INOVEM Limited

Kahootz (OFFICIAL over the Internet)

Kahootz cloud collaboration software provides secure file-sharing and online workspaces that can be quickly adapted for multiple use cases. Kahootz is widely used across the UK public sector supporting the sharing information within project team workspaces, company intranets, communities of interest, partner extranets as part of a flexible digital workplace.


  • Configurable workspaces with custom dashboards and team-based access control
  • Secure file-sharing, document commenting, versioning, approval workflows and audit logs
  • Document consultation enabling user feedback and co-authoring, paragraph-by-paragraph
  • Threaded discussion forums – full integration with email messaging
  • Task and project management - assign and track action lists
  • Shared team diaries and calendars for meeting management
  • Custom online forms and databases with powerful report writing
  • Questionnaires, online surveys and quick polls with summary graphs
  • Workspace blog articles, wikis and external web links
  • Multimedia picture albums, image editors and video streaming


  • Quick to deploy, easy to use - FREE TRIAL available
  • Ensures secure controlled access to content and available 24x7
  • Improves team communications and increases levels of stakeholder engagement
  • Keeps everyone up to date on fast moving projects
  • Works with all web enabled desktop and mobile devices
  • Easily configured for multiple purposes and business use cases
  • Increases involvement in policy development and service transformation
  • Supports gateway reviews, project extranets and supplier deal rooms
  • No specialist IT skills, training or consultancy needed
  • Simple, cost effective pricing and great value for money


£2.10 to £10.50 per user per month

Service documents


G-Cloud 11

Service ID

7 1 8 1 3 5 8 9 0 1 5 2 6 1 3


INOVEM Limited

John Glover

01488 648 468

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • A recent web browser
  • An email client

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Level Response Resolution
1 - Critical 1 hour 4 hours. A software or hardware fix will be applied if necessary.
2 - Major 1 hour 1 day. A software or hardware fix will be applied if necessary.
3 - Minor 4 hours 2 days.
4 - Problem 1 day Next release.
5 - RFI 1 day Information provided.
6 - RFE 1 day Request noted.

Support requests that are received outside the Support Hours (08:30-17:30 weekdays) are handled at the start of the following support day. Response times may vary due to circumstances out of our control.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels 1 - Critical
The website is inaccessible to all users, or a critical software function cannot be performed by all users.

2 - Major
A major area of software functionality is not working correctly for many users and there is no convenient workaround.

3 - Minor
Several users are experiencing a software bug that is causing a minor loss of service. The problem is an inconvenience.

4 - Problem
All other bugs. The inconvenience is slight, and can be tolerated.

5 - RFI
Request for information - You are requesting guidance or help with the software configuration or functionality.

6 - RFE
Request for enhancement - You are requesting a new or improved feature in our software.

Support for all the above support levels are provided at no extra cost as part of the service. On-site support is provided at our published G-Cloud consultancy day rate.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Kahootz supports all commonly used web-browsers and requires no software downloads or plug-ins, so there are no unnecessary barriers to access. enables requests for provisioning and de-provisioning. Once a request has been submitted at the service is provisioned immediately.

Kahootz is extremely easy to use and most of our clients find they can implement Kahootz with zero training.

To help your users get the most out of Kahootz, we provide a very informative online Knowledgebase. We also provide email support to every user if they need extra assistance.

At an extra cost, we also provide workspace set-up consultancy and on-site Workspace Manager classroom training. This is a 1 day course aimed at those who will be creating and configuring workspaces . It covers:
• Different types of workspaces
• Overview of the features
• Workspace layout and customisation
• Policy and workspace defaults
• Principles of good workspace management
• Help, support and guidance resources.

We can also provide an Audit review, which is a 1 day workshop to review a client's implementation of Kahootz including workspace design, custom template requirements and user adoption approach.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction There are simple interfaces available to users to:
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file.

A data extraction service is available on request at any time during the subscription period or for a period of up to one month after the expiry of the subscription period. All the data that the service holds for a consumer will be exported as follows:
• Structured data will be exported as XML files
• Document and image data will be exported as system files, in their original format, and referenced within the XML files.

Data exports of up to 1Gb can be supplied as a download. The cost of data extraction using our standard export tools is often nil but we may charge a fee if there is a large volume of data.

Kahootz can design and develop a data-extraction process that exports data to meet specific requirements, or to assist in the import of data into another service, subject to design and development costs. Kahootz will provide a fixed-cost quote within 2 days and subsequently start the work within 2 days of being requested.
End-of-contract process There are no termination costs.

We will commence data removal one month after your license to use Kahootz expires or earlier upon your request.

When this happens, all the data that the service holds for a consumer will be permanently deleted. Data will be removed from the live service within 2 days of being requested but can take 1 additional month to be removed from backup services. The data removal service is free of charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Full Kahootz functionality is available on mobile devices. Kahootz uses a responsive design which allows it to be re-sized and adapt to the device screen being used. This approach, favoured by GDS, avoids the need to maintain a mobile application and ensures the preservation of custom layouts created by each Workspace or Community Manager.
Service interface Yes
Description of service interface By avoiding the need for software installations, special plug-ins or 3rd party add-ons, we make sure there are no unnecessary IT obstacles to team collaboration. Kahootz is tested to work with all common web browsers and is fully responsive, automatically adapting to any screen on any platform.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Our collaboration software is regularly tested with text-only browsers and screen readers to ensure Kahootz meets stringent international accessibility standards, including: ISO/IEC 40500 W3C Web Content Accessibility Guidelines (WCAG 2.0) Level AA and also Section 508 and BS8878.
What users can and can't do using the API The Kahootz API is available to Kahootz Enterprise customers. It provides access to all the functionality and features that are available in the service, apart from reporting.

