Kaizen e-portfolio trainee & student management

Kaizen is a flexible software system designed to help training and teaching organisations to provide training through e-portfolio, workplace based assessment, self reflection and CPD tools. Kaizen means continual improvement for both learners and the organisation as the configurable system allows for complex workflows to be created by the user.


  • Student and cohort management
  • Customisable reporting
  • Form generator with workflow builder
  • Integration with exam and CRM platforms
  • Set goals and targets for users and monitor progress
  • Built in document storage
  • Fully customisable role and permissions structure


  • Quickly capture content from any mobile or desktop device
  • Request feedback and have it signed off from one device
  • Login with your usual username and password with SSO integration
  • Keep track of your current and future targets and expectations
  • Easy access to current and previous curricula


£20 to £30 per user per year

  • Education pricing available

Service documents

G-Cloud 9



Constant McColl


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements All modern browsers: Safari, Firefox, Chrome, IE 10+, Opera

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Online ticketing support will be responded to during UK business hours. We aim to respond to tickets within 8 business hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support No
Web chat support No
Onsite support Onsite support
Support levels All customers receive our premium support as standard. This includes an online ticketing service desk which links directly to the development team. Support, customisation and training during the setup phase is also offered onsite or remotely by telephone.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We want to make sure you have an excellent experience using the platform. Therefore full support and assistance is provided to setup your forms, workflows, reports etc during the onboarding process.

Onsite training is provided to groups of users at varying levels. That is to say that we will help train your system administrators, reporting team, assessment team, trainees, end users or any other group that will come in to contact with the platform. Each will have their own priorities and expectations which we will support.

Online documentation is also provided as a way of referring back to more complex tasks. This is continually updated when new features are rolled out and as we receive customer feedback.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We will provide a full output of all your data as standard. Accompanying documentation may require professional services.
End-of-contract process At the end of the contract a single full data export is provided in the cost of the license. Accompanying documentation may require professional services. If you wish the online platform to remain active in any capacity (e.g. in read only mode) then this will be an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application is fully responsive and contains all the same features and functionality from whichever device you are accessing from.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing No specific testing of assistive technology has been carried out. We would be happy to work with clients and 3rd parties to approve equipment for use with our system.
Customisation available Yes
Description of customisation The whole platform is designed to be customised by each organisation. We will provide continuous support and assistance in order to setup the most appropriate forms, workflows, roles, permissions and reports with you. Each of these elements is then completely maintainable by local administrators to eliminate the need for further development every time a change is requested.

Permissions can be assigned to each user to determine who should be able to make changes to the various areas of the platform. There is no special editing interface it is all simply done through the simple user focussed UI with no technical expertise required.

We are always available for support and advice to help you make the most of the platform and all new features.


Independence of resources All organisations within the same region are served from the same cloud infrastructure. This infrastructure has been carefully designed to dynamically scale when larger loads are detected specifically to negate the issue of traffic affecting performance.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We will facilitate the export of data for organisations wishing to extract a dump of all of their data. All reports within the system can also be exported to CSV and the capability for all users to download their portfolio as a PDF is coming in a future update to the software.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service shall be available 99.9%, measured monthly, excluding UK public and bank holidays and weekends and scheduled maintenance. Any downtime resulting from outages of third party connections or utilities or other reasons beyond the Company’s control will also be excluded from any such calculation. Downtime shall mean a period whereby the Customer is unable to access the Service for a period exceeding sixty (60) consecutive minutes, shall be a credit for 2% of the pre-paid Service Fees (calculated on a monthly basis: for example, the pre-paid annual Service fee divided by 12) for each period of 60 or more consecutive minutes of Service downtime; provided that no more than one credit for Service downtime can be claimed by the Customer per day and five credits in any one (1) month. In order to receive a downtime credit, the Customer must notify the Company in writing within five (5) days from the time of downtime, and failure to provide such notice will forfeit the right to receive such downtime credit. The Company will issue a credit note, as calculated in line with the provisions of this Section, as a refund against annual Fees already paid.
Approach to resilience This information is available on request.
Outage reporting We notify the client if there are any unplanned outages. If there is a service failure during a critical period we have a telephone support like which will provide instructions for recovering the data, either by restoring the service or talking through the direct download.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the system is either by service login, in which case management and support staff are subject to the same role based access control and audit trail as all users, or by secure public key authentication for devops to gain direct access to the software and database. Public key distribution is part of our automated deployment, configured so that only developers on the specific project team (and senior technical staff overseeing the development) have access to any specific server.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We follow the principles of ISO27001, we have a risk assessment, and risk treatment plan, which has informed the creation of an Information Security Policy. Staff receive training on EU data protection requirements, and our Information Security Policy with an annual refresher. Our policy is reviewed annually and updated inline with changing legislation and client needs.
Information security policies and processes We have an Information Security Policy that staff receive annual training (along with EU Data Protection requirements). Staff completion of this training is logged in our internal Continuing Professional Development system (we use our own produce Kaizen for this). The Information Security Manager is responsible for checking the training has been carried out, and also receives all incident reports. The Information Security Manager reports directly to the board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use automated deployment methods to ensure consistency of deployment. Configuration is built into the automated deployment so that changes made the configuration can be repeatedly deployed. Components of services are allocated to clients, and do not change between clients during their lifetime. As part of our software development release procedure we check the security implication of any changes, assign a risk level. For high risk features additional specific testing may be required before releasing the new feature.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use a formal process as defined in "Information Security Risk Management for ISO27001/ISO27002" (Calder and Watkins, 2010). This process starts by identifying the assets we need to protect, then the threats that may exist to them. Then each one is assigned a risk and impact assessment, and this is used to develop a risk treatment plan (where risks are mitigated, accepted, eliminated, or transferred). We have a fast track release procedure for critical fixes, that allows low risk fixes to be rapidly deployed. We subscribe to industry standard security notification sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All accesses to the server are logged and monitored, and attacks are automatically detected, and system administrator notified. After a potential compromise has been detected, the information security manager must be notified. There will then be an investigation and analysis of the severity of the compromise and a plan of action decided. Internally security incidents are highly prioritised, and we make all reasonable efforts to address them immediately.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents through the service desk. We capture responses in our knowledge base so that common events can be resolved by clients directly. Our response to the incident will be through the service desk, and this is our report to the user. We can complete incident reports if requested.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £20 to £30 per user per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