INOVEM Limited

Kahootz (OFFICIAL over the Internet)

Kahootz cloud collaboration software provides secure file-sharing and online workspaces that can be quickly adapted for multiple use cases. Kahootz is widely used across the UK public sector supporting the sharing information within project team workspaces, company intranets, communities of interest, partner extranets as part of a flexible digital workplace.

Features

  • Configurable workspaces with custom dashboards and team-based access control
  • Secure file-sharing, document commenting, versioning, approval workflows and audit logs
  • Document consultation enabling user feedback and co-authoring, paragraph-by-paragraph
  • Threaded discussion forums – full integration with email messaging
  • Task and project management - assign and track action lists
  • Shared team diaries and calendars for meeting management
  • Custom online forms and databases with powerful report writing
  • Questionnaires, online surveys and quick polls with summary graphs
  • Workspace blog articles, wikis and external web links
  • Multimedia picture albums, image editors and video streaming

Benefits

  • Quick to deploy, easy to use - FREE TRIAL available
  • Ensures secure controlled access to content and available 24x7
  • Improves team communications and increases levels of stakeholder engagement
  • Keeps everyone up to date on fast moving projects
  • Works with all web enabled desktop and mobile devices
  • Easily configured for multiple purposes and business use cases
  • Increases involvement in policy development and service transformation
  • Supports gateway reviews, project extranets and supplier deal rooms
  • No specialist IT skills, training or consultancy needed
  • Simple, cost effective pricing and great value for money

Pricing

£2.10 to £10.50 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kahootz.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 5 5 9 6 8 8 9 0 1 5 4 6 5 3

Contact

INOVEM Limited John Glover
Telephone: 01488 648 468
Email: sales@kahootz.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • A recent web browser
  • An email client

User support

Email or online ticketing support
Email or online ticketing
Support response times
Level Response Resolution
1 - Critical 1 hour 4 hours. A software or hardware fix will be applied if necessary.
2 - Major 1 hour 1 day. A software or hardware fix will be applied if necessary.
3 - Minor 4 hours 2 days.
4 - Problem 1 day Next release.
5 - RFI 1 day Information provided.
6 - RFE 1 day Request noted.

Support requests that are received outside the Support Hours (08:30-17:30 weekdays) are handled at the start of the following support day. Response times may vary due to circumstances out of our control.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
1 - Critical
The website is inaccessible to all users, or a critical software function cannot be performed by all users.

2 - Major
A major area of software functionality is not working correctly for many users and there is no convenient workaround.

3 - Minor
Several users are experiencing a software bug that is causing a minor loss of service. The problem is an inconvenience.

4 - Problem
All other bugs. The inconvenience is slight, and can be tolerated.

5 - RFI
Request for information - You are requesting guidance or help with the software configuration or functionality.

6 - RFE
Request for enhancement - You are requesting a new or improved feature in our software.

Support for all the above support levels are provided at no extra cost as part of the service. On-site support is provided at our published G-Cloud consultancy day rate.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Kahootz supports all commonly used web-browsers and requires no software downloads or plug-ins, so there are no unnecessary barriers to access.

Kahootz.com enables requests for provisioning and de-provisioning. Once a request has been submitted at http://www.kahootz.com/start-trial/ the service is provisioned immediately.

Kahootz is extremely easy to use and most of our clients find they can implement Kahootz with zero training.

To help your users get the most out of Kahootz, we provide a very informative online Knowledgebase. We also provide email support to every user if they need extra assistance.

At an extra cost, we also provide workspace set-up consultancy and on-site Workspace Manager classroom training. This is a 1 day course aimed at those who will be creating and configuring workspaces . It covers:
• Different types of workspaces
• Overview of the features
• Workspace layout and customisation
• Policy and workspace defaults
• Principles of good workspace management
• Help, support and guidance resources.

We can also provide an Audit review, which is a 1 day workshop to review a client's implementation of Kahootz including workspace design, custom template requirements and user adoption approach.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
There are simple interfaces available to users to:
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file.

A data extraction service is available on request at any time during the subscription period or for a period of up to one month after the expiry of the subscription period. All the data that the service holds for a consumer will be exported as follows:
• Structured data will be exported as XML files
• Document and image data will be exported as system files, in their original format, and referenced within the XML files.

Data exports of up to 1Gb can be supplied as a download. The cost of data extraction using our standard export tools is often nil but we may charge a fee if there is a large volume of data.

Kahootz can design and develop a data-extraction process that exports data to meet specific requirements, or to assist in the import of data into another service, subject to design and development costs. Kahootz will provide a fixed-cost quote within 2 days and subsequently start the work within 2 days of being requested.
End-of-contract process
There are no termination costs.

We will commence data removal one month after your license to use Kahootz expires or earlier upon your request.

When this happens, all the data that the service holds for a consumer will be permanently deleted. Data will be removed from the live service within 2 days of being requested but can take 1 additional month to be removed from backup services. The data removal service is free of charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Full Kahootz functionality is available on mobile devices. Kahootz uses a responsive design which allows it to be re-sized and adapt to the device screen being used. This approach, favoured by GDS, avoids the need to maintain a mobile application and ensures the preservation of custom layouts created by each Workspace or Community Manager.
Service interface
Yes
Description of service interface
By avoiding the need for software installations, special plug-ins or 3rd party add-ons, we make sure there are no unnecessary IT obstacles to team collaboration. Kahootz is tested to work with all common web browsers and is fully responsive, automatically adapting to any screen on any platform.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our collaboration software is regularly tested with text-only browsers and screen readers to ensure Kahootz meets stringent international accessibility standards, including: ISO/IEC 40500 W3C Web Content Accessibility Guidelines (WCAG 2.0) Level AA and also Section 508 and BS8878.
API
Yes
What users can and can't do using the API
The Kahootz API is available to Kahootz Enterprise customers. It provides access to all the functionality and features that are available in the service, apart from reporting.

