Hicom Technology Ltd

Accent Course Manager

Accent Course Manager provides facilities for course organisers to develop and publish courses and events online, with candidates able to search and book courses that meet their specific needs and track and maintain a log of their training activities


  • Develop and publish courses and associated events
  • Manage course providers, speakers, events, facilities and equipment
  • Control costs including contributions, sponsorships and fees
  • Devolve administration of courses to course providers
  • On-line application management including choose and book
  • Track course attendance and complete online evaluations
  • Data analysis facilities for operational and performance monitoring
  • Can be integrated with the Accent workforce management system
  • ISO9001 and ISO27001 accredited


  • Reduction in administrative overhead
  • Reduction in the cost of administering courses
  • Improved business efficiency through process automation
  • Better access to courses, improving the overall quality of training
  • Revenue generation opportunities
  • Improved communication between course organisers, providers and candidates
  • Improved access to data for management and performance reporting


£10 per user per year

Service documents


G-Cloud 11

Service ID

1 1 5 5 3 7 6 9 5 5 3 3 1 2 7


Hicom Technology Ltd

John Sanderson

01483 794945


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Access to our help desk is limited to the service hours defined within this document, although the core service hours can be extended on request (at an additional charge). Hicom will notify the client of any planned service disruption or downtime, although we reserve the right to temporarily restrict access to the service outside of normal Service Hours without notice to undertake system upgrades or maintenance.
System requirements Provision of industry standard browsers for each PC

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are defined by the severity of the incident in accordance with our service level agreement, however as a guide we guarantee to respond to critical incidents within two working hours from the time of the call, urgent incidents within four working hours, and non-urgent issues and service requests within one working day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide:

- First-line support: Help desk and first responders. Information gathering, call logging, initial assessment, call proiritisation and escalation. Assistance with service requests and general operational support enquiries and responsible for customer communications and updates.

- Second-line support: In-depth analysis of the technical incident including troubleshooting and problem solving. Liaision with the customer technical or project team if required.

- Third-line support: Expert support by the development team for complex issues.

- Service monitoring: Automated and scheduled (daily) monitoring of the hosting service, system access, performance and stability.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is delivered in accordance with the needs of each organisation. We will develop individual, tailored training courses specific to the needs of the individuals being trained. Training can be delivered using a variety of different methods including cascade (train-the-trainer) training, classroom-style demonstrations, focus groups, workshops, online webinars and video tutorials.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Video
End-of-contract data extraction Data is extracted by Hicom on request in a format dependent on future needs.
End-of-contract process - Analysis and design: We would be keen to either provide the replacement system, or provide consultancy around the nature of the requirement. This would include comprehensive legacy analysis of the existing system to inform the requirements of the next (additional cost).
- Configuration and change management: Any change requests or defect reports will be passed to the developers of the subsequent system (additional cost).
- Data will be provided as IFF (included).
- Operations and support: The final release will still be supported until it is finally removed as long as this stage is still within contract (included).
- Transition consultancy: General consultancy is offered to enable the move to the replacement system. This may include consultancy around data migration and, specifically, around the data schema (additional cost).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No major difference. Some small difference in how screens are rendered.
Service interface Yes
Description of service interface Accent is based on micro services architectures based on a multi tenancy system. Application is written based on ASP.NET MVC and REST services. Interface engine for Ascent is mixed of Identity server (SSO using Oauth2/OpenID Connect), REST, SOAP, PowerBi, SendGrid, and multiple payment gateways.
Accessibility standards None or don’t know
Description of accessibility We are aware of the WCAG standards and incorporate them wherever possible into the design of all of our software. We do our utmost to ensure that content is accessible to a wider range of people with disabilities as well as making our web content more usable to users in general.
Accessibility testing Our experience of interface testing with users of assistive technology is limited. However, we are aware that WCAG 2.0 success criteria are written as testable statements and are seeking to integrate this into our testing procedures, currently internally.
What users can and can't do using the API The Accent ESR API is a bi-directional interface between Accent and Trust based ESR systems. A link between an Accent Post and an ESR Position is established with the ESR instance. Position data is passed to Accent in a daily extract. On receipt, Accent will carry out the following actions: - Discrepancies between Accent and ESR data are used to update Accent data. This is configurable on a field by field basis, and can be automatic, or subject to administrator review. - Received Positions are added to a watch list of Posts for which changes are reported back to ESR. The ESR Interface will daily create two exports to ESR: - Applicant Export – 3 months before a trainee begins a Placement, details will be sent to ESR. - Notification Export – Changes to a Placement following inclusion in the Applicant Export are detailed in a separate export to ESR. The import/export functionality allows updates to be synchronised between Accent and ESR, taking advantage of up-to-date data entered on either system. The interface is designed to run with minimal user interaction. The degree of maintenance required is dependent on the level of oversight the administrator requires for updates from ESR.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users have limited ability to customise the service. This includes menu items, data entry templates, document templates and, to a limited extent, the look and feel of the interface. This ability is limited to those users who have appropriate role based access controls.


