Traineasy LMS -X

A new-generation, mobile-responsive LMS with video gallery of Netflix style playlists, curated from sources including YouTube, Vimeo, customer's own, and off-the-shelf. Gallery is searchable, affording true just-in-time learning on any device. LMS-X supports dynamic user groups, training compliance rules and reporting, ILT, email/SMS alerts, learning pathways, certifications surveys and SCORM/AICC.


  • Learning management system with video gallery
  • SCORM 1.2, SCORM 2004 and AICC compliant for eLearning
  • Available with integrated classroom booking and online appraisal modules
  • Nested rules allow different methods for obtaining training compliance
  • Real-time reporting on compliance, classroom attendance and e-learning attempts
  • User dashboards provide instant access to courses and essential information
  • Competency frameworks, development plans and personal objectives
  • Appraisal compliance, performance and talent reporting
  • Training due and overdue email/SMS reminders
  • Classroom booking, reminder and cancellation emails/SMS


  • Use the push-pull design features to rapidly improve training compliance
  • Save costs and time with instant and real-time compliance reporting
  • Ensure staff classroom bookings are in their outlook calendars
  • Reduce admin costs with self service classroom bookings
  • Drive down DNA rates with a combination of automatic measures
  • Give staff the user experience they want with an LMS
  • Develop an extensive, searchable catalogue of blended learning
  • Produce any imaginable report instantly and in real time
  • Upload prior learning records so full training histories are available
  • Add the fully integrated appraisal module for absolute efficiency


£1 a person a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

1 2 5 0 1 3 0 0 2 3 9 4 0 3 0

Contact Limited Sarah Lambie
Telephone: 01908 508777

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
IE 10 and below is not supported.
System requirements
  • A stable internet connection
  • A modern browser
  • Popups must be enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Maximum response time is within 4 business hours. More often than not response times are immediate or within one hour.

(Business hours are Monday to Friday 9 to 5.30pm excluding UK bank holidays).
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All customers are entitled to Level 1 and 2 support. For example, when a technical issue prevents normal use of the system to a greater or lesser degree, this will be prioritised and resolved as soon as possible at no additional cost to the customer.

Level 3 support is also available where customers can receive assistance with trouble shooting settings, or with setting up something new, for example.

Customers choose how many hours of Level 3 support time a year they require and pay for this annually in advance @ £56.25 per hour.

Customers without a Level 3 support arrangement may access this service on an adhoc bais when required @ £85.00 per hour.
Support available to third parties

Onboarding and offboarding

Getting started
Onboading starts during the presales process with an examination of the customer's unique circumstances and set of requirements. Detailed discussions are held, questions are answered and the onboading training schedule is agreed. Training for the admin users starts as early as possible in the implementation project, and is delivered via short Zoom sessions with time in between for the admin user to practise their skills. The content of the training sessions is always tailored and as many sessions as needed are held to ensure admin users' knowledge is sufficient and they are ready for go live.
Service documentation
Documentation formats
End-of-contract data extraction
All data including training records and user profiles can be extracted by simple CSV download.
End-of-contract process
At 5pm* on the day of contract expiry, the affected client site is made inaccessible and users’ browsers display a ‘domain not found’ or similar message. Clients may extract any data they require from the front end of the affected system while the contract is still effective until 5pm* on the day of contract expiry. Within two calendar months from the day of contract expiry, the live client data is deleted. The LMS software remains the IP of Traineasy and the customer’s copy may therefore at Traineasy’s discretion either be deleted or kept for future use. A securely stored archive copy of the client data remains for a maximum of 12 months after which time it is permanently overwritten. Ad hoc requests for the retrieval or deletion of data from the archive can be made during this period and are chargeable.

*Client sites are made inaccessible as close to 5pm on the day of contract expiry as operationally possible taking into account weekends and UK bank holidays

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Traineasy LMS is fully mobile responsive. The information on the screens flows around and adjusts position in response to the device in use.
Service interface
Customisation available
Description of customisation
The solution is graphically customisable so customers can expect it to look and feel very similar to their own websites for example.


Independence of resources
Larger instances of LMS-X are hosted on a dedicated server. They therefore have dedicated resources in terms of memory and processors allocated to them. Smaller instances can still be hosted on dedicated servers if required.


Service usage metrics
Metrics types
Session per day (last 30 days). Top 15 browsers used by user (last 30 days). Top operating systems used by user (last 30 days).
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
CSV download
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99% availability is guaranteed in any rolling 12 month period.
Approach to resilience
Node 4's Disaster Recovery Policy confirms resilience of services. Resilience and capacity management is also covered under their ISO 27001 certification.
Outage reporting
Any outages at the Data Centre are reported via the Node4 NOC and communicated via email to Traineasy.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
We provide access privileges to our technology (including networks, systems, applications, computers and mobile devices) based on the following principles: (1) Need to know – users or resources are granted access to systems that are necessary to fulfil their roles and responsibilities. (2) Least privilege – users or resources are provided with the minimum privileges necessary to fulfil their roles and responsibilities.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Security operations, unified communications, open source eco-systems support and development with associated management and support activities.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Traineasy's Information Security Policy supports the 7 Caldicott principles and 10 data security standards and is supported by specific technical security, operational security and security management policies. Information Security and the appropriate protection of information assets is the responsibility of everyone. All staff remain accountable for their actions in relation to confidential information and information systems. Employees are responsible for ensuring they understand their roles and responsibilities, and this is reinforced by yearly mandatory training. Failure to comply with IS policies may result in disciplinary action. The Senior Information Risk Owner (SIRO) is accountable for information risk within Traineasy and advises the Board on the effectiveness of information risk management across the organisation. Within Traineasy the SIRO is also Chief Information Security Officer and is responsible for the day-to-day operational effectiveness of the IS policy, and its associated policies and processes. Traineasy's Data Protection Officer is responsible for ensuring that the company and its constituent business areas remain compliant at all times with Data Protection, Privacy & Electronic Communications Regulations, Freedom of Information Act and the Environmental Information Regulations. The Information Asset Owners (IAOs) are the responsible individuals involved in running the business area.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
As a general principle, Traineasy systems are locked down as much as possible without inhibiting business requirements. This includes "Least Privilege" as well as a "Secure Configuration Approach" where Traineasy controlled systems and are assessed to determine exactly what business functionality is required; all unnecessary functionality is removed and default configurations updated. The configuration management database is kept up-to-date and always represents the live environment. The process we use is to record and review all requests for change, If accepted, requests for change are categorised and assessed, before being authorised, implemented, evaluated and closed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our vulnerability management program is a continuous process that helps us better manage our vulnerabilities in the long run. It comprises the following components which are continually repeated: Asset Inventory, Information Management, Risk Assessment, Vulnerability Assessment, Reporting & Remediation, Response Planning.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring approach provides visibility and understanding of who is accessing data. All of our systems capture logs with accurate time stamps together with the ID and IP address of the individual and the actions they are performing, such as logging in, deleting data, and so on. System statistics about data access are collated and represented graphically on our systems' dashboards.
Incident management type
Supplier-defined controls
Incident management approach
Our Information Security Incident Policy is used to produce, implement, test and manage our information security incident management processes. The Policy covers both IT incidents and suspected data loss/breaches whether electronic or physical.

Our information security incident management processes are fully documented and enable us to handle different types of information security incident, including managing incidents affecting confidential information assets, from identification and analysis, through to response, resolution and recovery. We use a simple reporting form for incident reporting. The reporting form is easily available via the Traineasy intranet/IT system and it is designed to capture the required information,

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£1 a person a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.