OfficeLabs Ltd

Gimmal Workplace Compliance

Gimmal Workplace Compliance provides enterprise-class content and records management in SharePoint. It implements information lifecycle management with automatic metadata governance which is invisible to the end user. Workplace Compliance Suite is the only SharePoint native records management solution to be DoD 5015.2 certified.


  • Smart site provisioning control
  • Centralised SharePoint governance and management
  • Apply changes globally across all SharePoint sites
  • Centralised planning and decommissioning
  • Drag-and-drop content loading
  • Automatic, rules-based metadata application for user content
  • Enhanced content presentation and standardisation
  • Physical information management (PIM) in SharePoint
  • Gimmal Compliance Suite DoD certified record retention policies
  • Advanced document access security controls


  • Get information lifecycle management with hands-free governance
  • Provide a simpler SharePoint user experience
  • Implement a more consistent content lifecycle that improves findability
  • Achieve records management compliance in SharePoint with DOD-5015.2 certification
  • Reduce IT reliance for SharePoint administration
  • Reduce incidence of rogue environments


£2.50 to £7.00 per user per month

Service documents

G-Cloud 9


OfficeLabs Ltd

Graham Bidwell

01392 24 0365

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Microsoft Office 365, Microsoft SharePoint on-premises or online
Cloud deployment model Public cloud
Service constraints Gimmal Workplace Compliance requires Microsoft SharePoint either in the Cloud or on-premises.
System requirements Windows servers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 0800 to 1800 Monday to Friday excluding public holidays
Response within one hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Webchat is via Microsoft Skype
Web chat accessibility testing None
Onsite support Onsite support
Support levels For Gimmal Workplace Compliance, OfficeLabs can provide:
Subject matter experts
Account Managers
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Subject matter experts and trainers are available to provide either on-site or remote support at any UK location
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction All data is held within Microsoft SharePoint.
End-of-contract process Contract includes software licenses, training, support, initial configuration and documentation.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Gimmal Workplace Compliance works as an enhancement of Microsoft SharePoint and uses the same interface and subject to the same accessibility features.
Accessibility testing None
What users can and can't do using the API RESTful, SOAP
API documentation Yes
API documentation formats
  • ODF
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Gimmal Workplace Compliance is configured to meet the information management requirements of the customer.


Independence of resources Gimmal Workplace for SAP is hosted on customer infrastructure


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Gimmal

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customer data is not held in Gimmal Workplace Compliance but in Microsoft SharePoint.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Office documents

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Monthly Uptime Percentage of 95% guaranteed
Approach to resilience
Outage reporting Service dashboard
Administration alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Administrator only access to internal Gimmal Workplace for SAP servers
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations DoD 5015.2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Policy owner reports to the Chief Information Officer who in turn reports to the Business Owner.
Policies are easily accessible.
Policy Owners are audited on a regular basis.
Automation is used where appropriate.
Policies are acknowledged by workers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The ITIL Change Management Continual Process Improvement methodology is used to manage change.

All changes are considered and assessed on business and security impact by the Change Advisory Board before implementation.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats are rated on risk, likelihood of occurrence and potential impact of the threat.
Patches are developed, tested and released as soon as approved.
Threat sources:
Protective monitoring type Supplier-defined controls
Protective monitoring approach Security and Compliance dashboard real-time monitoring
Email alerts
Automation where appropriate
Incident response is within one hour during office hours. Within four hours at any other time.
Incident management type Supplier-defined controls
Incident management approach Incident Management process follows the ITIL Incident Management best practices.
Users can report incidents by phone, email or portal.
Incident reports are provided in PDF format on a monthly basis.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.50 to £7.00 per user per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