OfficeLabs Ltd

Gimmal Discover

Gimmal Discover simplifies the management of sensitive information across the enterprise by locating, classifying and managing data to reduce risk and improve organizational efficiency.

Gimmal Discover streamlines e-discovery with a cloud-based solution that ensures information is private and available when requested.

Features

• Easily discover data across the entire enterprise
• Gain complete visibility of information, including workstations and laptops
• Ensure sensitive information is managed properly...
• Automatically classify files based on their content
• Integrate with Gimmal Records Management to manage the entire lifecycle
• Produce detailed reports to improve organisational efficiency
• Implement rule-based workflows to adhere to your information policy
• Create policies to consistently govern data based on orchestrated workflows

Benefits

• Govern all data to comply with organisational policies
• Analyse files: File shares, Exchange, SharePoint, Workstations, Laptops, OneDrive, Etc.
• PII files brought into governance and GDPR or regulatory compliance
• Discovering redundant or duplicate files
• Locate unstructured files that could be valuable to your business
• Eliminate redundant, obsolete, and trivial information to improve user efficiency
• Bring your organisation's data into corporate control

£6 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@officelabs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

148489555310560

Contact

Graham Bidwell
01392 24 0 365
hello@officelabs.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Gimmal suite of data governance products: Link, Migrate, Physical, and Records.; Microsoft SharePoint - on-premises, in the cloud and hybrid.; Exchange, and OneDrive; Box; G-Suite; File Shares, Workstations and Laptops.
• Cloud deployment model: Private cloud
• Service constraints: The service runs as a SaaS solution on Microsoft Azure, and therefore is subject to the constraints applied to that software.
• System requirements: Network connectivity for SaaS deployments

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Our standard support plan aims to respond to new cases within four working hours, on Monday to Friday excluding English public holidays and weekends. Extended SLAs and weekend support can be offered at additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support is 0900-1700, Monday to Friday, excluding English public holidays and weekends. We will respond within four hours of receiving a request. Our support team are experienced cloud support engineers who can advise on any request, query or issue. We offer support services which scale to your business depending on the amount of support hours you wish to use per month. Our Retained Technical Services are available from £750 per day.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Subject matter experts and trainers are available to provide either on-site or remote support at any UK location. The implementation process includes administrator training that involves either onsite or online training for a select number of information asset owners. During this phase we are on hand to fix any issues and offer on demand support. The full implementation process includes discovery to understand your content life-cycle requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: CSV
• End-of-contract data extraction: All data is held within the customer data repository and they retain ownership throughout.
• End-of-contract process: Contract includes software licenses, training, support, initial configuration and documentation. The initial contracted period is three years. Two years with one year extension for G-Cloud. Costs for the first year are payable up front. All content will remain available to you in your content repositories.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Some interface differences but the information displayed is the same.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Reporting and operational interface accessible through a web browser.
• Accessibility standards: None or don’t know
• Description of accessibility: Software management interface accessible through a modern web browser. Users can manage the system permissions and file plan settings from the web interface.
• Accessibility testing: Web reader text to speech.
• API: Yes
• What users can and can't do using the API: RESTful, SOAP
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Configured to meet the information management requirements of the customer.

Scaling

• Independence of resources: Can be hosted either on customer infrastructure or in a UK SaaS host. Both are scaled appropriately based on current volume and future expected growth. Both solutions can be scaled.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Gimmal

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customer data is not held by the vendor - all data is retained by the user. There is no data to export. Reports can be downloaded in csv and PDF format.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Monthly Uptime Percentage of 95% guaranteed
• Approach to resilience: https://docs.microsoft.com/en-us/compliance/assurance/assurance-data-resiliency-overview
• Outage reporting: Service dashboard Administration alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Administrator only access to SaaS
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: DoD 5015.2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Policy owner reports to the Chief Information Officer who in turn reports to the Business Owner. Policies are easily accessible. Policy Owners are audited on a regular basis. Automation is used where appropriate. Policies are acknowledged by workers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The ITIL Change Management Continual Process Improvement methodology is used to manage change. All changes are considered and assessed on business and security impact by the Change Advisory Board before implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are rated on risk, likelihood of occurrence and potential impact of the threat. Patches are developed, tested and released as soon as approved.; Primary threat sources:; https://www.ncsc.gov.uk/; https://security.microsoft.com/homepage
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Security and Compliance dashboard real-time monitoring Email alerts Automation where appropriate Incident response is within one hour during office hours. Within four hours at any other time.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Management process follows the ITIL Incident Management best practices. Users can report incidents by phone, email or portal. Incident reports are provided in PDF format on a monthly basis.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As a company who delivers its services and solutions remotely, OfficeLabs carbon footprint is lower than the average SME – we do not require our people to commute daily into central locations, thereby reducing this aspect to global warming.; As an employer, we encourage carbon-negative approaches to life, and encourage alternatives to motor vehicles when office-based meetings are held.
• Covid-19 recovery:

  Covid-19 recovery

  As a remote-based employer, delivering technical services and solutions, OfficeLabs continued working throughout Covid-19 and lockdowns.; During the pandemic, and since the end of lockdowns, OfficeLabs have seen its business grow, including with international clients, and has recruited additional people.
• Tackling economic inequality:

  Tackling economic inequality

  OfficeLabs are primarily an employer who delivers services through remote working.; This working practice reduces the costs and logistics of commuting, which is often a barrier to employment for lower-income and/or rural communities.; OfficeLabs provide the equipment to ensure employees can perform their work properly, and we provide training to help all employees develop their skills and experience to improve their quality of life.
• Equal opportunity:

  Equal opportunity

  OfficeLabs are an equal opportunities employer: we employ people according to their suitability for the role dependent upon their skills, abilities, and behaviours, not their characteristics.; We are proud to employ people across the demographic diaspora, including people with disabilities and provide the equipment all people need to perform their work.; We do not tolerate abusive or discriminatory actions or behaviours from or towards any person.
• Wellbeing:

  Wellbeing

  OfficeLabs values its people and understands the need to create working environments that support the needs of its employees.; As a company who primarily deliver our services through remote-working, we have weekly 1:1 check-ins with our colleagues, and hold weekly, company-wide meetings to ensure every person is valued and engaged.; After the prolonged spell of Covid-19 lockdowns, we recently began re-introducing office-based working facilities for employees who request them to ensure people have real-person engagements and do not feel isolated.; We also actively support our people with their charitable and voluntary works.

Pricing

• Price: £6 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@officelabs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.