Generation Digital

Workplace by Facebook

Workplace by Facebook is a private and secure work collaboration tool. It is a dedicated space for companies to connect, communicate and collaborate. Organisations of all sizes can use familiar Facebook features such as news feed, groups, messages and events to get things done. Others SaaS applications can be integrated.

Features

  • Workplace Chat
  • Video Chat
  • Groups
  • News Feed
  • Integrations
  • Live Video
  • Auto Translate
  • Org Chart

Benefits

  • Engage employees to drive culture
  • More control over your data
  • Better business communication
  • Software that gets better the more people use it
  • Increase adoption of existing work tools
  • Reduced need for internal collaboration tools
  • Stay connected to your work, your team and your organization
  • Workplace Chat communications portal to your entire organization
  • Groups private space to discuss projects with colleagues/clients

Pricing

£0 to £2.5 per user per month

Service documents

G-Cloud 10

365416459122886

Generation Digital

Graham Mackay

0203 6379 776

hello@GenD.co

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Adobe Sign
Amplify
BlueJeans
Cisco Webex Meetings
Cornerstone Learning
Envoy
Freshservice
Kronos
Looker Action Hub
Medallia
Recognize
Splash
Egnyte
Zoom
Vee
Udemy for Business
Dropbox
Google Drive
OneDrive
Microsoft SharePoint
HubSpot
Jira Cloud
ServiceNow
Bloomberg
ADP Virtual Assistant
SurveyMonkey
Smartsheet
Box
Salesforce
Marketo
Medallia
Surveybot
Okta
Atlassian
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Active Workplace by Facebook account
  • Desktop access requires a browser
  • Mobile access requires download of the mobile application

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Workplace Premium customers have access to 1:1 email support 7 days a week/24 hours a day. The Support Team usually replies within a business day.

If you're not an admin or you're using Workplace Standard - Ask the Community a question. Help Community is a place where you can connect with Workplace users from other companies as well as your own to find and share answers to questions about Workplace. Members from our team also participate in the discussions.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Users can contact Generation Digital web chat via our website at https://www.gend.co/ to open a service ticket and request support via web chat .
Web chat accessibility testing None to date.
Onsite support Yes, at extra cost
Support levels Generation Digital are a Workplace by Facebook partner offering organisations full support with their deployment and support of Workplace by Facebook.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Generation Digital offers full end to end support for organisations that want to deploy Workplace by Facebook ranging from strategy, technical setup, user training, documentation, etc.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Video
End-of-contract data extraction To export data on people or groups in your Workplace community:

Go to Admin Panel at the top right of your Workplace profile.
Click Reporting.
Scroll down and click Export near People or Groups. Workplace will then send you an email with a link to download the CSV file.
Note: You can also request the data from your Admin Panel by clicking People and selecting Export Employee Information from the drop-down menu. For data on groups, from the Admin Panel click Groups and then Export.

Keep in mind that the stats to the left of the Activity Summary for Date column in the CSV file are in real time, while those to the right of the column are as of the date mentioned in the Activity Summary for Date column.
End-of-contract process Workplace by Facebook is a Software as a Service platform that is free to all Not For Profits. Private Sector organisations are charged at $3 per active user per month. At the end of the contract there are no additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Workplace by Facebook has been designed as a 'mobile first' solution.
Accessibility standards None or don’t know
Description of accessibility Workplace is committed to creating a great experience for all people. Workplace by Facebook has built-in features and technologies that help people with disabilities get the most out of the platform.
Accessibility testing Extensive.
API Yes
What users can and can't do using the API Custom integrations on Workplace are services that use the Graph API and the Account Management API to extend the functionality of Workplace.

By building a custom integration app, you can keep employee information in sync with an identity service, automate group membership, make backups of posts in groups, or automate posting to specific groups based on activity in another service.

You can also use custom integrations to build bots that can communicate in groups on Workplace and in Work Chat.

There are over 50 SaaS applications that can integrate with Workplace by Facebook via APIs. These can be setup from within the admin console.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Workplace has a platform built on the same infrastructure as Facebook Platform and Messenger Platform. This means that developers can use familiar technology like Graph API and Webhooks to build powerful integrations between Workplace and other enterprise tools.
System Admins on Workplace can build custom integrations for their Workplace community, which can combine many features together into a bespoke solution for their company needs.
If you're a developer of an enterprise SaaS (software as a service) application, or want to build an integration that serves lots of Workplace customers, you can build a Third Party Integration.

Scaling

Scaling
Independence of resources To handle the large volume of requests and ensure performant experience for users, Facebook has geographically distributed physical Points of Presence (PoPs) that sit at the edge of Facebook's network to deliver Facebook services and content to enterprise users.

