govuk-design-system
govuk-design-system copied to clipboard
alphagov
Get a Zoom and Zoom Events account for the Design System team
What
Sort out our own Zoom account for Design System Day (and one yearly license)
Why
So we're not dependant on the GDS Zoom license which doesn't allow us to run multiple sessions, we don't have visibility of sessions and where we have to rely on the license holder to set us up as a host at the time of the meeting.
Who needs to work on this
Vanita, Trang
Who needs to review this
Purchase will need budget approval
Done when
- [x] Decide if we need the large meeting add-on for a full year or ad hoc
- [x] Get spend approval
- [ ] Get DPIA
- [ ] Decide on a team email address to use for Zoom account
- [ ] Purchase Zoom and Zoom Events (refer to budget for exactly what to purchase and for how long)
- [ ] Store the credentials somewhere and make sure the right people have access
Zoom Meetings
Note: I've used 9 pro licenses (the maximum possible pro licenses) and 10 business licenses (the minimum possible business licenses) for costing examples because it roughly aligns with the timeline planned for the day. There's no reason why we couldn't have less licenses.
9 pro licenses at £11.99 a month/license = £107.91 + large meetings add-on (500) for one license at £40 = £147.91
10 business licenses at £15.99 a month/license = £159.90 + large meetings add-on (500) for one license at £40 = £199.90
If we wanted a Pro Zoom account for a whole year - £119 for 1 license for a year (100 participants) If we wanted a Business Zoom account for a whole year - £159.90 for 1 license for a year (300 participants) Large meeting add-ons are always on a monthly basis and would be ~£480 for a year, so I’d recommend only adding it on for a monthly license rather than the yearly one as I don’t think we’d use it that much and it’d significantly increase costs.
Zoom Events
Sounds like this is an add-on, so you still need Zoom Meetings and this is extra cost. Probably not worth it if that’s the case, at least not for this year. Maybe something to consider if/when we want to explore conference platforms for future Design System Day(s)
Things to consider
- What 'account' would we purchase these licenses on?
- Who would we assign the licenses to? "After purchasing a new license from the Zoom Sales team or from the Billing page, you will need to assign it to a user. Each license can only be assigned to one user at a time." https://support.zoom.us/hc/en-us/articles/115004976063-Assigning-a-license
Zoom costs document: https://docs.google.com/document/d/1Reqk6WD6mXqGgZjsLkr5yMWHTbEaSI93YeFoGbSet7U/edit#
@vanitabarrett @trang-erskine I've moved this back into the backlog until we're ready to purchase the Zoom licenses
Update
I've been following Kelly's slides on how to purchase something at GDS
I reached out to the Privacy team last week, and attended a meeting with representative from Privacy and IA on Thursday 1st September to explain our reasons for selecting Zoom Events, what we want to use it for, and how we want to use it.
At the meeting, IA requested more information on 1) audit logs within Zoom Events, and 2) how we were planning to set up the accounts. I have emailed our IA contact (see below) with answers to both.
A DPIA has been completed and is being reviewed. - I have given access to members of the Platforms team (David, Trang, Nora)
When I asked for an update on Tues 6th September, the estimate was that the DPIA would be completed by Thursday 8th and that they hadn't found any new risks compared to normal Zoom Meetings.
Contact in the Privacy team: Fadzai Dizanadzo Contact in the IA team: Rashalin Vather
When it comes to actually purchasing things, I've written up my thoughts on account setup/management here. The team seem to be leaning towards Option 2.
Note: a developer will be needed to store any new credentials in the credentials store.
Latest update: the DPIA has been approved from the Privacy team, but still needs IA to complete their section. Rashalin has been prompted to do so in an email thread which I’ll forward to the other people in the Design System team working on platforms.
The Privacy team have stated that “the issues raised in the Zoom Meetings assessments are the same issues that arise with Zoom Events” and advised that we "follow the guidance set out in the Zoom Meetings DPIA.”
Recommended actions when using Zoom:
- Recommend using the desktop version of Zoom over the Web/Phone app - already doing this
- A generic group work email or an individual work email can be used for the host licenses, but they must be CO/Gov email accounts - already planning to do this
- Zoom must not automatically sync calendars and contacts - TODO
- Meetings must have passwords - N/A Zoom Events requires registration, so may not apply in our case
- All participants must sign into Zoom - N/A again, Zoom Events requires registration with a Zoom account
- Attendees must be invited at their work accounts - N/A as is open to public
- Waiting rooms should be used to manage identification of meeting attendees as they join - TODO
- Meeting host must inform attendees if recording will take place. They must inform the meeting before recording starts and give attendees time to turn cameras off - already planning to do this
- They must link to a privacy notice in the meeting invitation - TODO
- Recordings should not be stored in the Zoom cloud. They should be stored in GDS’ Suite Cloud - already planning to do this
- If the chat function is used during the meeting and contains substantive discussion, it should be exported and saved - already planning to do this
- Guidance should be issued to advise users to change their cookie settings to exclude Advertising cookies - TODO
- Guidance should be issued to advise users not to sync calendars and contacts - N/A due to public nature of event, people may be using personal Zoom accounts configured to their preference?
I have added some of the recommendations noted above to https://github.com/alphagov/govuk-design-system/issues/2216
Note: we are planning to purchase Zoom Events for 1 month only, so should only go ahead with the purchase once we 1) have the date confirmed and 2) are under a month away from the event.