Kahootz (OFFICIAL over the Internet)
Kahootz cloud collaboration software provides secure file-sharing and online workspaces that can be quickly adapted for multiple use cases. Kahootz is widely used across the UK public sector supporting the sharing information within project team workspaces, company intranets, communities of interest, partner extranets as part of a flexible digital workplace.
- Configurable workspaces with custom dashboards and team-based access control
- Secure file-sharing, document commenting, versioning, approval workflows and audit logs
- Document consultation enabling user feedback and co-authoring, paragraph-by-paragraph
- Threaded discussion forums – full integration with email messaging
- Task and project management - assign and track action lists
- Shared team diaries and calendars for meeting management
- Custom online forms and databases with powerful report writing
- Questionnaires, online surveys and quick polls with summary graphs
- Workspace blog articles, wikis and external web links
- Multimedia picture albums, image editors and video streaming
- Quick to deploy, easy to use - FREE TRIAL available
- Ensures secure controlled access to content and available 24x7
- Improves team communications and increases levels of stakeholder engagement
- Keeps everyone up to date on fast moving projects
- Works with all web enabled desktop and mobile devices
- Easily configured for multiple purposes and business use cases
- Increases involvement in policy development and service transformation
- Supports gateway reviews, project extranets and supplier deal rooms
- No specialist IT skills, training or consultancy needed
- Simple, cost effective pricing and great value for money
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Level Response Resolution
1 - Critical 1 hour 4 hours. A software or hardware fix will be applied if necessary.
2 - Major 1 hour 1 day. A software or hardware fix will be applied if necessary.
3 - Minor 4 hours 2 days.
4 - Problem 1 day Next release.
5 - RFI 1 day Information provided.
6 - RFE 1 day Request noted.
Support requests that are received outside the Support Hours (08:30-17:30 weekdays) are handled at the start of the following support day. Response times may vary due to circumstances out of our control.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
1 - Critical
The website is inaccessible to all users, or a critical software function cannot be performed by all users.
2 - Major
A major area of software functionality is not working correctly for many users and there is no convenient workaround.
3 - Minor
Several users are experiencing a software bug that is causing a minor loss of service. The problem is an inconvenience.
4 - Problem
All other bugs. The inconvenience is slight, and can be tolerated.
5 - RFI
Request for information - You are requesting guidance or help with the software configuration or functionality.
6 - RFE
Request for enhancement - You are requesting a new or improved feature in our software.
Support for all the above support levels are provided at no extra cost as part of the service. On-site support is provided at our published G-Cloud consultancy day rate.
|Support available to third parties||Yes|
Onboarding and offboarding
Kahootz supports all commonly used web-browsers and requires no software downloads or plug-ins, so there are no unnecessary barriers to access.
Kahootz.com enables requests for provisioning and de-provisioning. Once a request has been submitted at http://www.kahootz.com/start-trial/ the service is provisioned immediately.
Kahootz is extremely easy to use and most of our clients find they can implement Kahootz with zero training.
To help your users get the most out of Kahootz, we provide a very informative online Knowledgebase. We also provide email support to every user if they need extra assistance.
At an extra cost, we also provide workspace set-up consultancy and on-site Workspace Manager classroom training. This is a 1 day course aimed at those who will be creating and configuring workspaces . It covers:
• Different types of workspaces
• Overview of the features
• Workspace layout and customisation
• Policy and workspace defaults
• Principles of good workspace management
• Help, support and guidance resources.
We can also provide an Audit review, which is a 1 day workshop to review a client's implementation of Kahootz including workspace design, custom template requirements and user adoption approach.
|End-of-contract data extraction||
There are simple interfaces available to users to:
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file.
A data extraction service is available on request at any time during the subscription period or for a period of up to one month after the expiry of the subscription period. All the data that the service holds for a consumer will be exported as follows:
• Structured data will be exported as XML files
• Document and image data will be exported as system files, in their original format, and referenced within the XML files.
Data exports of up to 1Gb can be supplied as a download. The cost of data extraction using our standard export tools is often nil but we may charge a fee if there is a large volume of data.
Kahootz can design and develop a data-extraction process that exports data to meet specific requirements, or to assist in the import of data into another service, subject to design and development costs. Kahootz will provide a fixed-cost quote within 2 days and subsequently start the work within 2 days of being requested.
There are no termination costs.
We will commence data removal one month after your license to use Kahootz expires or earlier upon your request.
When this happens, all the data that the service holds for a consumer will be permanently deleted. Data will be removed from the live service within 2 days of being requested but can take 1 additional month to be removed from backup services. The data removal service is free of charge.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Full Kahootz functionality is available on mobile devices. Kahootz uses a responsive design which allows it to be re-sized and adapt to the device screen being used. This approach, favoured by GDS, avoids the need to maintain a mobile application and ensures the preservation of custom layouts created by each Workspace or Community Manager.|
|Description of service interface||By avoiding the need for software installations, special plug-ins or 3rd party add-ons, we make sure there are no unnecessary IT obstacles to team collaboration. Kahootz is tested to work with all common web browsers and is fully responsive, automatically adapting to any screen on any platform.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Our collaboration software is regularly tested with text-only browsers and screen readers to ensure Kahootz meets stringent international accessibility standards, including: ISO/IEC 40500 W3C Web Content Accessibility Guidelines (WCAG 2.0) Level AA and also Section 508 and BS8878.|
|What users can and can't do using the API||
The Kahootz API is available to Kahootz Enterprise customers. It provides access to all the functionality and features that are available in the service, apart from reporting.