The API operates over a secure HTTPS connection and uses secure token-based authentication. Data is sent to and from the service using JSON.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Kahootz provides facilities for authorised users to develop and easily maintain content with tailored navigation. Each workspace can have its own custom layout through a user-configurable dashboard that can include social media content such as YouTube, RSS as well as the workspace content.

The workspace structure is a folder-based hierarchy and, within each folder, workspace managers can decide which collaboration objects are available and who is empowered to create and modify them, or even see them.

Throughout the workspace, users can add a narrative to content using the in-built rich-text editor. This makes it extremely easy to provide guidance with pointers to relevant content, instructions as to key actions required, and helpful advice on how to make contributions.


Independence of resources We pro-actively manage the service to monitor a large number of metrics such as server CPU, disk usage, storage, database load and network bandwidth to ensure a highly robust, reliable and responsive service.


Service usage metrics Yes
Metrics types Site owners have access to a real-time reporting page which displays metrics corresponding to the parameters on which the subscription in based:
• The number of users paid for and how many are being used
• The number of users, broken down by day or month
• The amount storage paid for and how much is being used
• The amount of storage used, broken down by day or month
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can:
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Zip files
  • Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • ZIP
  • Microsoft Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The service level agreement is as follows:
• The minimum availability for the service is 99.95% per month.
• The minimum performance is for the server to process 99% of page requests (excluding bulk operations and reports) within 1 second.
• The minimum availability excludes up to 6 hours per quarter annum of scheduled downtime (between 10pm and 6am on weekdays or between 7pm and 6am on weekends).

To demonstrate that we meet our SLA, we use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability.

Service credits are awarded when the service availability within any month falls below the target service level. The service credit is a percentage of that month’s service fee. For subscriptions that are not billed monthly, the service fee is treated as the pro-rata monthly fee.
Availability Service Credit
>99% and <99.5% 5%
>= 98% and < 99% 10%
>=97% and < 98% 25%
<97% 50%

To receive service credits, a site owner must be upto date with their payments and submit a request to, within 30 days after the end of the month in which the service failed to meet its service level agreement.
Approach to resilience Kahootz uses modern and purpose-built Tier 3/4 data centres. Our hosting partner provides the world-class infrastructure necessary to keep our service up and running, uninterrupted around the clock.

Data centres have at least two entirely geographically diverse network connections. Significant network capacity overhead is maintained. The cooling systems, UPS and generator backup are all at least N+1 resilient.
Traffic volume and netflow is monitored to enable an appropriate response to disruptive events such as Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

Further information is available on request.
Outage reporting We use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability. It is available at:

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Privileged interfaces available to Kahootz support staff only are protected by secure passwords, specific user accounts, encryption in transit on all protocols, and access is restricted to a key set of physical locations.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Socotec Certification International (UK) Ltd
ISO/IEC 27001 accreditation date 17/10/2017
What the ISO/IEC 27001 doesn’t cover The scope of our certification was determined in conjunction with CESG and includes every aspect of the operation, support, delivery and development of Kahootz, with no exclusions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Kahootz is accredited to ISO27001:2013. We have a detailed set of policies and procedures that ensure our rigorous approach to security is followed consistently. Security is a board-level responsibility. We have monthly, quarterly and annual reviews involving senior management, together with an annual audit by an accredited security professional.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Kahootz has a documented change management process that meets the requirements of ISO27001. Before any change to the service, we investigate the risk, impact, security implications, testing requirements, rollout and rollback options. Major changes must be reviewed and approved by senior management before they can proceed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats are documented and tracked through to resolution using our ISO27001 "Incident and Weakness" procedures.

Security related issues are automatically given our highest priority classification and if a patch is required, we aim to deploy a mitigation within 1 hour and a resolution within 24 hours.

Information about threats is gathered from sources such as security bulletins and product vendors.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Operating system logs, network activity, disk use and application audit logs are carefully monitored to identify unusual events or unusual levels of activity. Any issues are treated as a priority 1 issue and investigated fully.
Incident management type Supplier-defined controls
Incident management approach Kahootz has a documented procedure for reporting, investigating and analysing security incidents and weaknesses. Each incident is assigned an owner who has responsibility to manage the initial actions required to deal with the incident and corrective actions to prevent it from happening again.

We undertake a regular review of incidents to identify opportunities for improvement.

Users report incidents through the Kahootz support desk. If an incident report is required, it is provided by email to Site Owners.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.10 to £10.50 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial » Free for 30 days
» Unrestricted access to all features
» Access to online Kahootz Knowledgebase
» Access to sample workspace templates
» Full customer support
» 25 users, 2Gb storage, unlimited workspaces — (contact us if you want to try with more!)
Link to free trial

Service documents

Return to top ↑