Generation Digital

Miro Online Whiteboard for Visual Collaboration

Miro is the online collaborative whiteboard platform that enables distributed teams to work effectively together, from brainstorming with digital sticky notes to planning and managing agile workflows.

Take advantage of a full set of collaboration capabilities, make cross-functional teamwork effortless, and organize meetings and workshops.

Features

  • Online Whiteboard

Benefits

  • Improve employee experience
  • Improve customer experience
  • Reduce the cost of collaboration
  • Improve time to market
  • Drive innovation

Pricing

£0 to £22 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gend.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 5 3 7 7 4 7 8 6 0 8 8 0 9 7

Contact

Generation Digital Thomas Sutton
Telephone: 0203 6379 776
Email: gcloud@gend.co

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Miro does not work with:
Internet Explorer 10
Internet Explorer 11
Opera
Developer or Beta versions of supported browsers
System requirements
Supported browsers: Chrome , Safari for Mac, Firefox, Microsoft Edge

User support

Email or online ticketing support
Email or online ticketing
Support response times
Expedited support ticket
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via the website.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
We provide the following support levels:

Onboarding

Customer success managers (CSMs): A dedicated partner familiar with your goals, helping you hit them with coaching, calls, and training.

Professional services: Additional consulting sessions for on-site training, digital transformations, custom integrations, and more.

Custom resources: From onboarding to feature tips, we can provide the right content at the right time to help answer your team’s questions and needs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide Online Training, Onsite Training, User Guides, etc.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
There are a number of ways to extract data from Miro, all of them are available in the Export menu.
End-of-contract process
At the end of the contract, licences can be renewed or terminated.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The user experience is similar across desktop and mobile.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Create custom plugins and integrations to empower teams to collaborate smarter. And embed online whiteboards into products to extend workflows — for your company or millions of Miro users around the world.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Branding
Custom Fields
Display
Workflow
Templates
Integrations
Security

Scaling

Independence of resources
Miro is built on a scalable cloud platform used by millions of users.

Analytics

Service usage metrics
Yes
Metrics types
Understanding how Miro is adopted in your company is essential for making decisions that impact your organization and business. We've built a dashboard that provides a global overview of collaboration on a company, team, and user level.

Open Insights to see a review of your account users' activity and content: check how the number of active users, teams, projects, and boards has changed in your account over time and see the most popular templates. The analytics will help you understand the level of value that Miro brings to your company and enable you to make better decisions.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Miro (Generation Digital is an official partner providing additional services)

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the console or a support ticket.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Text
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Mural

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Our data is securely managed and held with TLS 1.2 or higher for transit and AES 256 at rest, in compliance with GDPR and CCPA standards.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Miro diligently maintains the security of our backend network. Our network security and monitoring techniques are designed to provide multiple layers of protection and defense. We employ industry-standard protection techniques, including firewalls, network vulnerability scanning, network security monitoring, and intrusion detection systems to ensure only eligible and non-malicious traffic is able to reach our infrastructure.

Availability and resilience

Guaranteed availability
1. Service Availability. Miro will use commercially reasonable efforts to provide the Service to Customer at the Availability
Standard set forth below:
a. “Availability Standard” means uptime availability of the Service at a level of at least 99.5% availability measured on a monthly
basis, excluding scheduled maintenance time. The Service will be deemed unavailable if Customer is unable to access the
Service (“Disruption”). Notwithstanding the foregoing, it will not be a Disruption if the Service is not available because of (i)
general internet problems or outages caused by power supply carriers; (ii) malfunction of equipment, systems software,
network connections or other infrastructure not owned or operated by Miro; (iii) force majeure events or other factors outside
the reasonable control of Miro or (iv) scheduled service or maintenance or reasonable emergency maintenance.
b. Miro will provide updates and information about availability and outages through in-app notifications and/or at
https://status.miro.com.
Approach to resilience
Our server infrastructure provides secure data storage and high application availability. All application services are started on multiple servers with a load-balancing/fault-tolerance system to increase redundancy. Cluster topologies are classified by the N+1 level of high availability. User data is replicated to multiple availability regions.

Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident 24 hours a day, 7 days a week. We’ve developed a reliable system to ensure that select employees are instantly notified of any possible safety risks.

Regular backup

User data is stored on a failover cluster, backed up every 40 minutes and encrypted. No matter what happens, your work will stay safe. There are also daily backups of the entire database that are stored separately from the main data center for a standard retention period of 180 days.

Incident response. We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues.
Outage reporting
We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues.
Promptly respond to alerts of potential incidents
Determine the severity of the incident
If necessary, execute mitigation and containment measures
Notify the stakeholders about the incident and its status using
service available at status.miro.com. Users can subscribe to
notifications via email, SMS, and webhook.
Gather and preserve evidence for investigative efforts
Document a postmortem and develop a permanent triage plan.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
On a quarterly basis, management reviews user access to in-scope systems for continued
appropriateness and removes any access that is no longer required. Upon termination of employees,
access is removed.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
24/03/2022
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
25/03/2022
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/a
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 Type II
  • ISO/IEC 27001:2013
  • GDPR
  • CCPA
  • CSA
  • NIST
  • Third party risk assessment — SIG Lite
  • SOC 3

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
Miro performs an annual SSAE 18 SOC 2 Type 2 to ensure third party oversight of our services.

SOC 3 report

CSA STAR Registry Consensus Assessments Initiative Questionnaire (CAIQ) self-assessment
Information security policies and processes
Miro has established an information security management framework describing the purpose,
direction, principles, and basic rules for how we maintain trust. This is accomplished by
assessing risks and continually improving the security, confidentiality, integrity, and availability
of the service. We regularly review and update security policies, provide security training,
perform application and network security testing, monitor compliance with security policies,
and conduct internal and external risk assessments.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
A formal Change Management Policy has been defined by the Miro Engineering team to ensure that all application changes have been authorized prior to implementation into the production environments. Source code changes are initiated by developers that would like to make an
enhancement to the Miro application or service. All changes are stored in a version control system and are required to go through automated Quality Assurance (QA) testing procedures
and manual code review to verify that security requirements are met.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our security team performs automated and manual application and infrastructure security
testing to identify and patch potential security vulnerabilities and bugs on a regular basis.

We also engage independent service providers to perform external penetration tests to assess
the potential system security threats on an annual basis. Remediation activities against
discovered vulnerabilities are performed in a timely manner to enable the pentest provider to
retest and verify that the issues are fixed.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The security of your data is our highest priority. Miro’s Trust team is available to assist you in
ensuring regulatory and service compliance.

We are committed to protecting the security and data of over 15 million users worldwide,
including 95% of the Fortune 100, who trust Miro with their most valuable asset: their
information. Miro will continue to invest in the security of our platform to allow our users to
work with the confidence and peace of mind that their data is safe and secure.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
If Miro becomes aware of unauthorized access or disclosure of Customer Content under its control (an “Incident”), Miro will:
5.1. Take reasonable measures to mitigate the harmful effects of the Incident and prevent further unauthorized access or disclosure;
5.2. Upon confirmation of the Incident, notify the Customer’s designated security contact by email within 72 hours. Notwithstanding the foregoing,
Miro is not required to make such notice to the extent prohibited by Laws, and Miro may delay such notice as requested by law enforcement
and/or in light of Miro’s legitimate need to investigate or remediate the matter before providing notice; and

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

We are committed to fighting climate change.
Covid-19 recovery

Covid-19 recovery

We are committed to Covid-19 recovery
Tackling economic inequality

Tackling economic inequality

We are committed to tackling economic inequality
Equal opportunity

Equal opportunity

We are committed to equal opportunity
Wellbeing

Wellbeing

We are committed to wellbeing

Pricing

Price
£0 to £22 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 Day Free Trial
Link to free trial
https://form.asana.com/?k=Fj4GyxPKGFknu6hxQB9FJg&d=730738882138290

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gend.co. Tell them what format you need. It will help if you say what assistive technology you use.