Workplace from Meta and Alternatives

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Microsoft 365 (Teams / One Drive / Sharepoint)
Google Apps / G-Suite
57 other integrations and counting
Cloud deployment model: Private cloud
Service constraints: Customers require minimal hardware to get up and running (service is accessed via browser (and 2x optional mobile apps iOS and Android).
Service is SaaS, support is available 24/7 direct via Workplace Support (for system admins)
System requirements: Browser (Chrome, Firefox, Edge...)

Mobile device (iOS and Android)

User support

Email or online ticketing support: Email or online ticketing
Support response times: 24/7
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AAA
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 24 hours, 7 days a week
Web chat support accessibility standard: WCAG 2.1 AAA
Web chat accessibility testing: We have provided direct web chat support to partially sighted users
Onsite support: Onsite support
Support levels: Depending on size and complexity of the client organisation, and scope of the contract, we provide:
On-site and remote senior leadership engagement and training
On-site and remote early adopter / champion training and support
Launch and post-launch on-site and remote user support, training, and ongoing community management services
Technical account manager / cloud support engineer

Services and support vary from £5k quick start package to £50k + depending size, complexity, scope, in-house resource, budget...
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Business case development
Senior Leadership Engagement and training
Onsite and remote training (early adopters / champions / all users)
Online training and educational support
User documentation
Comms Strategy, planning and collateral development
Online community management
Project management for entire deployment pre-launch, launch and beyond as required
Service documentation: Yes
Documentation formats: HTML

ODF

PDF

Other
Other documentation formats: Powerpoint

Video
End-of-contract data extraction: The data gathered from Workplace by Meta will be gathered on behalf of the enterprise signed up to use Workplace by Meta as a service. Enterprise user-generated content contained within the enterprise’s managed community, as well as logged enterprise user activity is stored on Meta's servers until the end of the Workplace by Meta service contract or until the enterprise decides to delete data. Should an enterprise decide to delete their managed community before the end of a contract, then the enterprise may contact the Workplace by Meta team and all data within the managed community (for that enterprise) and all related ents and assocs will be deleted according to Meta's data deletion policies. Enterprise admins may delete groups or enterprise user-generated content. Once the option to delete this data is confirmed, the data will be deleted in line with Meta's data deletion policies. Enterprises also have the option and ability to access or delete any relevant data via the Workplace by Meta API.
End-of-contract process: Use of Workplace and our associated success services will continue throughout the duration of the contract.
Contract can be terminated at any point with one month's notice.
Additional services may be purchased and terminated in addition to the core software resell related contract.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Android

IOS

MacOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Service is mobile first with optimal, familiar mobile experience developed by Meta. Mobile experience uses NewsFeed, algorithms, and mobile design to bring relevant content to users wherever they are. Apps even provide relevant access for system admins to Andmin Panel.
Browser view provides full access, integration Workplace and Workplace Chat features.
Service interface: Yes
User support accessibility: WCAG 2.1 AAA
Description of service interface: System Admins (and other admins) have access to Admin Panel, to manage user provisioning, group and content, analytics, integrations, security settings, and a host of other features and functionality
Accessibility standards: WCAG 2.1 AAA
Accessibility testing: Navigation Assistant
Keyboard Shortcuts
Screen Readers and Assistive Technology
Closed Captions and Media
Text Size and Contrast
API: Yes
What users can and can't do using the API: The Graph API for Workplace is a programmatic way to get data in and out of Workplace. It's a low-level HTTP-based API that you can use to query data about objects in a Workplace graph. The Graph API is named after the idea of a graph data model, where objects are represented by nodes and joined along edges.
API documentation: Yes
API documentation formats: HTML

PDF

Other
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Group Structure
Branding
Privacy Settings
Integrations
Bots / AI
SSO
Directory Sync
Automation

Scaling

Independence of resources: We are growing a team of deployment experts and are an official preferred Workplace reseller and deployment partner. We were one of the first in the UK starting in Jan 2016. The Workplace software has 7 million paid users around the Globe. They span retail, technology, telecommunications, financial services, media, entertainment, hospitality, food and drink, transport, property, utilities, delivery and government. Its used by 31,000+ organisations, and is fully scalable (built by Meta who have experience of 2.9 billion users on the consumer platform, Facebook).

Analytics

Service usage metrics: Yes
Metrics types: Provisioned users
Account claims
Monthly / weekly / Daily active users
Content volume / engagement
App usage
Profile completion
Retained users
Connections (across the org between users)
Group activity
Group membership
Group most active members
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Workplace from Meta

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: System admins can export data at any time via the Admin Panel and via API
In addition end users can export their data (self service) in line with GDPR
Data export formats: CSV
Data import formats: CSV

ODF

Other
Other data import formats: Jpeg

Pdf

Doc

Xls

Ppt

Mov

Mpeg

Html

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

Other
Other protection between networks: Workplace follows standards focused on security and confidentiality:
Data Access is based on agreements with the individuals, businesses or organizations using the product.
Access measures protect data in accordance with security / confidentiality commitments within these agreements.
Data from different Workplace communities is segregated using the communities’ unique identifier.
Measures are in place to collect, use, retain, and dispose of data in accordance with security / confidentiality agreements.
Data protected against theft or misuse.
Processes and controls are in place to inhibit, detect, respond to malicious activity.
Compliance with security / confidentiality policies procedures are monitored on ongoing basis.
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: Workplace is segregated into separate and private managed communities. Facilitated by the same technology that enforces Meta’s core privacy features and controls within the Facebook public platform. When an enterprise signs up for Workplace, a unique enterprise identifier is created. Data created by administrators and users within that enterprise’s managed community are associated to that respective enterprise ID, thereby protecting the confidentiality of that data.
The Workplace by Meta product has available tools to help enterprise administrators manage and control their data.
The enterprise owns all data produced and maintained within the managed community while Meta provides the platform.

