Appsbroker Ltd

G Suite

Get Gmail, Docs, Drive and Calendar for business. Everything you need to do your best work, in one package that works seamlessly across your devices Reach your colleagues wherever they are.

Store files and find what you need, instantly. Manage users, devices and data securely and easily.


  • Proven successful migration and change management practice.
  • Multi level training; end user through advocate to white glove.
  • Ongoing support and change management throughout implementation and adoption lifecycle.
  • Innovation and maximum return on investment through inspiration workshops.
  • SAML, SSO & AD integration services.
  • Security and governance controls and best practice across console configuration.


  • Trusted, having successfully completed the world’s largest G-Suite migration.
  • Global deployment experience.
  • Direct access to supporting services within Google
  • Cost savings with assistance in removing duplicate technology.


£24.84 to £240 per licence per year

Service documents


G-Cloud 11

Service ID

6 9 2 4 8 6 0 8 5 7 0 7 0 5 0


Appsbroker Ltd

Appsbroker Sales

01793 391 420

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Computer running a modern web browser Internet connection

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Under 30 minutes for all tickets, although this is the Initial Response Time SLA only for P1 priority tickets.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Through the Google Hangouts UI
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels Initial Response Time SLA:
P1 - 30 minutes
P2 - 2 hours
P3 - 4 hours
P4 - 8 hours
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Google provides users with an online learning center covering the basics of using the core services (Mail, Contacts, Drive etc). In addition, users can install a Chrome extension which can be accessed in any of these core services.

Appsbroker also provide bespoke user training for end user, admin and director level at an extra cost.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see
End-of-contract process Google provides a Data Export tool which provides export functionality for G Suites core services. Using the Data Export tool exports all data for all users within your domain. For more information on exporting data see

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Applications are available both for iOS and Android. Features found on the desktop are redesigned for a mobile friendly experience. For apps that are not available for your mobile operating system, web browser support is included however, may not offer the same user experience as seen on the desktop.
Service interface Yes
Description of service interface The G Suite Admin consoles provides central place for admins to manage your users, configure settings for your G Suite services, monitor G Suite usage in your domain, create groups and more.
Accessibility standards WCAG 2.1 AAA
Accessibility testing The console is accessible by administrators only. Depending on the level of access, administrators will have access to various areas of the console.
What users can and can't do using the API Google provides a set of API's and SDK's which support several common developer languages such as JavaScript, Python, Ruby as well as Apps Script.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation By leveraging Google's API's, Users can expand on the G Suite offering covering most user cases. For more information on G Suites Developer offerings, see


Independence of resources Google operates G-Suite on a global scale, using the same infrastructure that supports all of Google's services. This provides G-Suite with mass resilience as well as mass scaling capability.


Service usage metrics Yes
Metrics types The G suite admin console provides a reporting tool that allows administrators to view user and account activity and usage highlights either as a whole or by individual service.

The reporting tool also cover specific security activities such as admin actions, user login and audit functions and can be exported via CSV file for further analysis. For more information see
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Google

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Data is stored at rest in two types of systems, disks and backup media. data is stored in chunks encrypted using 128-bit or stronger AES. Each encrypted chunk of data is associated with a specific ACL and can only be decrypted by authorized Google Employees and services. For more information, see
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Most of the Google core services offer a download / save as option for individual items. Alternatively, users can export their data in bulk. Unlike the Data Export tool, this is performed by the user allows the user to choose what data to export and the format. For more information see
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JPEG
  • PNG
  • PDF for drawings
  • MBOX for email
  • ICal for calendars
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JPEG
  • PNG
  • PD for drawings
  • MBOX for email
  • ICal for calendars

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
This protection is achieved by encrypting the data before transmission; authenticating the endpoints; and decrypting and verifying the data on arrival. For example, Transport Layer Security (TLS) is often used to encrypt data in transit for transport security, and Secure/Multipurpose Internet Mail Extensions (S/MIME) is used often for email message security.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability G Suite offers a 99.9% Service Level Agreement (SLA) for covered services in any calendar month and is backed by service credits. For more information, see
Approach to resilience Google's infrastructure is designed for maximum reliability by distributing / replicating data across Google's servers and Datacenters. Data is not dependent on on any physical or logical server for ongoing operation so in the event of a server or datacenter failure, your data is still accessible.
Outage reporting Google provides a publicly accessable status dashboard offering performance information on G Suite services covered by the G Suite SLA. you can access the dashboard by going to

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Administrative roles are provided to super users who require access to administer the service. These roles can be customised depending on the administration required. Users can be signed in using standard username and password with additional 2 factor for additional security or using federated sign using AD credentials. User access to services can be customised using Organisational Units or Google Groups.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 01/03/2017
What the ISO/IEC 27001 doesn’t cover We have total coverage of the whole business.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 01-01-2017
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover Appsbroker Services
PCI certification Yes
Who accredited the PCI DSS certification For Google services:
PCI DSS accreditation date 19/05/2016
What the PCI DSS doesn’t cover N/A
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We implement controls as defined in the 27001 specification.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We follow ITIL change management guidelines.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive-automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritised according to severity, and assigned an owner. The vulnerability management team tracks and follows up frequently until remediated. Google also maintains relationships with members of the security research community to track issues in Google services and open-source tools.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behaviour, such as the presence of traffic that might indicate botnet connections. Network analysis is supplemented by examining system logs to identify unusual behaviour, such as attempted access of customer data. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis. Automated network analysis helps determine when an unknown threat may exist and escalates to Google security staff.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £24.84 to £240 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to the productivity suite for a limited time and a limited user group
Link to free trial

Service documents

Return to top ↑