MeetingSphere Limited

Managed Meeting Center Server (G-Cloud)

MeetingSphere is a collaborative meeting solution that helps deliver the required outcomes of the workshop in time. Managed Meeting Center Server (G-Cloud) is the private cloud offering for UK government organisations. The server is deployed in two-tiers of dedicated instances on a virtual private cloud (VPC) of Amazon AWS Ireland.


  • Supports any meeting or workshop process. Online or face-to-face.
  • Personal flat-fee for unlimited concurrent meetings and participants.
  • Bainstorm tool with anonymity and theming. Highlighting with sticky points.
  • Discussion tool for discussing multiple topics. Anonymously or by team.
  • Rating tool with all customary rating methods. Instant results.
  • Presentation tool for crisp scalable slide shows. Interactive feedback channel.
  • ActionTracker tool for planning and tracking of actions.
  • Complete and unbiased push-button documentation (Word).
  • Export of results in text or Excel format.
  • Full interoparability with Portable MeetingSphere Servers


  • Unrivalled productivity for larger (greater 5) to very large meetings.
  • Full participant engagement. Everybody can contribute - anonymously if required.
  • Rapid establishment of priorities. Measurable consensus.
  • Full disclosure and easy-to-understand process for results that carry.
  • Effective implementation by tracking agreed actions over time.
  • Automatic, auditable documentation in real time.
  • Easy to use with extensive video tutorials for self-enablement
  • Reusable agendas (templates) for sharing Best practice


£41510 per instance per year

Service documents

G-Cloud 10


MeetingSphere Limited

Wolfram Hoegel


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No.
System requirements
  • Computer browsers must run the Flash plug-in from version 11.2
  • IPad app requires iOS 9 or later
  • Android devices are not supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 hours on weekdays
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is included for technical issues such as access to the service or functionality of a software feature. Technical support does not include consulting on facilitation processes or workshop design.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The appointed administrator receives 90 minutes online training which includes a walk through the administrative options.
To Facilitators (licensed users who can run workshops), the application offers extensive and in-depth online help and how-to videos which are provided in-context and as a structured video gallery. Online and on-venue training are available at extra cost.
Participants do not require any traing or onboarding.

Online and on-venue training is available at extra cost.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Facilitators typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content.

Storage of sessions on the system serves the limited purpose of easy in-system re-use of content and meeting agendas. Facilitators can save both the content and the agendas of their meetings to disk.
End-of-contract process At the end of the subscription period - unless instructed to the contrary - MeetingSphere maintains the Managed Meeting Center Server for a grace period of 90 days during which the subscription can be renewed. After the grace period, the deployment, its database and all backup files are deleted irrevocably. The customer's administrator is warned/informed of these successive steps repeatedly by email.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All participant functionality works on the mobile device (iPad) as it does on computers. Differences are limited to those inherent in the device such as touch-screen operation and entry of text with the soft keyboard.
Android tablets and smartphones are not supported.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Internal testing only.
Customisation available Yes
Description of customisation Licensed Facilitators (users who can invite to and run workshops) can configure settings of tools, brand the holding screen and the automatic report and set personal defaults for that.
Appointed administrators can brand the login screen, set organization wide defaults and control access to the system by a comprehensive range of security options.


Independence of resources The Managed Server runs with generously allocated dedicated resources. Systems trigger an alarm when over 45 % of resorces are used. This hardly ever happens.


