Miro Online Whiteboard for Visual Collaboration
Miro is the online collaborative whiteboard platform that enables distributed teams to work effectively together, from brainstorming with digital sticky notes to planning and managing agile workflows.
Take advantage of a full set of collaboration capabilities, make cross-functional teamwork effortless, and organize meetings and workshops.
Features
- Online Whiteboard
Benefits
- Improve employee experience
- Improve customer experience
- Reduce the cost of collaboration
- Improve time to market
- Drive innovation
Pricing
£0 to £22 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 5 3 7 7 4 7 8 6 0 8 8 0 9 7
Contact
Generation Digital
Thomas Sutton
Telephone: 0203 6379 776
Email: gcloud@gend.co
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Miro does not work with:
Internet Explorer 10
Internet Explorer 11
Opera
Developer or Beta versions of supported browsers - System requirements
- Supported browsers: Chrome , Safari for Mac, Firefox, Microsoft Edge
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Expedited support ticket
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Via the website.
- Web chat accessibility testing
- None.
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide the following support levels:
Onboarding
Customer success managers (CSMs): A dedicated partner familiar with your goals, helping you hit them with coaching, calls, and training.
Professional services: Additional consulting sessions for on-site training, digital transformations, custom integrations, and more.
Custom resources: From onboarding to feature tips, we can provide the right content at the right time to help answer your team’s questions and needs. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide Online Training, Onsite Training, User Guides, etc.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- There are a number of ways to extract data from Miro, all of them are available in the Export menu.
- End-of-contract process
- At the end of the contract, licences can be renewed or terminated.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The user experience is similar across desktop and mobile.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- Create custom plugins and integrations to empower teams to collaborate smarter. And embed online whiteboards into products to extend workflows — for your company or millions of Miro users around the world.
- API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Branding
Custom Fields
Display
Workflow
Templates
Integrations
Security
Scaling
- Independence of resources
- Miro is built on a scalable cloud platform used by millions of users.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Understanding how Miro is adopted in your company is essential for making decisions that impact your organization and business. We've built a dashboard that provides a global overview of collaboration on a company, team, and user level.
Open Insights to see a review of your account users' activity and content: check how the number of active users, teams, projects, and boards has changed in your account over time and see the most popular templates. The analytics will help you understand the level of value that Miro brings to your company and enable you to make better decisions. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Miro (Generation Digital is an official partner providing additional services)
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the console or a support ticket.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- Text
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- Mural
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- Our data is securely managed and held with TLS 1.2 or higher for transit and AES 256 at rest, in compliance with GDPR and CCPA standards.
- Data protection within supplier network
-
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- Miro diligently maintains the security of our backend network. Our network security and monitoring techniques are designed to provide multiple layers of protection and defense. We employ industry-standard protection techniques, including firewalls, network vulnerability scanning, network security monitoring, and intrusion detection systems to ensure only eligible and non-malicious traffic is able to reach our infrastructure.
Availability and resilience
- Guaranteed availability
-
1. Service Availability. Miro will use commercially reasonable efforts to provide the Service to Customer at the Availability
Standard set forth below:
a. “Availability Standard” means uptime availability of the Service at a level of at least 99.5% availability measured on a monthly
basis, excluding scheduled maintenance time. The Service will be deemed unavailable if Customer is unable to access the
Service (“Disruption”). Notwithstanding the foregoing, it will not be a Disruption if the Service is not available because of (i)
general internet problems or outages caused by power supply carriers; (ii) malfunction of equipment, systems software,
network connections or other infrastructure not owned or operated by Miro; (iii) force majeure events or other factors outside
the reasonable control of Miro or (iv) scheduled service or maintenance or reasonable emergency maintenance.
b. Miro will provide updates and information about availability and outages through in-app notifications and/or at
https://status.miro.com. - Approach to resilience
-
Our server infrastructure provides secure data storage and high application availability.
All application services are started on multiple servers with a load-balancing/fault-tolerance system to increase redundancy. Cluster topologies are classified by the N+1 level of high availability. User data is replicated to multiple availability regions.
Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident 24 hours a day, 7 days a week. We’ve developed a reliable system to ensure that select employees are instantly notified of any possible safety risks.
Regular backup
User data is stored on a failover cluster, backed up every 40 minutes and encrypted. No matter what happens, your work will stay safe. There are also daily backups of the entire database that are stored separately from the main data center for a standard retention period of 180 days.
Incident response. We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues. - Outage reporting
-
We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues.
Promptly respond to alerts of potential incidents
Determine the severity of the incident
If necessary, execute mitigation and containment measures
Notify the stakeholders about the incident and its status using
service available at status.miro.com. Users can subscribe to
notifications via email, SMS, and webhook.
Gather and preserve evidence for investigative efforts
Document a postmortem and develop a permanent triage plan.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
On a quarterly basis, management reviews user access to in-scope systems for continued
appropriateness and removes any access that is no longer required. Upon termination of employees,
access is removed. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 24/03/2022
- What the ISO/IEC 27001 doesn’t cover
- N/a
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 25/03/2022
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/a
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- SOC 2 Type II
- ISO/IEC 27001:2013
- GDPR
- CCPA
- CSA
- NIST
- Third party risk assessment — SIG Lite
- SOC 3
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
-
Miro performs an annual SSAE 18 SOC 2 Type 2 to ensure third party oversight of our services.
SOC 3 report
CSA STAR Registry Consensus Assessments Initiative Questionnaire (CAIQ) self-assessment - Information security policies and processes
-
Miro has established an information security management framework describing the purpose,
direction, principles, and basic rules for how we maintain trust. This is accomplished by
assessing risks and continually improving the security, confidentiality, integrity, and availability
of the service. We regularly review and update security policies, provide security training,
perform application and network security testing, monitor compliance with security policies,
and conduct internal and external risk assessments.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
A formal Change Management Policy has been defined by the Miro Engineering team to ensure that all application changes have been authorized prior to implementation into the production environments. Source code changes are initiated by developers that would like to make an
enhancement to the Miro application or service. All changes are stored in a version control system and are required to go through automated Quality Assurance (QA) testing procedures
and manual code review to verify that security requirements are met. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Our security team performs automated and manual application and infrastructure security
testing to identify and patch potential security vulnerabilities and bugs on a regular basis.
We also engage independent service providers to perform external penetration tests to assess
the potential system security threats on an annual basis. Remediation activities against
discovered vulnerabilities are performed in a timely manner to enable the pentest provider to
retest and verify that the issues are fixed. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
The security of your data is our highest priority. Miro’s Trust team is available to assist you in
ensuring regulatory and service compliance.
We are committed to protecting the security and data of over 15 million users worldwide,
including 95% of the Fortune 100, who trust Miro with their most valuable asset: their
information. Miro will continue to invest in the security of our platform to allow our users to
work with the confidence and peace of mind that their data is safe and secure. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
If Miro becomes aware of unauthorized access or disclosure of Customer Content under its control (an “Incident”), Miro will:
5.1. Take reasonable measures to mitigate the harmful effects of the Incident and prevent further unauthorized access or disclosure;
5.2. Upon confirmation of the Incident, notify the Customer’s designated security contact by email within 72 hours. Notwithstanding the foregoing,
Miro is not required to make such notice to the extent prohibited by Laws, and Miro may delay such notice as requested by law enforcement
and/or in light of Miro’s legitimate need to investigate or remediate the matter before providing notice; and
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
We are committed to fighting climate change. - Covid-19 recovery
-
Covid-19 recovery
We are committed to Covid-19 recovery - Tackling economic inequality
-
Tackling economic inequality
We are committed to tackling economic inequality - Equal opportunity
-
Equal opportunity
We are committed to equal opportunity - Wellbeing
-
Wellbeing
We are committed to wellbeing
Pricing
- Price
- £0 to £22 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- 30 Day Free Trial
- Link to free trial
- https://form.asana.com/?k=Fj4GyxPKGFknu6hxQB9FJg&d=730738882138290