Generation Digital

Google Cloud - Google Jamboard

Jamboard is a product for G Suite customers that features a cloud based digital, collaborative whiteboard. With Jamboard, you can host live sessions, create and edit content, control who can remotely access a jam, and connect to other Jamboards.


  • Jamboard to Jamboard
  • G Suite integration
  • Google and image search
  • Jams are automatically saved to Google Drive
  • Share Your Jam instantly
  • Handwriting and Shape Recognition
  • Real-Time Collaboration
  • Autodraw features help create a clean and easy-to-read results


  • Host live jam sessions
  • Create and Edit content
  • Pull in content from G Suite
  • Use Google and image search to quickly add images
  • Join jams from anywhere with Jamboard app


£0 per licence

Service documents

G-Cloud 10


Generation Digital

Graham Mackay

0203 6379 776

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints - Requires Internet Connectivity
The Jamboard app is free and available now globally. You can download the Jamboard app for phone and tablet from Google Play and the Apple® App Store.
- Requires network speed of atleast 4Mbps and latency less than 50ms
System requirements
  • A Jamboard requires power and a network connection to work
  • Network speed of atleast 4Mbps and latency less than 50ms

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times P1 Priority Requests have an initial target response time of one hour based on North American business hours.
P2 Priority Requests have an initial target response time of one North American business day (or less).
P3 and P4 issues would be responded to within one week.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The Jamboard Terms of Service include full technical support for qualifying device owners.
Full technical support details -
Technical Support Service Guidelines -
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide user documentation:
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction If you don't renew the annual license for your Jamboards, you can either deprovision them or move them into License Expired Mode. In this mode, the unlicensed Jamboards will lose most of their G Suite collaborative features. Users won't be able to own or share jams with others. Unlicensed Jamboards won't be eligible for software or device support through Google. Users will be able to create jams and export them to PDF.
End-of-contract process If you don't renew the annual license for your Jamboards, you can either deprovision them or move them into License Expired Mode. In this mode, the unlicensed Jamboards will lose most of their G Suite collaborative features. Users won't be able to own or share jams with others. Unlicensed Jamboards won't be eligible for software or device support through Google. Users will be able to create jams and export them to PDF.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Android — Phone/tablet running Android 6.0 Marshmallow or later
iPhone® — iPhone/iPad running iOS® 9 or later
- Jamboard software as its operating system
Accessibility standards None or don’t know
Description of accessibility What system requirements do you need to run Jamboard?
A Jamboard requires power and a network connection to work. The power button is located at the back of the board, along with a volume setting and High-Definition Multimedia Interface (HDMI) input, which is helpful for using the board as a digital display.

For optimal performance, we recommend that your network has a speed of at least 4 Mbps and latency less than 50 ms when pinging Google's public DNS server at
Accessibility testing N/A
Customisation available No


Independence of resources Google Cloud - Jamboard is enrolled to the cloud service that is powered by a massively scaleable infrastructure. The addition of any practicable number of users has a very low impact


Service usage metrics Yes
Metrics types Through the chrome admin console you can view usage of the device
Reporting types
  • API access
  • Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Google Cloud: Jamboard

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Data is encrypted at rest using AES encryption, data sharding and key rotation. Physical access control is also compliant with SSAE-16
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users will be able to create jams and export them to PDF
Data export formats Other
Other data export formats PDF
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Securing data in transit is a high priority for Google. Google was the first major cloud provider to enable HTTPS/TLS by default. Google has also upgraded all our RSA certificates to 2048-bit keys, making our encryption in transit for Cloud Platform and all other Google services even stronger. Perfect forward secrecy (PFS) minimizes the impact of a compromised key, or a cryptographic breakthrough. It protects network data by using a short- term key that lasts only a couple of days and is only held in memory, rather than a key that’s used for years and kept on durable storage.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Jamboard Terms of Service include full technical support for qualifying device owners. The service is now covered under your existing G Suite agreement and offers the same technical support and service level commitments as any other core service.

