MeetingSphere is a collaborative meeting solution that helps deliver the required outcomes of the workshop in time. Managed Meeting Center Server (G-Cloud) is the private cloud offering for UK government organisations. The server is deployed in two-tiers of dedicated instances on a virtual private cloud (VPC) of Amazon AWS Ireland.
- Supports any meeting or workshop process. Online or face-to-face.
- Personal flat-fee for unlimited concurrent meetings and participants.
- Bainstorm tool with anonymity and theming. Highlighting with sticky points.
- Discussion tool for discussing multiple topics. Anonymously or by team.
- Rating tool with all customary rating methods. Instant results.
- Presentation tool for crisp scalable slide shows. Interactive feedback channel.
- ActionTracker tool for planning and tracking of actions.
- Complete and unbiased push-button documentation (Word).
- Export of results in text or Excel format.
- Full interoparability with Portable MeetingSphere Servers
- Unrivalled productivity for larger (greater 5) to very large meetings.
- Full participant engagement. Everybody can contribute - anonymously if required.
- Rapid establishment of priorities. Measurable consensus.
- Full disclosure and easy-to-understand process for results that carry.
- Effective implementation by tracking agreed actions over time.
- Automatic, auditable documentation in real time.
- Easy to use with extensive video tutorials for self-enablement
- Reusable agendas (templates) for sharing Best practice
£41510 per instance per year
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||4 hours on weekdays|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Support is included for technical issues such as access to the service or functionality of a software feature. Technical support does not include consulting on facilitation processes or workshop design.|
|Support available to third parties||Yes|
Onboarding and offboarding
The appointed administrator receives 90 minutes online training which includes a walk through the administrative options.
To Facilitators (licensed users who can run workshops), the application offers extensive and in-depth online help and how-to videos which are provided in-context and as a structured video gallery. Online and on-venue training are available at extra cost.
Participants do not require any traing or onboarding.
Online and on-venue training is available at extra cost.
|End-of-contract data extraction||
Facilitators typically download the automatic report (the minutes) of a meeting or workshop directly after it has ended. This contains all content.
Storage of sessions on the system serves the limited purpose of easy in-system re-use of content and meeting agendas. Facilitators can save both the content and the agendas of their meetings to disk.
|End-of-contract process||At the end of the subscription period - unless instructed to the contrary - MeetingSphere maintains the Managed Meeting Center Server for a grace period of 90 days during which the subscription can be renewed. After the grace period, the deployment, its database and all backup files are deleted irrevocably. The customer's administrator is warned/informed of these successive steps repeatedly by email.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
All participant functionality works on the mobile device (iPad) as it does on computers. Differences are limited to those inherent in the device such as touch-screen operation and entry of text with the soft keyboard.
Android tablets and smartphones are not supported.
|Accessibility standards||WCAG 2.0 AAA|
|Accessibility testing||Internal testing only.|
|Description of customisation||
Licensed Facilitators (users who can invite to and run workshops) can configure settings of tools, brand the holding screen and the automatic report and set personal defaults for that.
Appointed administrators can brand the login screen, set organization wide defaults and control access to the system by a comprehensive range of security options.
|Independence of resources||The Managed Server runs with generously allocated dedicated resources. Systems trigger an alarm when over 45 % of resorces are used. This hardly ever happens.|
|Service usage metrics||Yes|
|Metrics types||Host and participant log ins and new sessions created for last 180 days|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
All session content is included in the automatic report (Word or PDF) which can be generated and downloaded at any time.
Users can also export and download their data from each tool in text or Excel format.
Users can also download agendas and whole sessions with content in MeetingSphere's .mssf format to store sensitive sessions off the Internet or upload them to another MeetingSphere system such as a Portable Server.
Export of sessions or content can be disabled administratively.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||MeetingSphere commits contractually to 99.9% uptime on a monthly basis, excluding regularly scheduled maintenance times or Force Majeure Events. If in any Account Period this uptime commitment is not met by Meetingsphere and customer was negatively impacted, Meetingsphere shall provide, as customer’s sole and exclusive remedy, a service credit equal to the number of minutes the Subscription Service was unavailable during that Account Period. If the service failed for a consecutive 4 hours, a full day shall be credited.|
|Approach to resilience||We follow industry best pactice under Amazon AWS's shared responsibility model. Details are available on request.|
|Outage reporting||Our service is continually monitored via AWS-supplied and other mechanisms. AWS supplies a dashboard. Responses are triggered via APIs and email alerts to MeetingSphere's response team.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
MeetingSphere is collaborative meeting solution which knows four tiers of users:
1. Administrators who configure the deployment 'from within' must authenticate with username and password. 2 factor authentication and a separation of roles can be enforced.