The API operates over a secure HTTPS connection and uses secure token-based authentication. Data is sent to and from the service using JSON.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
Kahootz provides facilities for authorised users to develop and easily maintain content with tailored navigation. Each workspace can have its own custom layout through a user-configurable dashboard that can include social media content such as YouTube, RSS as well as the workspace content.
The workspace structure is a folder-based hierarchy and, within each folder, workspace managers can decide which collaboration objects are available and who is empowered to create and modify them, or even see them.
Throughout the workspace, users can add a narrative to content using the in-built rich-text editor. This makes it extremely easy to provide guidance with pointers to relevant content, instructions as to key actions required, and helpful advice on how to make contributions.
|Independence of resources||We pro-actively manage the service to monitor a large number of metrics such as server CPU, disk usage, storage, database load and network bandwidth to ensure a highly robust, reliable and responsive service.|
|Service usage metrics||Yes|
Site owners have access to a real-time reporting page which displays metrics corresponding to the parameters on which the subscription in based:
• The number of users paid for and how many are being used
• The number of users, broken down by day or month
• The amount storage paid for and how much is being used
• The amount of storage used, broken down by day or month
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
• Export databases, users, document comments and questionnaire results to Microsoft Excel, XML and CSV format
• Export documents and images to a ZIP file
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The service level agreement is as follows:
• The minimum availability for the service is 99.95% per month.
• The minimum performance is for the server to process 99% of page requests (excluding bulk operations and reports) within 1 second.
• The minimum availability excludes up to 6 hours per quarter annum of scheduled downtime (between 10pm and 6am on weekdays or between 7pm and 6am on weekends).
To demonstrate that we meet our SLA, we use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability.
Service credits are awarded when the service availability within any month falls below the target service level. The service credit is a percentage of that month’s service fee. For subscriptions that are not billed monthly, the service fee is treated as the pro-rata monthly fee.
Availability Service Credit
>99% and <99.5% 5%
>= 98% and < 99% 10%
>=97% and < 98% 25%
To receive service credits, a site owner must be upto date with their payments and submit a request to firstname.lastname@example.org, within 30 days after the end of the month in which the service failed to meet its service level agreement.
|Approach to resilience||
Kahootz uses modern and purpose-built Tier 3/4 data centres. Our hosting partner provides the world-class infrastructure necessary to keep our service up and running, uninterrupted around the clock.
Data centres have at least two entirely geographically diverse network connections. Significant network capacity overhead is maintained. The cooling systems, UPS and generator backup are all at least N+1 resilient.
Traffic volume and netflow is monitored to enable an appropriate response to disruptive events such as Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
Further information is available on request.
We use an independent 3rd party service (Pingdom) to monitor the site and create a public record of availability. It is available at:
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Privileged interfaces available to Kahootz support staff only are protected by secure passwords, specific user accounts, encryption in transit on all protocols, and access is restricted to a key set of physical locations.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Socotec Certification International (UK) Ltd|
|ISO/IEC 27001 accreditation date||17/10/2017|
|What the ISO/IEC 27001 doesn’t cover||The scope of our certification was determined in conjunction with CESG and includes every aspect of the operation, support, delivery and development of Kahootz, with no exclusions.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Plus|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Kahootz is accredited to ISO27001:2013. We have a detailed set of policies and procedures that ensure our rigorous approach to security is followed consistently. Security is a board-level responsibility. We have monthly, quarterly and annual reviews involving senior management, together with an annual audit by an accredited security professional.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Kahootz has a documented change management process that meets the requirements of ISO27001. Before any change to the service, we investigate the risk, impact, security implications, testing requirements, rollout and rollback options. Major changes must be reviewed and approved by senior management before they can proceed.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Potential threats are documented and tracked through to resolution using our ISO27001 "Incident and Weakness" procedures.
Security related issues are automatically given our highest priority classification and if a patch is required, we aim to deploy a mitigation within 1 hour and a resolution within 24 hours.
Information about threats is gathered from sources such as security bulletins and product vendors.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Operating system logs, network activity, disk use and application audit logs are carefully monitored to identify unusual events or unusual levels of activity. Any issues are treated as a priority 1 issue and investigated fully.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Kahootz has a documented procedure for reporting, investigating and analysing security incidents and weaknesses. Each incident is assigned an owner who has responsibility to manage the initial actions required to deal with the incident and corrective actions to prevent it from happening again.
We undertake a regular review of incidents to identify opportunities for improvement.
Users report incidents through the Kahootz support desk. If an incident report is required, it is provided by email to Site Owners.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£2.10 to £10.50 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
» Free for 30 days
» Unrestricted access to all features
» Access to online Kahootz Knowledgebase
» Access to sample workspace templates
» Full customer support
» 25 users, 2Gb storage, unlimited workspaces — (contact us if you want to try with more!)
|Link to free trial||http://www.kahootz.com/start-trial/|