Appsbroker Ltd

Workspace

Get Gmail, Docs, Drive and Calendar for business. Everything you need to do your best work, in one package that works seamlessly across your devices Reach your colleagues wherever they are.

Store files and find what you need, instantly. Manage users, devices and data securely and easily.

Features

• Proven successful migration and change management practice.
• Multi level training; end user through advocate to white glove.
• Ongoing support and change management throughout implementation and adoption lifecycle.
• Innovation and maximum return on investment through inspiration workshops.
• SAML, SSO & AD integration services.
• Security and governance controls and best practice across console configuration.

Benefits

• Trusted, having successfully completed the world’s largest G-Suite migration.
• Global deployment experience.
• Direct access to supporting services within Google
• Cost savings with assistance in removing duplicate technology.

£24.84 to £240 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@appsbroker.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

264736850031271

Contact

Appsbroker Sales
01793 391 420
sales@appsbroker.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Computer running a modern web browser Internet connection

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Under 30 minutes for all tickets, although this is the Initial Response Time SLA only for P1 priority tickets.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Through the Google Hangouts UI
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Initial Response Time SLA: ; P1 - 30 minutes; P2 - 2 hours; P3 - 4 hours; P4 - 8 hours
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Google provides users with an online learning center covering the basics of using the core services (Mail, Contacts, Drive etc). In addition, users can install a Chrome extension which can be accessed in any of these core services.; ; Appsbroker also provide bespoke user training for end user, admin and director level at an extra cost.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see https://support.google.com/a/answer/100458
• End-of-contract process: Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see https://support.google.com/a/answer/100458

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Applications are available both for iOS and Android. Features found on the desktop are redesigned for a mobile friendly experience. For apps that are not available for your mobile operating system, web browser support is included however, may not offer the same user experience as seen on the desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The G Suite Admin consoles provides central place for admins to manage your users, configure settings for your G Suite services, monitor G Suite usage in your domain, create groups and more.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: The console is accessible by administrators only. Depending on the level of access, administrators will have access to various areas of the console.
• API: Yes
• What users can and can't do using the API: Google provides a set of API's and SDK's which support several common developer languages such as JavaScript, Python, Ruby as well as Apps Script.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: By leveraging Google's API's, Users can expand on the G Suite offering covering most user cases. For more information on G Suites Developer offerings, see https://developers.google.com/gsuite/products

Scaling

• Independence of resources: Google operates G-Suite on a global scale, using the same infrastructure that supports all of Google's services. This provides G-Suite with mass resilience as well as mass scaling capability.

Analytics

• Service usage metrics: Yes
• Metrics types: The G suite admin console provides a reporting tool that allows administrators to view user and account activity and usage highlights either as a whole or by individual service.; ; The reporting tool also cover specific security activities such as admin actions, user login and audit functions and can be exported via CSV file for further analysis. For more information see https://support.google.com/a/answer/4580176?hl=en
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Google

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Data is stored at rest in two types of systems, disks and backup media. data is stored in chunks encrypted using 128-bit or stronger AES. Each encrypted chunk of data is associated with a specific ACL and can only be decrypted by authorized Google Employees and services. For more information, see https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-encryption-whitepaper-gsuite.pdf
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Most of the Google core services offer a download / save as option for individual items. Alternatively, users can export their data in bulk. Unlike the Data Export tool, this is performed by the user allows the user to choose what data to export and the format. For more information see https://support.google.com/accounts/answer/3024190?hl=en
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • JPEG
  • PNG
  • PDF for drawings
  • MBOX for email
  • ICal for calendars
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • JPEG
  • PNG
  • PD for drawings
  • MBOX for email
  • ICal for calendars

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: https://cloud.google.com/security/encryption-in-transit/; This protection is achieved by encrypting the data before transmission; authenticating the endpoints; and decrypting and verifying the data on arrival. For example, Transport Layer Security (TLS) is often used to encrypt data in transit for transport security, and Secure/Multipurpose Internet Mail Extensions (S/MIME) is used often for email message security.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: G Suite offers a 99.9% Service Level Agreement (SLA) for covered services in any calendar month and is backed by service credits. For more information, see https://gsuite.google.com/terms/sla.html
• Approach to resilience: Google's infrastructure is designed for maximum reliability by distributing / replicating data across Google's servers and Datacenters. Data is not dependent on on any physical or logical server for ongoing operation so in the event of a server or datacenter failure, your data is still accessible.
• Outage reporting: Google provides a publicly accessable status dashboard offering performance information on G Suite services covered by the G Suite SLA. you can access the dashboard by going to https://www.google.com/appsstatus

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Administrative roles are provided to super users who require access to administer the service. These roles can be customised depending on the administration required. Users can be signed in using standard username and password with additional 2 factor for additional security or using federated sign using AD credentials. User access to services can be customised using Organisational Units or Google Groups.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 01/03/2017
• What the ISO/IEC 27001 doesn’t cover: We have total coverage of the whole business.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO27001
  • ISO/IEC 27017
  • ISO/IEC 27018
  • ISO 22301:2019
  • ISO/IEC 27110
  • ISO/IEC 27701
  • SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We implement controls as defined in the 27001 specification.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow ITIL change management guidelines.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive-automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritised according to severity, and assigned an owner. The vulnerability management team tracks and follows up frequently until remediated. Google also maintains relationships with members of the security research community to track issues in Google services and open-source tools.; https://cloud.google.com/security/whitepaper
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behaviour, such as the presence of traffic that might indicate botnet connections. Network analysis is supplemented by examining system logs to identify unusual behaviour, such as attempted access of customer data. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff.; https://cloud.google.com/security/whitepaper
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information.; https://cloud.google.com/security/whitepaper

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  It is the Company’s policy to provide employment, training, promotion, transfer, pay, benefits and other terms and conditions of employment without regard to age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality and ethnic or national origins), religion or belief, sex and/or sexual orientation unrelated to an individual's ability to perform essential job functions.; It is also the Company’s policy to conform to all employment standards required by law.

Pricing

• Price: £24.84 to £240 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to the productivity suite for a limited time and a limited user group
• Link to free trial: https://gsuite.google.com/signup/basic/welcome

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@appsbroker.com. Tell them what format you need. It will help if you say what assistive technology you use.