Analytics

Analytics
Service usage metrics Yes
Metrics types 1. Claimed accounts insights
2. Mobile monthly active users chart
3. Company's Group Insights
4. Company's Content Insights
5. Company's Message Insights
6. Top Contributors

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Facebook Inc

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach See full SOC report here: https://hubs.ly/H0c9tFp0
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Go to Admin Panel at the top right of your Workplace profile.
Click Reporting.
Scroll down and click Export near People or Groups. Workplace will then send you an email with a link to download the CSV file.
Note: You can also request the data from your Admin Panel by clicking People and selecting Export Employee Information from the drop-down menu. For data on groups, from the Admin Panel click Groups and then Export.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks See full details here: https://hubs.ly/H0c9tFp0
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network 1. Workplace Premium is ISO 27001 certified. Our hosting practices are regularly audited by independent third-party auditors with an industry standard SOC3 report. For Workplace Premium customers, a more detailed SOC2 report is available upon request. We host Workplace on Facebook's highly available, globally distributed infrastructure, and it has a target recovery time objective (RTO) of zero, and a target recovery point objective (RPO) of zero.
2. Facebook, Inc. has certified under the EU-US Privacy Shield Framework

See full SOC report here: https://hubs.ly/H0c9tFp0

Availability and resilience

Availability and resilience
Guaranteed availability Workplace by Facebook is a highly available service. Workplace Premium customers have access to 1:1 email support 7 days a week/24 hours a day. The Support Team usually replies within a business day.
Approach to resilience Facebook data centers are top-of-the line facilities that house our core infrastructure that runs and delivers Facebook to the world. We own or directly lease all of our facilities so we have end-to-end control over the grounds, the buildings, the servers, the operations, and maintenance for each center. We also utilize a distributed network of equipment that
increases the resiliency and speed at which people experience Facebook. In total, we maintain hundreds of thousands of servers that are serving our communities and customers.
Outage reporting The Help Center primarily provides enterprise users with information necessary to self-resolve issues, but if an issue cannot be resolved by enterprise users, tickets will be created by the enterprise's administrators through the Direct Support console and managed by Facebook's Community Operations team to resolve the issue.

Enterprise administrators have the ability to report a problem to Facebook by clicking the Direct Support link in the Workplace by Facebook user interface. The Direct Support system then will contact various support teams within Facebook.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Logical Access for Enterprise Admin and Users. After initial setup, Facebook transfers ownership of the private community to the enterprise and Facebook employees have limited access to the private community. As part of the initial provisioning process, Facebook will provision at least one enterprise user with admin privileges. From there, the enterprise admins are responsible for the provisioning and deprovisioning of additional enterprise users, managing groups, contents and configuration of community settings. Enterprise have the option to enable Security Assertion Markup Language (SAML) capable identity systems managed by the enterprise to authenticate enterprise users and enable SSO with Workplace.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Ernst & Young LLP
ISO/IEC 27001 accreditation date February 16, 2018
What the ISO/IEC 27001 doesn’t cover The ISO/IEC 27000 family of standards help organizations keep information assets secure. The 27001 standard is the best-known for establishing, implementing, maintaining and improving an ISMS. It ensures the confidentiality, integrity, and availability of information that organizations control and process. And it applies a risk management process which means organizations can manage risk.

This certification demonstrates that our Information Security Program complies with international best practices. It shows our commitment to protecting your information. And it reinforces our focus on maintaining industry-leading security programs and practices.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • EU-U.S. Privacy Shield Framework
  • Workplace Premium customers are SOC 2 certified
  • Workplace Premium customers are SOC 3 certified

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Workplace is proud to be ISO 27001 certified. Our hosting practices are regularly audited by independent third-party auditors with an industry standard SOC3 report. For Workplace Premium customers, a more detailed SOC2 report is available upon request. We host Workplace on Facebook's highly available, globally distributed infrastructure, and it has a target recovery time objective (RTO) of zero, and a target recovery point objective (RPO) of zero. See https://hubs.ly/H0c9tFp0

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The change management process covers changes to the web tiers (www code) and changes to back end systems including infrastructure , back-end environment, databases, and changes to security tools for the Workplace by Facebook System. All changes are tracked through the Facebook internal code tracking system and source code is tracked via version control tools. Every change goes through the following process:
- Change Initiation
- Initial Testing and Approval
- Pre Production Code Push
- Production Code Push
- Source Coding
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The vulnerability management team works on identifying and prioritizing threats posed, associating threats with owners, and working towards an acceptable remediation of the threat or acceptance of risk. Facebook makes use of third parties to perform these vulnerability scans. On a periodic basis the vulnerability management team posts an update detailing the scans run, results, remediation action taken, current open tasks, roadblocks etc. Additionally, as the environment is managed by a configuration management tool, once an identified vulnerability is remediated the corrective action or relevant update is pushed out to all devices.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Workplace by Facebook product is designed to limit access to an enterprise's data but additional controls are in place to prevent and detect unauthorized access to enterprise data. Various logging and monitoring applications are in place to mitigate the risk of unauthorized access. In addition, monitoring of performance, quality and adherence to company policies and internal controls is part of the day-to-day responsibilities of management. Facebook uses several specialized tools to monitor the company environment. This monitoring includes components of detecting:
- Intrusions by malicious threat actors
- Violations of security policies
- Vulnerabilities in Facebook system
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Enterprise administrators have the ability to report a problem to Facebook by clicking the Direct Support link in the Workplace by Facebook user interface. The enterprise admin would then be taken to the Direct Support System, which allows them to contact various support teams within Facebook. When minor issues surfaces, the enterprise admins are responsible for addressing them. Admins may utilize the admin console on the Workplace by Facebook System to address any enterprise user access issues or content that has been reported as inappropriate. Facebook has a set of on-call teams and procedures for handling reported and identified incidents.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0 to £2.5 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Workplace by Facebook Premium is completely free for Not for Profits and Educational Institutions. This includes all features and services. To register complete the form here: https://www.gend.co/workplace-by-facebook-quote
Link to free trial https://www.gend.co/workplace-by-facebook-quote

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