Realtimeboard, Inc.

Miro

Miro, a leading visual collaboration workspace, facilitates innovation for distributed teams. Its infinite canvas and 2,000+ template boards foster collaboration and meetings. Unique interactive presentations, feedback recording, and integrations with Google, Teams, Slack, Zoom & Jira streamline workflows. Empowers design, development, and engineering teams for real-time alignment and innovation

Features

• Product Development Workflows: Supercharge your product development lifecycle
• Diagramming & Process Mapping: Design, visualise and optimise complex processes
• Workshops & Async Collaboration
• Miro Assist (AI) (BETA): Use AI to automate tasks
• Content & Data Visualisation: Visualise the big picture, share context
• Visual Project Management: Speed up project delivery and improve outcomes
• Enterprise Guard: Advanced data security, governance, and content lifecycle management
• Centralised App Management: View and manage apps across the organisation
• Developer Tooling: Build userfacing and serverside integrations via API SDK
• Talktrack: Record interactive video or audio walkthroughs of your boards

Benefits

• Drive efficiencies in your delivery model by streamlining workflows
• Make planning sessions engaging with built in facilitation tools
• Motivate & develop your top talent to innovate
• Speed up project delivery by creating a centralised hub
• Reduce costs by standardising your workflows via customisable templates
• Increase revenue by accelerating speed of engagements
• Boost collaboration by bringin all your users into one workspace
• Mitigate risk through enhanced data security and governance
• Increase participation using interactive workshop facilitation tools
• Remove creative barriers using AI, generate ideas, content, mindmaps

£250 to £250 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@miro.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

760898429063568

Contact

Eoin Cosgrave
07940922878
sales@miro.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: See System Requirements. ; ; https://help.miro.com/hc/en-us/articles/360017731553-System-requirements
• System requirements:
  • Miro can be used on different types of devices.
  • You can open Miro in a browser
  • You can download the Desktop, Tablet, Mobile app
  • You can use Miro on an interactive display.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Miro have different response time targets depending on the type of subscription, and urgency of the issue. Miro only offer response time SLAs for customers who purchase the Premium Support add-on. All other customers can expect a response during their region's business hours. Premium Support response hours can be found in Miro Support Policy at: https://miro.com/legal/documents/Miro-Support-Policy.pdf
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: The web chat widget is accessible from Miro’s contact form
• Onsite support: No
• Support levels: Miro provide Standard Support to all paying customers included in their subscription cost, and Premium Support as an add-on for customers with an Enterprise Plan. Response times for Premium Support add-on are: ; For Urgent priority incidents, characterized by the Service being inoperative or causing a complete failure due to critical issues in Miro’s infrastructure, resulting in Service downtime, the response time is 2 hours with updates provided every hour. ; For High priority incidents, which entail a Core Functionality of the Service being inoperative with no workaround available, the response time is 4 Business Hours with updates provided every 24 Business Hours. ; For Medium priority incidents, which involve Users being unable to access a particular functionality of the Service, or encountering minor bugs where a workaround is available, the response time is 24 Business Hours with no set update frequency. ; For Low priority incidents, which have low impact on Users such as functional or Documentation questions, the response time is 48 Business Hours with no set update frequency.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Miro provides a full range of tools and services for onboarding including in-person and remote professional services options, online training tools for self-serve enablement and documentation. ; Miro Academy (Online):; Miro Academy is a collection of educational content, including courses, to help you build your skills in Miro. These courses include videos, and live trainings, and new starters can earn badges to showcase their skills.; ; Miro Learning Center (in UI): users can learn to use Miro interactively on the board via the Learning Center, which provides step-by-step visual guidance directly within the user interface, which new starters can follow while creating a board.; ; Miro’s Help Center (Online) provides full documentation of all Miro features and functionality in form of searchable Tutorials and FAQs.; ; Consulting Services (Paid Add-On):; -Quick Start services: provides buyers with a guided plan for implementation focusing on technical foundations, security at scale, consolidation services, and use case enablement. ; -Advisory Services: provides a dedicated expert in Human-Centered Change Management, Agile Transformation, and Design Thinking who can help you get from vision to value, fast. Lead change, drive adoption, deepen alignment, transform workflows, minimize disruption, and speed value realization through leading practices and adaptive approaches tailored to your desired outcomes.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data is held in Miro in accordance with Miro’s retention policy and users can export their data from Miro any time during the subscirption or 30 days after termination using Miro’s board export capability, allowing them to transform their boards into images, PDFs, or CSV files. See more details here: https://help.miro.com/hc/en-us/articles/360017572754-How-to-export-your-board
• End-of-contract process: There are no additional costs in relation to offboarding from Miro. Customers can export Boards at no additional cost withing 30 days after termination using Board export functionality. Upon termination of service all customer content is removed from the application in accordance with Miro's standard schedules and procedures.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Accessing Miro via mobile browsers allows for viewing of boards only. To comment and edit boards, users must either access Miro via a Desktop browser or use the Miro Mobile app. Some Miro desktop features are not supported on mobile app.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Miro User Interface consists of the Miro Dashboard, Miro Canvas, and the User Settings and Administration Interface.; Dashboard: main page where you navigate between your teams, projects, and boards. Allows you to setup or import new boards in Miro and helps you search, organise and share your boards among your teams.; The canvas: is an online editor providing infinite canvas to build, edit, share boards, run workshops. It contains toolbars for content editing/creation, navigation, and collaboration/facilitation.; User Settings & Administration: allows users to configure their user settings, including personal settings, apps & integrations, brand settings, team admin settings, API/documentation.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Miro partners with Fable (https://www.makeitfable.com) to conduct user research with people with disabilities to ensure usability (defined as efficiency, effectiveness and satisfaction); has a collaboration with a large UK charity for people with visual impairments; and frequently meets with Miro customers who employ people with disabilities for feedback.
• API: Yes
• What users can and can't do using the API: Miro’s APIs are based on a RESTful approach. They feature predictable and resource-oriented URLs and use HTTP response codes to indicate API errors.; Miro’s REST APIs comprise of HTTP methods that you can use to build integrations that don't rely on interactions in the Miro interface.; How the REST API can be used:; Connect a Miro board to a third-party product; Enable flows that require communicating with a server backend or a database; Enable a service to exchange data programmatically using languages other than Javascript or Typescript; ; Certain APIs are only available on the Enterprise plan. You can access Enterprise APIs only if you have the Company Admin role. Click here for a full list of REST API capabilities:https://developers.miro.com/docs/miro-rest-api-introduction.; ; Miro’s SCIM API is used by SSO partners to provision, manage, and de-provision users and teams (groups). The SCIM API is available for Miro accounts on the Enterprise plan only.; ; The SCIM API is based on the Open standard: System for Cross-domain Identity Management 2. Miro’s SCIM implementation uses the 2.0 version of the protocol. ; Click here for a full list of SCIM API capabilities: https://developers.miro.com/docs/scim
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Custom Templates:; Users can save fully customised Miro board templates to standardise the way teams run repeatable engagements and save time. These can be used by individual users or shared across teams and the entire organisation.; ; Brand Center:; Users can customise their own style palettes and even standardise styles by uploading brand fonts and colours to the Brand Center, so their teams can easily create branded content matching the businesses unique personality.; ; Personalised Interface:; Users can customise the way the Miro interface is displayed, for example by configuring the canvas grid type, background colour, and even personalising the toolbar by pinning their favourite apps.; ; Apps & Integrations:; Admins can customise apps and integrations provisioning and add 3rd party apps to the Miro toolbar, providing access to individual teams.; ; API & SDK:; The Miro Developer Platform offers developer teams the tools, documentation, and lots of sample apps to help them build apps that extend Miro board functionality.

Scaling

• Independence of resources: Miro is hosted in AWS which allows us to scale dynamically. Miro has production monitoring and alerting in place to scale near real time.

Analytics

• Service usage metrics: Yes
• Metrics types: · Licenses allocated - the number of members assigned a Full license; · Total users - the number of all Members and Guests registered in your plan. Users who access boards from public links (visitors) are not included; · Active teams - the number of teams in which at least one member opened a board within the last 12 months; · Active projects - the number of all projects where at least one member opened a board within the last 12 months; · Active boards - the number of boards opened by registered users within the last 12 months
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: AES 256 with NIST recommended ciphers in conjuction with ISO27001 and SOC2 Type II
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data from Miro using Miro’s board export capability, allowing them to transform their boards into images, PDFs, or CSV files
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Images
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Word
  • Excel
  • PowerPoint
  • PDF
  • Images
  • Xls, xlsx, csv, ods
  • Text documents: doc, docx, odt, rtf
  • Presentations: ppt, pptx, odp

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Miro encrypts all data within our network, uses strong authentication, and has IDS and WAF.

Availability and resilience

• Guaranteed availability: Miro has an SLA of 99.5%. Miro publishes its SLA here for anyone to view: https://miro.com/legal/master-cloud-agreement/. Miro’s status page is posted publicly and incidents are posted if there is any downtime. In the event of outages that do not meet SLA, customers can request service credits.
• Approach to resilience: Miro is hosted entirely in AWS in Ireland with 3 availability zones. Redundant backups are held in AWS Frankfurt in case of failover. Backups are also done hourly and daily.
• Outage reporting: Service outages can be viewed anytime on https://status.miro.com/; ; Customers can also subscribe to RSS feed, API, and email alerts or directly from the Miro App in the administrator settings to be notified.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Miro restricts access based on RBAC and least privilege in accordance with a Logical Access Policy. Change Management and HR policy enforce assignments based on departments and groups. Bi-annual review is done for access. All policies are based on ISO27001 and Cyber Essentials.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Access to the production environment is restricted to limited employees. Access is based on least privilege/need to know basis. Access to production also requires the use of VPN and MFA. All access to the production environment is monitored and logged. Logs are reviewed on a daily basis.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: Original Registration Date: 2021-09-10 Effective Date: 2022-03-24 Revision Date: 2022-03-24
• What the ISO/IEC 27001 doesn’t cover: Miro is a SaaS solution and all services provided by Miro are covered under ISO27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: Last certified: 02/01/2024
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Miro is a SaaS solution and the entire service is covered by our CSA STAR certification.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • TISAX
  • SOC2 Type II compliance
  • CSA Star
  • Others can be found here: https://miro.com/trust/compliance/.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essential - Certificate Number d4e9083f-80b9-4e9e-b5e6-969075f7dd39; ; We are also commencing the programme against ISO42001 Artificial Intelligence.
• Information security policies and processes: Our Information Security Policies are aligned within our ISO27001 Information Security Management System and follow the requirements of Clause 7.5 ‘Documented Information’.; ; All policies are reviewed at least once per annum or sooner, where required. Have an identified process owner, and Subject Matter Expert(s).; ; They have version controls, review an log of all changes, with retention in line with the Miro Information Classification and Handling Policy, and our Data Retention Policy.; ; Our key polices and supporting processes, include, but not limited to:; ; Information Security Policy; Procedure for document control; Acceptable Use Policy; Asset Management Policy; Risk Assessment & Risk Treatment Policy (and Plan); Access Control Policy; Operating Procedures for IT Management; Secure System Engineering Prnciples; Supplier Security Policy and Procedures; Incident Management Procedure; Business Continuity & Disaster Recovery Plans, Procedures and BIA.; Change Management Policy; Information Classification & Handling Policy; Cloud Service Policy; Backup and DR Policy; Many others.; ; We are happy to supply a full list of all policies, procedures, plans and other supporting documentation, to any buyer and we support, any buyer's right to audit.; ; Miro’s Change Management and Confirguartion Management process is aligned to the government’s 5th cloud security principle, ISO27001, and Cyber Essentials

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organization adheres to Principle 5: Operational Policy, incorporating ISO27001:2013 Annex 12 and Annex 13 controls, and Cyber Essentials, ensuring alignment of change and configuration management. Vulnerability management per 'Vulnerability Management Policy,' swiftly applying updates, sometimes automatically, per industry standards and Miro operational guidelines. Utilizing industry-leading tools and policies, asset inventory is maintained; estate-wide monitoring detects patching policy violations. Continuous monitoring, internal/external penetration testing, and routine scanning by Miro uphold security standards. Legacy systems are absent, assets are managed per ISO27001 and Cyber Essentials, with audits verifying compliance. Configuration management employs Change Control Processes, documenting actions for audit and remediation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Miro’s vulnerability management processes are based on ISO27001 and Cyber Essentials; this includes triaging and prioritizing fixes, monthly vulnerability scans, 3rd party penetration tests, and risk management. Miro also participates in a public bug bounty program via Hacker1.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Miro’s protective monitoring processes include frameworks based on ISO27001 and Cyber Essentials. Monitoring is done with a SIEM, WAF, and custom IDS.; Miro’s WAF, SIEM, IDS, and other monitoring tools will alert miro of any potential compromises. All potential incidents are triaged and validated and an Inident Response policy is followed. An incident commander will escalate the issue until it is validated and will include appropriate personnel to begin conduct research and mitigation to reduce and remediate risks. Miro responds to all incidents immediately within commercially reasonable efforts and triages appropriately in accordance to our Incident Response Policy.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Miro has an Incident Responce Policy. All potential events and issues are triaged appropriately and escalated after review and validation. Miro will notify customers on our status page of any relevant incident affecting their account. All incidents can be viewed on our status page and RCAs may be requested for enterprise subscribers

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Miro is currently establishing it’s environmental sustainability baseline. As part of this, we are collecting all of GHG emissions across the company & conducting our materiality assessment to better understand where to focus our efforts. With input from both, we will define a robust strategy to reduce our footprint, which will guide us towards a sustainable future. ; ; Although this work is underway, we have been proactive in defining our sustainable real estate strategy as we have selected our new buildings in Austin, Berlin & Amsterdam (covering ~70% of our total footprint), improving our operational emissions (scope 1 & 2) significantly. ; ; We have also implemented our learning lab (workplace) strategy where ‘sustainability’ is one of our key pillars. This get’s reflected in the way we build out our spaces, focused on using highly sustainable/circular materials + using ‘circular business models’ to avoid buying furniture & integrating biophilic design in our spaces, supporting a healthy environment for our employees. This work is significantly reducing our Scope 3 emissions as well.; ; On top of the above, we are going to report our sustainability footprint and ambitions on platforms like Ecovadis & CDP by end of this fiscal year.

  Covid-19 recovery

  During the COVID-19 pandemic, Miro was committed to the safety of employees and had strict policies on when the employees could return to the office. Currently, employees are required to test negative before returning to the office.

  Tackling economic inequality

  Miro donates our technology to staff members, students and academic institutions, enabling learners access to unlimited Miro board boards to collaborate, innovate and build a better future. Through Mironeers Give Back, Miro doubles employee donations to causes that are tackling economic inequality.

  Equal opportunity

  Miro is an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant or employee based on any legally recognized basis (which e.g. depending on the employee’s location, may be race, color, religion, sex, sexual orientation, gender identity, age, national origin or ancestry, citizenship status, physical or mental disability, genetic information, veteran status, uniformed service member status) protected by applicable European, country, federal, state or local law. Our commitment to equal opportunity employment applies to all persons involved in our operations and prohibits unlawful discrimination by any employee.

  Wellbeing

  Miro is committed to the wellbeing of our Mironeers including ensuring they have access to quality health care and mental health support, including company paid therapy and counseling sessions for employees and their dependents.

Pricing

• Price: £250 to £250 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The standard trial is typically 30 days.; Free Plan: ; Single workspace with 3 editable boards; Share context and save time with 5 Talktracks to give interactive video walkthroughs of your boards.; Library of 2500+ Miro and community-made templates; 100+ apps and integrations like Zoom, Slack, Google Drive, and Sketch
• Link to free trial: https://help.miro.com/hc/en-us/articles/360017730373-Free-Plan

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@miro.com. Tell them what format you need. It will help if you say what assistive technology you use.