Independence of resources This is achieved through the following:
- Appropriate hardware: Our data centre in Brookwod in Surrey is constantly monitored to ensure it has the capability to provide the service for our current and projected workload. If required, new hardware and other infrastructure is added to accommodate demand
- Efficient software design: Our systems are designed to ensure the most effective use of service resources are made
- Our SLA: Users of the system can rely on the service level outlined in our service level agreement to ensure appropriate system provision


Service usage metrics Yes
Metrics types The following service usage metrics can be provided on request: - Core user actions: Are users consistently using predefined core user actions? - Activity time: The number of times a user visits a service and the elapsed time they spend - Visit frequency: How often does a user return to a service
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach All customer data is encrypted at rest using Micrsoft SQL Server encryption, all storage/physcial media is encrypted using FIPS level encryption.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported either by using pre-formatted, customisable audit reports or by creating their own reports via MS SQL server report builder using pre-defined templates.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Access is via the public internet. All access is encrypted using SSL/TLS/IPSEC VPN, certificates utilise the latest standards.
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network All environments utilise separate physical hardware and all networks are segregated using VLAN's, all network perimeters (internal and external) are secured with network firewalls, all servers utilise software firewalls, all environments utilise separate authentication, there are multiple layers of physical security - secured electronic perimeter gates, biometric locks on external and internal doors, 24 hour monitored CCTV, 24 hour security patrols, the Hicom data centre within the main building is secured with biometric locks and IP cameras.

Availability and resilience

Availability and resilience
Guaranteed availability Hicom will endeavour to make the service available without disruption during Service Hours; however allowances should be made within this period for essential service downtime to enable critical software upgrades and system maintenance to be carried out.

Hicom provides all clients with an SLA (service level availabilty) that guarentees the availability of the service. The SLA generally guarentees availability of 99.5% during business hours however this is agreed with the client to meet their particular requirements.
Approach to resilience All physical hardware within the Hicom data centre is redundant, this includes all servers, switches, firewalls, power, cooling, cabling, connectivity etc. There is a replication based disaster recovery solution in place, in the event of "disaster" occuring the systems can be restored to a fully operational state within 2 hours.
Outage reporting All outages are reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels All access to the system, including management interfaces, is provided by Role Based Access Control dependent on successful entering of a username and password. Where possible access control lists are used to restrict access by IP address. Access to online support is similarly managed by Role Based Access Control, whilst those accessing telephone support may be asked to prove their identity if required. Where possible access control lists are used to restrict access by IP address.
Access restriction testing frequency At least every 6 months
Management access authentication Other
Description of management access authentication All management and support access requires separate credentials which are restricted to key personnel, access is secured with network firewalls at each network perimeter and software firewalls on all servers, rights are provided on a "minimum level of rights to complete the task" basis and access is reviewed and revoked when no longer required.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 16/06/2015
What the ISO/IEC 27001 doesn’t cover We believe this covers all of our activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Compliance with DSPT

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 accredited and, as such, our information security policies and processes are guided by this. This, therefore dictates the following: • Information security policies • Organization of information security • Human resource security • Asset management • Access control • Cryptography • Physical and environmental security • Operations security • Communications security • System acquisition, development and maintenance • Supplier relationships • Information security incident management • Information security aspects of business continuity management • Compliance; with internal policies, and with external requirements, such as laws Hicom is also registered with the Information Commissioner Office and adhere to the Data Protection Act 2018 and GDPR. We have and continue to take steps to ensure we remain compliant with the General Data Protection Regulations (GDPR). Hicom also hold certification for our Information Security Management System (ISMS) under ISO27001 and manage our confidential data policy and responsibility through our ISMS. Hicom are also registered under the Data Security and Protection Toolkit for NHS digital and measure and publish our performance against the National Guardian’s ten data security standards. ISO 27001 compliance is managed by our Quality and Information Security Officer Elaine Smart who reports directly into our Board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes related to the product specification (configuration) are either captured by the Project Manager if the system is still being implemented, or by our support department or the clinical account manager if the system has already been implemented. These are then tasked as Requests for Change and prioritised for implementation

Changes in the project processes or baseline (time, money etc.) are dealt with via the Project Manager and, if necessary the relevant Hicom Product Manager. If a change is identified, all affected project parameters will be assessed, analyzed for impact and acted upon.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Hicom subscribes to/utilises multiple vulnerability alert/information services including - MS-ISAC, NCSC, CIS, Symantec, Microsoft, OWASP, the information provided is reviewed and corrective action taken to correct/mitigate any issues. Monthly vulnerability scans are carried using multiple tools to test for vulnerabilities internally and externally, the results and action are recorded and reviewed as part of the organisations security management.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Hicom utilise an SIEM (Security Information and Event Management Solution) for protective monitoring, the product currently in use is Splunk however this is subject to change as new products enter the market. The SIEM solution monitors and analyses the logs from web servers and other key systems.
Incident management type Supplier-defined controls
Incident management approach Our approach to incident management is informed by ITIL. As such it is made up of the following components:
- Incident detection and recording
- Classification and initial support
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
- Ownership, monitoring, tracking and communication
Users report incidents through the support service defined in our standard SLA and incident reports are provided via the relevant Product Specialists.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per user per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