Meeting Center (G-Cloud)
MeetingSphere is a collaborative meeting solution that helps deliver the required outcomes of the meeting in time. Meeting Center (G-Cloud) is the cloud offering for UK government organisations. It supports large numbers of concurrent meetings and users. It offers Enterprise class security controls in a shared responsibility deployment model.
Features
- Supports any meeting or workshop process. Online or face-to-face.
- Personal flat-fee for unlimited concurrent meetings and participants.
- Bainstorm workspace with anonymity and theming. Highlighting with sticky dots.
- Discussion workspace for discussing multiple topics. Anonymously or by team.
- Rating workspace with all customary rating methods. Multi-criteria analysis.
- Presentation workspace for crisp scalable slide shows. Interactive feedback channel.
- Complete and unbiased push-button documentation (Word). Export to Excel.
- Agenda templates for easy reuse and sharing of best practice.
- Easy collaboration between Facilitators (Co-facilitation).
- Web conference included (voice & screen sharing).
Benefits
- Run full-fledged workshops online.
- Make business meetings productive.
- Engage participants. Everybody can contribute - anonymously if required.
- Establish priorities. Analyze utility. Measure and manage consensus.
- Facilitate full disclosure for results that carry.
- Runs on any device (Computers, iOS and Android devices).
- Create the Word report by mouse-click.
- Reuse agendas and manage best meeting practice.
Pricing
£22,100 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
5 4 0 3 0 1 1 5 7 9 4 4 1 9 4
Contact
MeetingSphere GmbH
John Turner
Telephone: +49 40 6891 4578
Email: g-cloud@meetingsphere.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No.
- System requirements
-
- Computers must run Chrome, Firefox, Edge, Safari or IE 11
- IPads and iPhones require Safari 11 (iOS 11 or later)
- Android devices require the Chrome or Firefox browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 4 hours on weekdays.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Support is included for technical issues such as access to the service or functionality of a software feature. Technical support does not include consulting on facilitation processes or meeting design.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The appointed administrator receives 90 minutes online training which includes a walk through the administrative options.
Licensed users (users who can run meetings and workshops) are supported in context by extensive and in-depth online help and how-to videos.
Online and on-venue training is available at extra cost.
Participants do not require any training or onboarding. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Facilitators typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content.
Storage of meetings on the Meeting Center serves the limited purpose of easy in-system re-use of content and meeting agendas. Facilitators can save both the content and the agendas of their meetings to disk. - End-of-contract process
- At the end of the subscription period - unless instructed to the contrary - MeetingSphere maintains the Meeting Center for a grace period of 90 days during which the subscription can be renewed. After the grace period, the deployment, its database and all backup files are deleted irrevocably. The customer's administrator is warned/informed of these successive steps repeatedly by email.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The mobile service is functionally identical with the desktop service, except for active screen sharing not being supported on mobile devices.
The layout is responsive, meaning that workspaces will look different on a phone. - Service interface
- No
- API
- Yes
- What users can and can't do using the API
- The meeting center supports SSO (SAML 2.0)
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Center administration can (1) control access and authentication requirements, use restrictions etc. (2) brand the login page, holding screen, meeting report.
Scaling
- Independence of resources
- The Managed Server runs with generously allocated dedicated resources. Systems trigger an alarm when over 45 % of resources are used. This hardly ever happens.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Leader/Facilitator and participant log ins and new meetings created in last 180 days.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Leaders and Facilitators typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content. They can also export the content of individual workspaces to Excel or text.
Facilitators can also save meetings (agendas with content) to disk in MeetingSphere's msmf-format. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- Docx
- Xlsx
- Data import formats
-
- CSV
- Other
- Other data import formats
- Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- MeetingSphere commits contractually to 99.9% uptime on a monthly basis, excluding regularly scheduled maintenance times or Force Majeure Events. If in any Account Period this uptime commitment is not met by Meetingsphere and customer was negatively impacted, Meetingsphere shall provide, as customer’s sole and exclusive remedy, a service credit equal to the number of minutes the Subscription Service was unavailable during that Account Period. If the service failed for a consecutive 4 hours, a full day shall be credited.
- Approach to resilience
- We follow industry best pactice under Amazon AWS's shared responsibility model. Details are available on request.
- Outage reporting
- Our service is continually monitored via AWS-supplied and other mechanisms. AWS supplies a dashboard. Responses are triggered via APIs and email alerts to MeetingSphere's response team.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Management interfaces fall into three categories: 1. The management interface of the AWS service is protected by username, password and an AWS-supplied token device. 2. Privileged access to productive MeetingSphere systems can only occur via a bastion server which can only be accessed from a defined set of IP addresses and 2-factor authentication. 3. Privileged access by users (customer-appointed administrators) can be limited to separate user accounts with 2-factor authentication or SSO.
User support requests which involve access to customer systems or information are only accepted in writing (email) and verified via a separate channel, e.g. call back. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
- Other
- Description of management access authentication
- Restriction by source IP address.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We are currently in the process of certification to ISO 27001.
- Information security policies and processes
-
MeetingSphere follows a security awareness and training policy which defines basic and role-based training requirements.
MeetingSphere's information security policy follows the ISO 27k standards.
MeetingSphere's information security team ensures compliance by a variety of measures verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback. The Infosec team leader reports to the CTO who is responsible for security and reports to the CEO.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere maintains under automated configuration control a current baseline configuration of the information system. The configuration is reviewed annually and on significant change. Older configurations are retained should a rollback be required. Configurations are based on a deny-all permit by exception policy which extends to software permitted to execute on the system. Changes to the configuration are assessed for risks and require approval by the Infosec team leader after testing in the staging network.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere routinely scans of its systems for vulnerabilities with an industry standard vulnerability scanner employing the latest definitions and signatures based on i.a. the NIST vulnerability database and the CWE list. 'Critical' and 'Important' Patches are deployed immediately, 'Low' patches within the day. MeetingSphere subscribes to various sources of security feeds including US-Cert and Microsoft's Security Bulletin.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere employs automated log analysis, continuous configuration monitoring and integrity scanning to identify security incidents. In the event of a suspected breach, the incident response team is alerted directly by email and SMS text for a verification of the incident. Further measures depend on the attack type and vector and the severity rating of the incident which is based on the functional and information impact, the appropriate containment, eradication and recovery strategy and required notifications.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Amazon AWS is certified to comply with ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402. Under AWS' shared responsibility model MeetingSphere operates an incident response policy and set of incident response plans for external and removable media, attrition, web, email, impersonation, improper usage or loss/theft of equipment.
Users report incidents by email to a specific email address.
The user's main or designated contact is informed of all security breaches which impact or threaten the function or integrity of their deployment including the findings of impact analysis and measures (to be) taken to contain, eradicate and recover from the breach.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £22,100 an instance a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- The trial is limited to 14 days and includes the full online workshop functionality for Leaders/Facilitators (the person who can plan and run meetings and workshops) and participants. The meeting report is cut-off after 10 line items per tool. The export of content is cut off after 10 line items.
- Link to free trial
- http://www.meetingsphere.com