Get Gmail, Docs, Drive and Calendar for business. Everything you need to do your best work, in one package that works seamlessly across your devices Reach your colleagues wherever they are.
Store files and find what you need, instantly. Manage users, devices and data securely and easily.
- Proven successful migration and change management practice.
- Multi level training; end user through advocate to white glove.
- Ongoing support and change management throughout implementation and adoption lifecycle.
- Innovation and maximum return on investment through inspiration workshops.
- SAML, SSO & AD integration services.
- Security and governance controls and best practice across console configuration.
- Trusted, having successfully completed the world’s largest G-Suite migration.
- Global deployment experience.
- Direct access to supporting services within Google
- Cost savings with assistance in removing duplicate technology.
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|System requirements||Computer running a modern web browser Internet connection|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||Under 30 minutes for all tickets, although this is the Initial Response Time SLA only for P1 priority tickets.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Through the Google Hangouts UI|
|Web chat accessibility testing||N/A|
|Onsite support||Yes, at extra cost|
Initial Response Time SLA:
P1 - 30 minutes
P2 - 2 hours
P3 - 4 hours
P4 - 8 hours
|Support available to third parties||Yes|
Onboarding and offboarding
Google provides users with an online learning center covering the basics of using the core services (Mail, Contacts, Drive etc). In addition, users can install a Chrome extension which can be accessed in any of these core services.
Appsbroker also provide bespoke user training for end user, admin and director level at an extra cost.
|End-of-contract data extraction||Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see https://support.google.com/a/answer/100458|
|End-of-contract process||Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see https://support.google.com/a/answer/100458|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Applications are available both for iOS and Android. Features found on the desktop are redesigned for a mobile friendly experience. For apps that are not available for your mobile operating system, web browser support is included however, may not offer the same user experience as seen on the desktop.|
|Description of service interface||The G Suite Admin consoles provides central place for admins to manage your users, configure settings for your G Suite services, monitor G Suite usage in your domain, create groups and more.|
|Accessibility standards||WCAG 2.1 AAA|
|Accessibility testing||The console is accessible by administrators only. Depending on the level of access, administrators will have access to various areas of the console.|
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||By leveraging Google's API's, Users can expand on the G Suite offering covering most user cases. For more information on G Suites Developer offerings, see https://developers.google.com/gsuite/products|
|Independence of resources||Google operates G-Suite on a global scale, using the same infrastructure that supports all of Google's services. This provides G-Suite with mass resilience as well as mass scaling capability.|
|Service usage metrics||Yes|
The G suite admin console provides a reporting tool that allows administrators to view user and account activity and usage highlights either as a whole or by individual service.
The reporting tool also cover specific security activities such as admin actions, user login and audit functions and can be exported via CSV file for further analysis. For more information see https://support.google.com/a/answer/4580176?hl=en
|Reporting types||Real-time dashboards|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Data is stored at rest in two types of systems, disks and backup media. data is stored in chunks encrypted using 128-bit or stronger AES. Each encrypted chunk of data is associated with a specific ACL and can only be decrypted by authorized Google Employees and services. For more information, see https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-encryption-whitepaper-gsuite.pdf|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Most of the Google core services offer a download / save as option for individual items. Alternatively, users can export their data in bulk. Unlike the Data Export tool, this is performed by the user allows the user to choose what data to export and the format. For more information see https://support.google.com/accounts/answer/3024190?hl=en|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||
This protection is achieved by encrypting the data before transmission; authenticating the endpoints; and decrypting and verifying the data on arrival. For example, Transport Layer Security (TLS) is often used to encrypt data in transit for transport security, and Secure/Multipurpose Internet Mail Extensions (S/MIME) is used often for email message security.
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||G Suite offers a 99.9% Service Level Agreement (SLA) for covered services in any calendar month and is backed by service credits. For more information, see https://gsuite.google.com/terms/sla.html|
|Approach to resilience||Google's infrastructure is designed for maximum reliability by distributing / replicating data across Google's servers and Datacenters. Data is not dependent on on any physical or logical server for ongoing operation so in the event of a server or datacenter failure, your data is still accessible.|
|Outage reporting||Google provides a publicly accessable status dashboard offering performance information on G Suite services covered by the G Suite SLA. you can access the dashboard by going to https://www.google.com/appsstatus|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Administrative roles are provided to super users who require access to administer the service. These roles can be customised depending on the administration required. Users can be signed in using standard username and password with additional 2 factor for additional security or using federated sign using AD credentials. User access to services can be customised using Organisational Units or Google Groups.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||01/03/2017|
|What the ISO/IEC 27001 doesn’t cover||We have total coverage of the whole business.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||01-01-2017|
|CSA STAR certification level||Level 2: CSA STAR Attestation|
|What the CSA STAR doesn’t cover||Appsbroker Services|
|Who accredited the PCI DSS certification||For Google services: https://cloud.google.com/security/compliance/pci-dss/|
|PCI DSS accreditation date||19/05/2016|
|What the PCI DSS doesn’t cover||N/A|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We implement controls as defined in the 27001 specification.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||We follow ITIL change management guidelines.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive-automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritised according to severity, and assigned an owner. The vulnerability management team tracks and follows up frequently until remediated. Google also maintains relationships with members of the security research community to track issues in Google services and open-source tools.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behaviour, such as the presence of traffic that might indicate botnet connections. Network analysis is supplemented by examining system logs to identify unusual behaviour, such as attempted access of customer data. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£24.84 to £240 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Access to the productivity suite for a limited time and a limited user group|
|Link to free trial||https://gsuite.google.com/signup/basic/welcome|