Skip to main content

What is G-Cloud & Why Use it via Kahootz - Knowledgebase Articles / Licensing & G-Cloud - Software Support

What is G-Cloud & Why Use it via Kahootz

Authors list

What is the G-Cloud?

The UK G-Cloud Programme is a cross-government procurement framework for services tendered under OJEU process - there are four categories of pre-approved cloud services:

  1. Infrastructure as a Service (IaaS)
  2. Platform as a Service (PaaS)
  3. Software as a Service (SaaS)
  4. Specialist Services

All the approved services are listed in the Government Digital Marketplace.
Just search for "Kahootz" to find our service description.

Why should I use the G-Cloud?

For UK Public Sector organisations, the G-Cloud is the most cost-effective way to procure cloud-based services.

The procurement framework provides a call-off contract of pre-approved services, allowing you to order just what you need as and when you need it, with no practical upper limit on contract value.

This procurement route also provides the extra protection of the G-Cloud Framework Agreement between Kahootz and the Minister of the Cabinet Office, ensuring we deliver a quality service to your organisation.

How do I buy Kahootz from the G-Cloud?

  1. Check you belong to one of these public sector organisations
    (contact the G-Cloud team if you are not listed and should be).
  2. Follow the Digital Marketplace Buyers Guide.
  3. Contact us to finalise the details of your Kahootz license and any optional consultancy services.
  4. We jointly complete and sign Schedule 2 of the G-Cloud Framework Agreement.
  5. We can either add your licence to your free trial site so you can continue using anything you've created there, or you can create a new site.

Job Done! That's all it takes to be in Kahootz with your stakeholders.

How easy is it for my organisation to evaluate Kahootz?

Just go to Kahootz.com and start a free trial and you'll have a Kahootz collaboration site up-and-running in minutes. Feel free to create as many secure workspaces as you wish, try out some of our sample workspace templates and invite your colleagues to take part in your evaluation. If other departments become interested, you can set up as many trial Kahootz sites as you wish.

What level of security can Kahootz offer?

NOTE: The security levels mentioned in this article are specific to UK Government organisations - they may not mean anything to other business sectors or nationalities.

In April 2014, the Government Security Classifications Policy changed the way that the public sector classifies and protects its information assets. There are now just three levels of security classification: OFFICIAL, SECRET and TOP SECRET. OFFICIAL replaces everything up to and including IL3/RESTRICTED, and that includes the majority – or about 90% - of all information related to public sector activities. 

OFFICIAL information does not need to be marked, aggregation does not automatically trigger an increase in protective marking and it can include personal data.

With this change came a recognition from CESG that business impact levels - such as IL2 and IL3 - are not an appropriate way to measure software security – and there is now clear mandate that business impact levels MUST NOT be used for that purpose. Kahootz was one of the few systems to formerly have pan-government accreditation up to IL2, but there is no equivalent pan-government accreditation for the new scheme - each department must make up its own mind about what solutions are suitable.

According to the Cabinet Office, “OFFICIAL information can be managed with good commercial solutions that mitigate the risks faced by any large corporate organisation”.

That’s a pragmatic choice for modern government and a recognition that, for most Government information, the security requirements are equivalent to a private sector enterprise.

How do you know when a commercial solution is a good commercial solution and is sufficiently secure and well-managed to hold OFFICIAL data?

To help with this, the CESG created a list of 14 “essential security principles to consider when evaluating cloud services”. Between them, they cover all the security issues related to service provision.

Supporting each principle is a set of guidance that explains what it means, why it is required, and a set of possible implementation approaches.

These security changes are reflected in the G-Cloud from iteration 6 onwards, in that the G-Cloud Digital Marketplace now asks suppliers approximately 80 detailed security questions that highlight each supplier’s implementation approach for each security principle, and the evidence they have to demonstrate that the approach is effective.

Kahootz has issued a detailed document explaining the security content of Kahootz and how it meets the 14 cloud security principles, it's been internally approved for use with OFFICIAL and OFFICIAL-SENSITIVE documents by a large number of government bodies. Full details are available on request via Kahootz Sales

Helpful Unhelpful