G Suite SLA. During the Term of the applicable G Suite Agreement (or prior versions of the agreement governing the use of G Suite) (the "Agreement"), the G Suite Covered Services web interface will be operational and available to Customer at least 99.9% of the time in any calendar month (the "G Suite SLA"). If Google does not meet the G Suite SLA, and if Customer meets its obligations under this G Suite SLA, Customer will be eligible to receive the Service Credits described below. This G Suite SLA states Customer's sole and exclusive remedy for any failure by Google to meet the G Suite SLA
"Service Credit" means the following:
Monthly Uptime Percentage Days of Service added to the end of the Service term (or monetary credit equal to the value of days of service for monthly postpay billing customers), at no charge to Customer
< 99.9% - >= 99.0% 3
< 99.0% - >= 95.0% 7
< 95.0% 15
Approach to resilience Available on request
Outage reporting A public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication Security Key - an actual physical key used to access your Google Account. It sends an encrypted signature rather than a code, and helps ensure
that your login cannot be phished.
Single sign-on (SAML 2.0) - lets
users access multiple services using the same sign-in page and
authentication credentials.
OAuth 2.0 and OpenID Connect - an open protocol
for authentication and authorization. This allows customers to
configure one (SSO) for multiple cloud solutions.
Access restrictions in management interfaces and support channels Google Cloud Identity & Access Management (IAM) lets administrators authorize who can take action on
specific resources, giving you full control and visibility to manage cloud resources centrally. For
established enterprises with complex organizational structures, hundreds of workgroups and potentially
many more projects, Cloud IAM provides a unified view into security policy across your entire
organization, with built-in auditing to ease compliance processes. IAM access policies are defined at the
project level using granular controls of users and groups or using ACLs.
For further information see;
Section IAM-12
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Ernst & Young CertifyPoint B.V.
ISO/IEC 27001 accreditation date April 15th 2016
What the ISO/IEC 27001 doesn’t cover See certificate for full list of products covered, anything not listed is not covered.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 01/01/2017
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover For further information see;
PCI certification Yes
Who accredited the PCI DSS certification Reviewed by an independent Qualified Security Assessor
PCI DSS accreditation date 19/05/2016
What the PCI DSS doesn’t cover The validation enables PCI Level 1 merchants to use Google Cloud Platform for their processing services.
Other security certifications Yes
Any other security certifications
  • SSAE16 / ISAE 3402 Type II
  • SOC 1, SOC 2, SOC 3 public audit report
  • ISO 27001, ISO 27017, ISO 27018
  • FedRAMP
  • Australian Privacy Principles (APP)
  • Australian Prudential Regulation Authority (APRA) Standards
  • FERPA (U.S.), FISC (Japan), IRAP Assessed
  • EU-US Privacy Shield Framework, EU Data Protection Directive, GDPR

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards 99.9 percent uptime service level agreement (SLA). SSAE 16 /ISAE 3402 SOC 2 Type II security audit.
Information security policies and processes Within Google, members of the information security team review security
plans for all networks, systems and services. They provide project-specific
consulting services to Google’s product and engineering teams.
They monitor for suspicious activity on Google’s networks, address
information security threats, perform routine security evaluations and
audits, and engage outside experts to conduct regular security assessments.
We specifically built a full-time team, known as Project Zero, that aims to
prevent targeted attacks by reporting bugs to software vendors and filing
them in an external database.
The security team also takes part in research and outreach activities to
protect the wider community of Internet users, beyond just those who
choose Google solutions. Some examples of this research would be the
discovery of the POODLE SSL 3.0 exploit and cipher suite weaknesses.
The security team also publishes security research papers,
available to the public. The security team also organizes and
participates in open-source projects and academic conferences.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach In Google production environments, software updates are manually vetted to ensure the stability of the system. Changes are then tested and cautiously rolled out to systems. The details vary somewhat depending on the service being considered, but all development work is separated from the operation systems, testing occurs in a multi-staged fashion in both environments and in dedicated test settings. We can share, under NDA, the SOC2 audit report (based on standards from the International Auditing and Assurance Standards Board), which describes the change management process. Additionally, changes to code go through a process of code review involving additional engineer(s).
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Google administrates a vulnerability management process that actively
scans for security threats using a combination of commercially available and
purpose-built in-house tools, intensive automated and manual penetration
efforts, quality assurance processes, software security reviews and external
audits. The vulnerability management team is responsible for tracking and
following up on vulnerabilities. Once a vulnerability requiring remediation has
been identified, it is logged, prioritized according to severity, and assigned an
owner. The vulnerability management team tracks such issues and follows up
frequently until they can verify that the issues have been remediated.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Google’s security monitoring program is focused on information gathered
from internal network traffic, employee actions on systems and outside
knowledge of vulnerabilities. This analysis is performed
using a combination of open-source and commercial tools for traffic
capture and parsing. A proprietary correlation system built on top of Google
technology also supports this analysis. Network analysis is supplemented
by examining system logs to identify unusual behavior, such as attempted
access of customer data. Google security engineers place standing search
alerts on public data repositories to look for security incidents that might
affect the company’s infrastructure.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a rigorous incident management process for security events that
may affect the confidentiality, integrity, or availability of systems or data.
If an incident occurs, the security team logs and prioritizes it according to
its severity. Events that directly impact customers are assigned the highest
priority. This process specifies courses of action, procedures for notification,
escalation, mitigation, and documentation. Google’s security incident
management program is structured around the NIST guidance on handling
incidents (NIST SP 800–61). Key staff are trained in forensics and handling
evidence in preparation for an event, including the use of third-party and
proprietary tools.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0 per licence
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Free app can be downloaded.
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