Service usage metrics Yes
Metrics types Host and participant log ins and new sessions created for last 180 days
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All session content is included in the automatic report (Word or PDF) which can be generated and downloaded at any time.
Users can also export and download their data from each tool in text or Excel format.
Users can also download agendas and whole sessions with content in MeetingSphere's .mssf format to store sensitive sessions off the Internet or upload them to another MeetingSphere system such as a Portable Server.
Export of sessions or content can be disabled administratively.
Data export formats
  • CSV
  • Other
Other data export formats
  • Plain text
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • Plain text
  • Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability MeetingSphere commits contractually to 99.9% uptime on a monthly basis, excluding regularly scheduled maintenance times or Force Majeure Events. If in any Account Period this uptime commitment is not met by Meetingsphere and customer was negatively impacted, Meetingsphere shall provide, as customer’s sole and exclusive remedy, a service credit equal to the number of minutes the Subscription Service was unavailable during that Account Period. If the service failed for a consecutive 4 hours, a full day shall be credited.
Approach to resilience We follow industry best pactice under Amazon AWS's shared responsibility model. Details are available on request.
Outage reporting Our service is continually monitored via AWS-supplied and other mechanisms. AWS supplies a dashboard. Responses are triggered via APIs and email alerts to MeetingSphere's response team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication MeetingSphere is collaborative meeting solution which knows four tiers of users:
1. Administrators who configure the deployment 'from within' must authenticate with username and password. 2 factor authentication and a separation of roles can be enforced.
2. Facilitators who run and invite to sessions must authenticate with username and password and, if so 2-factor authentication. Facilitators decide whether participants must authenticate to access a particular session or not.
3. Participants of 'authenticated sessions' must authenticate with username and password and, if so, a 1-time token.
4. Participants of 'open' (unauthenticated) sessions can be asked to provide a security code.
Access restrictions in management interfaces and support channels Management interfaces fall into three categories: 1. The management interface of the AWS service is protected by username, password and an AWS-supplied token device. 2. Privileged access to productive MeetingSphere systems can only occur via a bastion server which can only be accessed from a defined set of IP addresses and 2-factor authentication. 3. Privileged access by users (customer-appointed administrators) can be limited to separate user accounts with 2-factor authentication.
User support requests which involve access to customer systems or information are only accepted in writing (email) and verified via a separate channel, e.g. call back.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Under Amazon AWS' shared responsibility model, we have responsibility for client side data encryption and integrity, server side encryption, traffic encryption, configuration of the operating system and firewall as well as platform, application and access management. We exercise these responsibilities under a comprehensive set of policies designed and enforced to meet the requirements of FISMA Moderate. Our policies have been reviewed and approved but not certified by the security team of a 'big 4' audit and assurance services company using the non-government version of our service.
Customer appointees (administrators) are responsible for managing users, permissions, authentication requirements and data retention.
Information security policies and processes MeetingSphere follows a security awareness and training policy which defines basic and role-based training requirements.
MeetingSphere's information security policy comprises 32 individual policies ranging from an Acceptable encryption policy and Web application policy to an AWS staging network policy. These policies aim to meet the requirements of FISMA Moderate and have been reviewed and approved by the information security team of a 'big 4' Audit and assurance services who is a MeetingSphere customer.
MeetingSphere's information security team ensures compliance by a variety of measures verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback. The Infosec team leader reports to the CTO who is responsible for security and reports to the CEO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere maintains under automated configuration control a current baseline configuration of the information system. The configuration is reviewed annually and on significant change. Older configurations are retained should a rollback be required. Configurations are based on a deny-all permit by exception policy which extends to software permitted to execute on the system. Changes to the configuration are assessed for risks and require approval by the Infosec team leader after testing in the staging network.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere routinely scans of its systems for vulnerabilities with an industry standard vulnerability scanner employing the latest definitions and signatures based on i.a. the NIST vulnerability database and the CWE list. 'Critical' and 'Important' Patches are deployed immediately, 'Low' patches within the day. MeetingSphere subscribes to various sources of security feeds including US-Cert and Microsoft's Security Bulletin.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere MeetingSphere employs automated log analysis, continuous configuration monitoring and integrety scanning to identify security incidents. In the event of a suspected breach, the incident response team is alerted directly by email and SMS text for a verification of the incident. Further measures depend on the attack type and vector and the severity rating of the incident which is based on the functional and information impact, the appropriate containment, eradication and recovery strategy and required notifications.
Incident management type Supplier-defined controls
Incident management approach Amazon AWS is certified to comply with ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402. Under AWS' shared responsibility model MeetingSphere operates an incident response policy and set of incident response plans for external and removable media, attrition, web, email, impersonation, improper usage or loss/theft of equipment.
Users report incidents by email to a specific email address.
The user's main or designated contact is informed of all security breaches which impact or threaten the function or integrity of their deployment including the findings of impact analysis and measures (to be) taken to contain, eradicate and recover from the breach.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £41510 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial The trial is limited to 14 days and includes the full online workshop functionality for Facilitators (the person who can plan and run meetings and workshops) and participants. The meeting report is cut-off after 10 line items per tool. The export of content is cut off after 10 line items.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