2. Facilitators who run and invite to sessions must authenticate with username and password and, if so 2-factor authentication. Facilitators decide whether participants must authenticate to access a particular session or not.
3. Participants of 'authenticated sessions' must authenticate with username and password and, if so, a 1-time token.
4. Participants of 'open' (unauthenticated) sessions can be asked to provide a security code.
|Access restrictions in management interfaces and support channels||
Management interfaces fall into three categories: 1. The management interface of the AWS service is protected by username, password and an AWS-supplied token device. 2. Privileged access to productive MeetingSphere systems can only occur via a bastion server which can only be accessed from a defined set of IP addresses and 2-factor authentication. 3. Privileged access by users (customer-appointed administrators) can be limited to separate user accounts with 2-factor authentication.
User support requests which involve access to customer systems or information are only accepted in writing (email) and verified via a separate channel, e.g. call back.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Under Amazon AWS' shared responsibility model, we have responsibility for client side data encryption and integrity, server side encryption, traffic encryption, configuration of the operating system and firewall as well as platform, application and access management. We exercise these responsibilities under a comprehensive set of policies designed and enforced to meet the requirements of FISMA Moderate. Our policies have been reviewed and approved but not certified by the security team of a 'big 4' audit and assurance services company using the non-government version of our service.
Customer appointees (administrators) are responsible for managing users, permissions, authentication requirements and data retention.
|Information security policies and processes||
MeetingSphere follows a security awareness and training policy which defines basic and role-based training requirements.
MeetingSphere's information security policy comprises 32 individual policies ranging from an Acceptable encryption policy and Web application policy to an AWS staging network policy. These policies aim to meet the requirements of FISMA Moderate and have been reviewed and approved by the information security team of a 'big 4' Audit and assurance services who is a MeetingSphere customer.
MeetingSphere's information security team ensures compliance by a variety of measures verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback. The Infosec team leader reports to the CTO who is responsible for security and reports to the CEO.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere maintains under automated configuration control a current baseline configuration of the information system. The configuration is reviewed annually and on significant change. Older configurations are retained should a rollback be required. Configurations are based on a deny-all permit by exception policy which extends to software permitted to execute on the system. Changes to the configuration are assessed for risks and require approval by the Infosec team leader after testing in the staging network.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere routinely scans of its systems for vulnerabilities with an industry standard vulnerability scanner employing the latest definitions and signatures based on i.a. the NIST vulnerability database and the CWE list. 'Critical' and 'Important' Patches are deployed immediately, 'Low' patches within the day. MeetingSphere subscribes to various sources of security feeds including US-Cert and Microsoft's Security Bulletin.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Amazon AWS is certified to comply with SSAE-16 / ISAE 3402. Under AWS' shared responsibility model, MeetingSphere MeetingSphere employs automated log analysis, continuous configuration monitoring and integrety scanning to identify security incidents. In the event of a suspected breach, the incident response team is alerted directly by email and SMS text for a verification of the incident. Further measures depend on the attack type and vector and the severity rating of the incident which is based on the functional and information impact, the appropriate containment, eradication and recovery strategy and required notifications.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Amazon AWS is certified to comply with ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402. Under AWS' shared responsibility model MeetingSphere operates an incident response policy and set of incident response plans for external and removable media, attrition, web, email, impersonation, improper usage or loss/theft of equipment.
Users report incidents by email to a specific email address.
The user's main or designated contact is informed of all security breaches which impact or threaten the function or integrity of their deployment including the findings of impact analysis and measures (to be) taken to contain, eradicate and recover from the breach.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£41510 per instance per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||The trial is limited to 14 days and includes the full online workshop functionality for Facilitators (the person who can plan and run meetings and workshops) and participants. The meeting report is cut-off after 10 line items per tool. The export of content is cut off after 10 line items.|
|Link to free trial||Www.meetingsphere.com|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|