Refractiv Limited

Google G Suite Business

G Suite Business provides everything you need to do your best work, together in one package that works seamlessly any device.

* Unlimited storage space
* Email
* Calendar
* Drive document management
* Chat messaging
* Videoconferencing
* Google Vault for archiving and e-discovery of documents, emails and chats

Features

  • Cloud based collaboration
  • Easy setup and configuration
  • Email
  • Calendar
  • Document management
  • Videoconferencing

Benefits

  • Make decisions faster, face to face
  • Collaborate in real-time
  • Store and share files in the cloud
  • Secure your data and devices
  • Easy to connect, create, access and control
  • Basic Edition includes 30GB of storage
  • Easily migrate your data to G Suite
  • Every change is saved automatically

Pricing

£9.20 per person per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 8 4 2 8 9 9 3 6 1 4 4 4 9 5

Contact

Refractiv Limited

Sean Power

0113 394 4651

sean.power@refractiv.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Please refer to https://gsuite.google.com for more information on service constraints.

We are unable to accept payment for G-Cloud Services by the Government Procurement Card (GPC).
System requirements
A modern web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typical SLA response time is 2 hours during normal UK working hours, 8 hours outside these times.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
All questions and requests are answered on the chat support service.
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Standard support offers reactive support or customer queries.

Our enhanced service offers proactive support for security management etc.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Google provides a proven business transformation framework based on highly regarded research in accredited universities. An online Getting Started learning path is described at https://gsuite.google.com/setup/
We also provide G suite training which is a plug-in to your Chrome and describes step-by step functionalities and processes.

The G suite Learning Center https://gsuite.google.com/learning-center/ provides numerous documentation, guides, tips, customer examples, and training resources
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Contextual training videos
End-of-contract data extraction
If your organization decides to leave G Suite, your users can take their G Suite data with them. They can export emails, contacts, calendars, videos, and more. Then, they can import the data to your new provider.

More information can be found here: https://support.google.com/a/answer/100458?hl=en#all
End-of-contract process
Access to the G Suite instance will be terminated and data will be removed from all Google systems within 180 business days

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Custom mobile applications are available both for iOS and Android which provide a bespoke user experience tailored to the operating system in question. For other mobile operating systems, web browser support is included which provides an equivalent experience to the desktop environment.
Service interface
No
API
Yes
What users can and can't do using the API
The scope of capabilities exposed via API to GSuite users is very broad and encompasses most major use cases. G Suite API's are grouped into ten main API's and SDK's that can be found here: https://developers.google.com/google-apps/
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Google Apps Script is a JavaScript cloud scripting language that provides easy ways to automate tasks across Google products.

With Apps Script, you can create Add-ons for Google Docs, Macros, menus, and custom functions as well as managing responses for Google Forms

Scaling

Independence of resources
G Suite is powered by a massively scaleable infrastructure which already services more than 1 Billion users. The addition of any practicable number of users has a very low impact.

Analytics

Service usage metrics
Yes
Metrics types
- Highlights: Key metrics and trends including app usage, users status, file visibility, and security.
- Security: Assess overall exposure to data breach. Discover which users not using 2-step verification, installing external apps, or sharing documents indiscriminately.
- Apps Usage Activity: See how your organization uses G Suite over a specific period by examining email activity, number of spreadsheets created, number of files shared, and more.
- Account Activity: Access all data from Security, Apps Usage Activity, and Highlights pages in a single master report.
- Audits: View logs of various activity, including admin, mobile activity, and more.

More: https://support.google.com/a/topic/29163?hl=en&ref_topic=4490889
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Google, Inc.

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The Google Take-Out service or via the API's.
Data export formats
  • CSV
  • Other
Other data export formats
MBOX
Data import formats
  • CSV
  • Other
Other data import formats
  • Exhange
  • .DOC
  • .XLS
  • .PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
https://gsuite.google.com/intl/en/terms/sla.html
Approach to resilience
All data is redundantly stored across a minimum of 3 data centers, and all services are designed to leverage the redundant data center infrastructure powering Google services.
Outage reporting
A public dashboard - https://www.google.com/appsstatus#hl=en-GB&v=status

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Google Cloud Identity & Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. IAM access policies are defined at the project level using granular controls of users and groups or using ACLs.

Support services are only provided to authorized customer administrators whose identities have been verified in several ways. Googler access is monitored and audited by our dedicated security, privacy, and internal audit teams.

https://cloud.google.com/iam/
https://cloud.google.com/security/overview/whitepaper#administrative_access
https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Ernst & Young
ISO/IEC 27001 accreditation date
15/04/2015
What the ISO/IEC 27001 doesn’t cover
Any service not listed on the ISO certificate is not covered.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
31/01/2017
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • HIPAA
  • FERPA

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
ISO27001
Information security policies and processes
https://gsuite.google.co.uk/intl/en_uk/security/?secure-by-design_activeEl=data-centers

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
In Google production environments, software updates are manually vetted to ensure the stability of the system. Changes are then tested and cautiously rolled out to systems. The details vary somewhat depending on the service being considered, but all development work is separated from the operation systems, testing occurs in a multi-staged fashion in both environments and in dedicated test settings. Google can share, under NDA, the SOC2 audit report (based on standards from the International Auditing and Assurance Standards Board), which describes the change management process. Additionally, changes to code go through a process of code review involving additional engineer(s).
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built tools, intensive automated/manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. The vulnerability management team tracks such issues and follows up frequently until they can verify that the issues have been remediated. Google also maintains relationships and interfaces with members of the security research community.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Focused on information gathered from network traffic, employee actions on systems and outside knowledge of vulnerabilities. Traffic is inspected at many points for suspicious behaviour. Analysis is performed using open-source and commercial tools for traffic capture and parsing, supported by a correlation system built on top of Google technology. Analysis is supplemented by examining system logs for unusual behaviour, such as attempted access of customer data. Security engineers place standing alerts on public data repositories to look for security incidents that might affect company infrastructure. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis.
Incident management type
Supplier-defined controls
Incident management approach
If an incident occurs, the security team logs and prioritises it according to severity. Events directly impacting customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s incident management program is structured around NIST guidance on handling incidents. Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information. Tests consider a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£9.20 per person per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full-service trial available for 14 days.

Service documents

Return to top ↑