The API operates over a secure HTTPS connection and uses secure token-based authentication. Data is sent to and from the service using JSON.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Kahootz provides facilities for authorised users to develop and easily maintain content with tailored navigation. Each workspace can have its own custom layout through a user-configurable dashboard that can include social media content such as YouTube, RSS as well as the workspace content.

The workspace structure is a folder-based hierarchy and, within each folder, workspace managers can decide which collaboration objects are available and who is empowered to create and modify them, or even see them.

Throughout the workspace, users can add a narrative to content using the in-built rich-text editor. This makes it extremely easy to provide guidance with pointers to relevant content, instructions as to key actions required, and helpful advice on how to make contributions.

Scaling

Independence of resources
We pro-actively manage the service to monitor a large number of metrics such as server CPU, disk usage, storage, database load and network bandwidth to ensure a highly robust, reliable and responsive service.

Analytics

Service usage metrics
Yes
Metrics types
Site owners have access to a real-time reporting page which displays metrics corresponding to the parameters on which the subscription in based:
• The number of users paid for and how many are being used
• The number of users, broken down by day or month
• The amount storage paid for and how much is being used
• The amount of storage used, broken down by day or month
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can:
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Zip files
  • Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • ZIP
  • Microsoft Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The service level agreement is as follows:
• The minimum availability for the service is 99.95% per month.
• The minimum performance is for the server to process 99% of page requests (excluding bulk operations and reports) within 1 second.
• The minimum availability excludes up to 6 hours per quarter annum of scheduled downtime (between 10pm and 6am on weekdays or between 7pm and 6am on weekends).

To demonstrate that we meet our SLA, we use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability.
http://stats.pingdom.com/3as4us3d6yr7/674246

Service credits are awarded when the service availability within any month falls below the target service level. The service credit is a percentage of that month’s service fee. For subscriptions that are not billed monthly, the service fee is treated as the pro-rata monthly fee.
Availability Service Credit
>99% and <99.5% 5%
>= 98% and < 99% 10%
>=97% and < 98% 25%
<97% 50%

To receive service credits, a site owner must be upto date with their payments and submit a request to accounts.info@kahootz.com, within 30 days after the end of the month in which the service failed to meet its service level agreement.
Approach to resilience
Kahootz uses modern and purpose-built Tier 3/4 data centres. Our hosting partner provides the world-class infrastructure necessary to keep our service up and running, uninterrupted around the clock.

Data centres have at least two entirely geographically diverse network connections. Significant network capacity overhead is maintained. The cooling systems, UPS and generator backup are all at least N+1 resilient.
Traffic volume and netflow is monitored to enable an appropriate response to disruptive events such as Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

Further information is available on request.
Outage reporting
We use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability. It is available at:
http://stats.pingdom.com/3as4us3d6yr7/674246

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Privileged interfaces available to Kahootz support staff only are protected by secure passwords, specific user accounts, encryption in transit on all protocols, and access is restricted to a key set of physical locations.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Socotec Certification International (UK) Ltd
ISO/IEC 27001 accreditation date
17/10/2017
What the ISO/IEC 27001 doesn’t cover
The scope of our certification was determined in conjunction with CESG and includes every aspect of the operation, support, delivery and development of Kahootz, with no exclusions.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Kahootz is accredited to ISO27001:2013. We have a detailed set of policies and procedures that ensure our rigorous approach to security is followed consistently. Security is a board-level responsibility. We have monthly, quarterly and annual reviews involving senior management, together with an annual audit by an accredited security professional.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Kahootz has a documented change management process that meets the requirements of ISO27001. Before any change to the service, we investigate the risk, impact, security implications, testing requirements, rollout and rollback options. Major changes must be reviewed and approved by senior management before they can proceed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are documented and tracked through to resolution using our ISO27001 "Incident and Weakness" procedures.

Security related issues are automatically given our highest priority classification and if a patch is required, we aim to deploy a mitigation within 1 hour and a resolution within 24 hours.

Information about threats is gathered from sources such as security bulletins and product vendors.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Operating system logs, network activity, disk use and application audit logs are carefully monitored to identify unusual events or unusual levels of activity. Any issues are treated as a priority 1 issue and investigated fully.
Incident management type
Supplier-defined controls
Incident management approach
Kahootz has a documented procedure for reporting, investigating and analysing security incidents and weaknesses. Each incident is assigned an owner who has responsibility to manage the initial actions required to deal with the incident and corrective actions to prevent it from happening again.

We undertake a regular review of incidents to identify opportunities for improvement.

Users report incidents through the Kahootz support desk. If an incident report is required, it is provided by email to Site Owners.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2.10 to £10.50 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
» Free for 30 days
» Unrestricted access to all features
» Access to online Kahootz Knowledgebase
» Access to sample workspace templates
» Full customer support
» 25 users, 2Gb storage, unlimited workspaces — (contact us if you want to try with more!)
Link to free trial
http://www.kahootz.com/start-trial/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kahootz.com. Tell them what format you need. It will help if you say what assistive technology you use.