CGI - Co-Creation with Wazoku

Co-Creation is a cloud-based platform aimed at building a community of innovators, and bringing idea creators together to solve business challenges. Co-Creation provides structure to capture, evaluate, prioritise and select the best ideas. The platform is designed to drive innovation, employee collaboration and stakeholder dialogue and insight.


  • Create 'Challenges’: problem statements or questions to your audience
  • Crowd-source ideas from a wide group of users
  • Build flexible idea forms to capture valuable information
  • Highly configurable workflow for developing and reviewing ideas
  • Social features - commenting, voting, gamification and badges
  • Detailed idea evaluation forms with weighted scoring metrics
  • Data analytics, reporting and dashboards for deep insight into ideas
  • Single Sign On (SAML2) for easy user access
  • HTML5 responsive site with support for all smartphones and tablets


  • Engaging variety of parties to help solve complex organisational challenges
  • Uncover quick-wins, cost-savings and innovative new ideas
  • Boost employee engagement and productivity
  • Improve transparency and encourage collaboration
  • Best practice advice, training and support from innovation experts
  • Fully accessible from the office, on mobile or at home
  • Simple system management and administration
  • Secure cloud hosting to protect data
  • Simple and quick to setup - no installations
  • Excellent ROI with help from industry experts


£27500 per instance per year

  • Free trial available

Service documents

G-Cloud 10



Roger Baileff

07841 602596

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Wazoku's Idea Spotlight. Idea Spotlight is a software-as-a-service (SaaS) Innovation and Idea Management system that provides structure to capture, evaluate, prioritise and select actionable ideas.
Cloud deployment model Public cloud
Service constraints There are no constraints on the use of this service.
System requirements
  • Any internet enabled device
  • Modern web browser version

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard response time within 5 working hours (UK business hours) Only emergency system support offered outside of working hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support includes a dedicated On-Boarding manager over the first 90- days of any new contract, to support the client in either their first step into Idea Management, or augmenting their existing strategy and capabilities. Technical support is also provided free of charge throughout the contract. Additional support is available after on-boarding has been completed, with dedicated Customer Success Managers on hand for on-site meetings and additional training as required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started • Dedicated Innovation Expert available throughout the first 90 days of platform deployment
• Calls and online / on-site meetings as needed to make sure the platform is successful for the long term in the business
• Interactive training – engaging sessions for the Client groups learning via using the platform
• Audience engagement planning – expertise to ensure the platform is well adopted and utilised on an ongoing basis
• Consultancy and best practice advice from a broad range of industries and platform use cases to help build idea management workflows
• Guidance on strategies to ensure the platform achieves desired goals.
• Setting out the path for the platform’s growth and development within the business.
• Technical integration / API support where required to make the most of platform extensions
• Full project schedule shared throughout to ensure launch timelines are met
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Full data (including ideas, comments, voting, user information, review stages & associated files or media) can be exported in CSV format at any time by system administrators. Upon contract termination, all data can be provided to customer and removed from
Wazoku servers.
End-of-contract process There are no additional fees should a contract end. Upon contract termination, all data can be provided to customer and removed from Wazoku servers.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Admin functions are not available on mobile service, however all user functions are identical.
Accessibility standards None or don’t know
Description of accessibility Browser-based application
Accessibility testing N/A
What users can and can't do using the API The API allows users of Co-Creation to add, edit, manage and delete the core aspects of the platform. Authentication is through user tokens. Once authenticated users can manage users, add challenges, add ideas, manage conversations and utilise the site wide search function. There are some rate limits in place but these limits can be negotiated on request.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Co-Creation's UI can be fully personalised with logos, colours, branding and custom content throughout.


Independence of resources We employ multiple redundancies for our core services. We constantly monitor our service and proactively alter the available resources in order to cope with increases in demand.


Service usage metrics Yes
Metrics types A full analytics portal is provided to system admins including reporting and data analysis on the full range of idea management and innovation metrics.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Wazoku

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Full data (including ideas, comments, voting, user information, review stages & associated files or media) can be exported in CSV format at any time by system administrators.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network All traffic within our production network takes place on a private, virtualised network. No encryption takes place on this network as it add additional overheads for no added benefit.

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% system uptime SLA across a rolling 3 month reporting period, excluding scheduled and notified maintenance work. In the event that the Availability Percentage is not achieved, the Charges for the period in question will be reduced by the appropriate proportion: 99.5% - 100% = 0% 98.5% - 99.4% = 2% 96.5 – 98.4% = 4%
Approach to resilience Available on request
Outage reporting Outages are reported via email to nominated system administrators, or via service unavailability messages within the service / API

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted based on defined user roles.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 29/04/2015
What the ISO/IEC 27001 doesn’t cover Anything outside the provision of managed hosting, cloud computing, network and collocation services
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes At CGI we all have a collective responsibility to safeguard personal, sensitive and protectively marked information contractually entrusted to our care. In the delivery of our Co-Creation solution, we aim to assure you, our stakeholders and clients that we take security very seriously and that we will rigorously safeguard all information and intellectual property assets held by or entrusted to us. CGI uses our Management Foundation framework, including our Integrated Management System (IMS) for information assurance. These IMS processes are independently certified to BS/EN/ISO 9001:2008 and within the UK we additionally have TickITplus certification. CGI is committed to retaining our current range of UK-based certifications and will extend these to meet client expectations as required. Wazoku have written Data Classification, Data Breach and Disaster Recovery policies - all of which are available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach CGI and Wazoku adhere to an Agile development methodology. This incorporates full, peer-led code review for every new feature as well as assessments of the impacts on existing functionality. Wazoku has a high level of coverage using automated tests to gives us confidence that introduced changes will not impact the current service. Wazoku uses industry leading configuration management tools to ensure that builds of servers and software are consistent and repeatable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Wazoku run internal (quarterly) and external (annually) vulnerability scans and penetration tests. Actions resulting from these tests are incorporated into our roadmap and and development work required is prioritised. Operating system level vulnerabilities are monitored and patched as soon as a patch becomes available or during our monthly maintenance windows, depending on the severity of the vulnerability.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Wazoku collects all system logs to a central aggregation service. This allows them to identify and respond to peaks in traffic as well as inconsistencies in service response and use. Wazoku make use of industry leading intrusion detection systems and review their output and recommendations daily. Wazoku respond immediately to intrusion events, both with remedial action and notifying customers
Incident management type Supplier-defined controls
Incident management approach TBC

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £27500 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial While it is not a standard service offering, CGI may be able to offer limited services on a short trial basis, dependent on specific requirements. To discuss this, contact the Co-creation team via your CGI Account Manager or else via


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