability principles are embedded across Google’s operations, infrastructure, people, and products. Google’s five key sustainability commitments include:; Data centres: Design and operate industry-leading carbon-neutral data centres; Renewable energy: Google is the largest corporate purchaser of renewable energy, our operations utilise 100% carbon-free energy; Technology and tools: Design efficient and renewable consumer electronics and empower users with sustainable technologies; Supply chain: Build better and more sustainable devices and services by engaging the entire supply chain; Sustainable workplaces: Create end-to-end sustainable workplaces through ethical labour practices and the careful selection and use of materials to operate facilities; Google’s socially responsible activities are broad and deep, extending across the end-to-end supply chain and empowering national economies. Google Cloud is committed to remaining the leader in socially responsible cloud provision. We are pleased to enumerate our ongoing initiatives and track record, and to profile our lasting commitment to a better planet.; We track and report on our progress through our published annual Environmental Report.

  Tackling economic inequality

  Google Digital Garage includes a range of free training to support career and business growth with courses, including certification in digital marketing and online webinars. E.g. improving online presence and increased profits for barber shop and helping a property management firm in Haregate to grow their B2B business.; Google also provides grant funding to The Prince’s Trust and INCO Academy. ; ; Online training programmes are designed to earn job-ready skills in high-growth, high-demand careers such as IT Support, Project Management and Data Analytics. Citizens earn job-ready skills, with no GCSE, A Levels or degree needed. In the UK, Google is providing 10,000 need-based scholarships.; ; Google Cloud is recognized across the industry as a TSIA Star Award Winner for providing unique, experiential technical training with hands-on labs as the central method for developing skills acquisition. Google employs an Applied Learning modality provided by Google Cloud Skills Boost. This hands-on labs platform allows learners to skill up on Google Cloud in a safe sandbox environment using real Google Cloud resources. This provides a fully-authentic experience with the Google Cloud Platform (GCP) console, helps build confidence, and provides the necessary application of knowledge to ensure deep learning for both customers and partners.; ; Google Career Certificates provide an accessible pathway into well-paid, high-growth technology jobs. The programme offers free, flexible online training programmes designed to teach job-ready skills in high-growth, high-demand careers such as IT support, project management, data analytics, and UX design. They require no relevant prior experience or formal education required and on completion are similar to a UK level 4 qualification. We have partnered with the Department for Work and Pensions, Camden Council and other organisations to offer 20,000 scholarships and encourage completion.

  Equal opportunity

  Google has a responsibility to scale our Diversity, Equity, and Inclusion (DEI) initiatives to increase the pathways to tech in the communities we call home. Google has been publishing annual diversity reports since 2018. We are also building a robust, diverse talent pool to support our industry’s growth. To support this, we build DEI capabilities among all Googlers, from managers and leaders to front-line human resources. Through our Employee Resource Groups (ERGs), Leadership Councils, and Diversity Councils, we foster a sense of belonging throughout the company. More details can be found in Google’s latest DEI report.; Our ongoing efforts to ensure pay equity are just one part of our wider efforts to improve diversity, equity and inclusion (DEI) at Google, and ensure that our company remains a rewarding place to work for all our colleagues. Below are the 2 Google UK: Binary Gender Pay Gap reports published on an annual basis, 2021 ; 2022.; Social responsibility is fundamentally critical to Google’s operating philosophy, employee engagement, and the business as a whole. Accordingly, Google’s annual diversity report drives our internal discussions on diversity and inclusion and has resulted in an inflection point for Google that has changed how we approach these topics in our business practices. ; We track and report on our progress in our Google Annual Diversity Report

Pricing

• Price: £0 to £0 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ps-frameworks@google.com. Tell them what format you need. It will help if you say what assistive technology you use.