Availability and resilience

Guaranteed availability: In 5 years we have had 0% downtime. Customers pay monthly and can cancel with one month's notice.
In the unlikely event of unacceptable downtime we would refund the buyer their licence costs.
Approach to resilience: Available on request to customers via SOC2 report
Outage reporting: There is a real-time dashboard in the Admin Panel for system admins.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Workplace is segregated into separate private managed communities. Meta creates a unique enterprise identifier. All data created by enterprise administrators and users are associated to that enterprise ID, thereby protecting the confidentiality of that data.
Initial setup is facilitated to ensure the core security and experience features function appropriately, but afterwards, the enterprise is solely responsible for managing user access, data deletion, data retention, and content moderation until the enterprise terminates services. Workplace by Meta product has available tools to help administrators manage and control their data.
The enterprise owns all data produced and maintained while Meta provides the platform.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: Between 1 month and 6 months
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: EY Certify Poin
ISO/IEC 27001 accreditation date: 12/7/2017
What the ISO/IEC 27001 doesn’t cover: The certification scope is limited to Meta teams supporting Workplace platform
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: ISO 27018

EU-US Data Privacy Shield

SOC2 / SOC3 Global Standards

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: The Security Team has developed a dynamic risk assessment program in response to the dynamic environment in which it operates. The team tracks and manages risks identified from multiple sources including the team’s expertise and experience, risk assessment activities, security monitoring tools, and company-wide incident management response systems. The Security team manages on-going operational and consultative risk assessments which are outlined below.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Procedures in place for change management and software development of Workplace. Change management process covers changes to code and back-end systems including infrastructure, back-end environment, databases, and security tools. Changes tracked through internal code tracking system and source code via version control tools.
Training on secure coding practices, tools, all aspects of the technology stack.
Peer review including code, unit testing, test case development.
Enforcing strict accountability for changes and effectiveness during the release process.
Post production monitoring: bug bounty, incident management, including root cause analysis, corrective action
Dev servers receive same security configurations across tech stacks as production systems.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Workplace has a vulnerability management team in place responsible for performing vulnerability scans/detection to identify and evaluate risks posed by vulnerabilities. The vulnerability management team also works on identifying and prioritizing threats posed, associating threats with owners, and working towards an acceptable remediation of the threat or acceptance of risk. External scanning is performed at least on a quarterly basis and Internal scanning/detection is performed on a continuous basis. The results are validated internally and tracked to resolution. Penetration testing is performed as needed by designated security engineers or external service providers who specialize in attack and penetration testing.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Monitoring of system configurations and security settings is managed by configuration management tools. These continually update security settings and configurations on production servers with master settings to ensure systems are consistent with expected security standards.
Security event logging is performed and monitors for threats in accordance with predefined security criteria configured in a centralized security monitoring tool. Alerts are reviewed by authorized personnel. The security team coordinates with CERT, Legal, HR and other outside parties as necessary, for triaging the security events.
Meta has DDOS detection and mitigation mechanisms in place to protect the network from denial of service attacks.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Incidents relating to site, platform, or infrastructure issues are managed and escalated through the general incident management process. Incidents are tracked in the Meta incident management system and assigned a severity level. The Incident On-Call team will evaluate each incident ticket in the Meta incident management system to determine if the severity level, which impacts the resolution timing, is appropriate. The incident management team conducts an Incident Management Review on a weekly basis to ensure high and medium severity incidents are discussed, resolved, and a root cause is determined.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

We enable synchronous and asynchronous communication and collaboration, as well as instant translation and other outcomes which help minimise the need for physical travel.

Covid-19 recovery

Since Covid we have emerged into a world of hybrid working, where it is vital organisations provide fair access to work, information, knowledge and opportunities. We enable all of the above, plus we have specific case studies from our work globally with the WHO and with NHS Trusts across the UK which further demonstrate this.

Tackling economic inequality

We believe that everyone has a voice, but that voices are often not heard. We help connect frontline workers with HQ and everyone in between, ensuring that everyone's voice can be heard should they wish. This fuels opportunity and career progression for everyone across the organistaion, whatever their background.

Equal opportunity

Equality Diversity and Inclusion is rightly at the top of the corporate and governmental agenda. We enable opportunities, openness and discussion across all communities inside organisations, and have helped drive allyship and break boundaries eg between LGBTQ+, BMe and people of all backgrounds.

Wellbeing

In a post covid world of Teams and Zoom meeting burn,out, we enable asynchronous comms and collaboration to alleviate the pressure of 'always on' synchronous vide meeting cultures. In addition we surface company wellbeing schemes and packages helpjbg employees to engage with these offers (which often they are unaware of).

Pricing

Price: £2 to £4 a licence
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: 30 Day free trial of Workplace from Meta
Full features included
Free 1 hour strategic consultancy session
Link to free trial: https://www.worknetworks.co.uk/connect-with-us

Workplace from Meta and Alternatives

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Workplace from Meta and Alternatives

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents