MeetingSphere GmbH

XLeap Center (G-Cloud)

MeetingSphere is a secure virtual workshop solution trusted by UK government departments and other UK public sector organisations for over 10 years. Meeting Center (G-Cloud) is the enterprise-class deployment for medium sized departments of the UK government and UK public sector organisations. The cloud service is hosted in London.


  • Supports any meeting or workshop process. Virtual or face-to-face.
  • Personal flat-fee for unlimited concurrent meetings and participants.
  • Brainstorm workspace with anonymity and theming. Highlighting with sticky dots.
  • Discussion workspace for discussing multiple topics. Anonymously or by team.
  • Rating workspace with all customary rating methods. Multi-criteria analysis.
  • Presentation workspace for crisp scalable slide shows. Interactive feedback channel.
  • Full and instant reports easily stored in SharePoint, MS Teams
  • Agenda templates for easy reuse and sharing of best practice.
  • Easy collaboration between Hosts (Co-facilitation).
  • Video conference included (voice, video & screen sharing).


  • Intensive interactivity and collaboration alongside existing meeting platforms.
  • Stakeholder engagement, cross government, and managing complex stakeholder groups.
  • Inclusive and diverse group working, giving space to diverse voices.
  • Advanced prioritisation and decision making for policy making and delivery.
  • Engagement with citizen and stakeholder groups for 'open policy making'.
  • Collaborative remote workshops for core project and programme management processes.
  • Repeatable processes for developing business cases, impact assessments, project planning.
  • Remote workshops on risk, benefits realisation and lessons learned.
  • Virtual learning reviews, hot and cold debriefs for operational units.
  • Futures work with including stakeholder analysis and horizon scanning.


£25,450 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 7 7 2 8 3 7 7 5 7 5 5 7 7 6


MeetingSphere GmbH John Turner
Telephone: +49 40 6891 4578

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Computers must run Chrome, Firefox, Edge, Safari or IE 11
  • IPads and iPhones require Safari 11 (iOS 11 or later)
  • Android devices require the Chrome, Edge (Chromium) or Firefox browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
4 hours on weekdays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is included for technical issues such as access to the service or functionality of a software feature. Technical support does not include consulting on facilitation processes or meeting design.
Support available to third parties

Onboarding and offboarding

Getting started
The appointed administrator receives 90 minutes online training which includes a walk through the administrative options.
Licensed users (users who can run meetings and workshops) are supported in context by extensive and in-depth online help and how-to videos.

Online and on-venue training is available at extra cost.

Participants do not require any training or onboarding.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Hosts typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content.

Storage of meetings on the Meeting Center serves the limited purpose of easy in-system re-use of content and meeting agendas. Hosts can save the content, Pro-Hosts the content and the agendas of their meetings to disk.
End-of-contract process
At the end of the subscription period - unless instructed to the contrary - MeetingSphere maintains the Meeting Center for a grace period of 90 days during which the subscription can be renewed. After the grace period, the deployment, its database and all backup files are deleted irrevocably. The customer's administrator is warned/informed of these successive steps repeatedly by email.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile service is functionally identical with the desktop service, except for active screen sharing not being supported on mobile devices.

The layout is responsive, meaning that workspaces will look different on a phone.
Service interface
What users can and can't do using the API
The meeting center supports SSO (SAML 2.0)
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Center administration can (1) control access and authentication requirements, use restrictions etc. (2) brand the login page, holding screen, meeting report.


Independence of resources
The Meeting Center runs with generously allocated resources. Systems trigger timely utilisation alerts for resources to be increased. This hardly ever happens.


Service usage metrics
Metrics types
Host and participant log ins and new meetings created in last 180 days.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Hosts and Pro-Hosts typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content. They can also export the content of individual workspaces to Excel or text.

Pro-Hosts can also save meetings (agendas with content) to disk in MeetingSphere's msmf-format.
Data export formats
  • CSV
  • Other
Other data export formats
  • Docx
  • Xlsx
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
MeetingSphere commits contractually to 99.9% uptime on a monthly basis, excluding regularly scheduled maintenance times or Force Majeure Events. If in any Account Period this uptime commitment is not met by Meetingsphere and customer was negatively impacted, Meetingsphere shall provide, as customer’s sole and exclusive remedy, a service credit equal to the number of minutes the Subscription Service was unavailable during that Account Period. If the service failed for a consecutive 4 hours, a full day shall be credited.
Approach to resilience
We follow industry best pactice under Amazon AWS's shared responsibility model. Details are available on request.
Outage reporting
Our service is continually monitored via AWS-supplied and other mechanisms. AWS supplies a dashboard. Responses are triggered via APIs and email alerts to MeetingSphere's response team.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces fall into three categories: 1. The management interface of the AWS service is protected by username, password and an AWS-supplied token device. 2. Privileged access to productive MeetingSphere systems can only occur via a bastion server which can only be accessed from a defined set of IP addresses and 2-factor authentication. 3. Privileged access by users (customer-appointed administrators) can be limited to separate user accounts with 2-factor authentication or SSO.
User support requests which involve access to customer systems or information are only accepted in writing (email) and verified via a separate channel, e.g. call back.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Restriction by source IP address.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
TÜV Rheinland Cert GmbH
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Service is fully covered.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
MeetingSphere follows a security awareness and training policy which defines basic and role-based training requirements.
MeetingSphere's information security policy follows the ISO 27k standards.
MeetingSphere's information security team ensures compliance by a variety of measures verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback. The Infosec team leader reports to the CTO who is responsible for security and reports to the CEO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere maintains under automated configuration control a current baseline configuration of the information system. The configuration is reviewed annually and on significant change. Older configurations are retained should a rollback be required. Configurations are based on a deny-all permit by exception policy which extends to software permitted to execute on the system. Changes to the configuration are assessed for risks and require approval by the Infosec team leader after testing in the staging network.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere routinely scans of its systems for vulnerabilities with an industry standard vulnerability scanner employing the latest definitions and signatures based on i.a. the NIST vulnerability database and the CWE list. 'Critical' and 'Important' Patches are deployed immediately, 'Low' patches within the day. MeetingSphere subscribes to various sources of security feeds including US-Cert and Microsoft's Security Bulletin.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere employs automated log analysis, continuous configuration monitoring and integrity scanning to identify security incidents. In the event of a suspected breach, the incident response team is alerted directly by email and SMS text for a verification of the incident. Further measures depend on the attack type and vector and the severity rating of the incident which is based on the functional and information impact, the appropriate containment, eradication and recovery strategy and required notifications.
Incident management type
Supplier-defined controls
Incident management approach
Amazon AWS is certified to comply with ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402. Under AWS' shared responsibility model MeetingSphere operates an incident response policy and set of incident response plans for external and removable media, attrition, web, email, impersonation, improper usage or loss/theft of equipment.
Users report incidents by email to a specific email address.
The user's main or designated contact is informed of all security breaches which impact or threaten the function or integrity of their deployment including the findings of impact analysis and measures (to be) taken to contain, eradicate and recover from the breach.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£25,450 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
The trial is limited to 14 days and includes the full functionality for Hosts/Pro-Hosts (the person who can plan and run meetings and workshops) and participants. The meeting report is cut-off after 10 line items per tool. The export of content is cut off after 10 line items.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.