Virtual College Ltd

Business Compliance elearning courses

Designed to scale, whether you’re looking to upskill one or one thousand employees, we’ve identified and developed a suite of training courses that cover the most common business compliance requirements, to cover public sector training needs. Reducing risk in the workplace and to your organisation.

Features

  • Online, self-paced, flexible and accessible on all devices
  • High quality, trusted provision from verified subject matters experts
  • SCORM compliant
  • CPD accreditation on all courses
  • Knowledge check assessment at the end of the course
  • Instant digital certificate awarded on completion
  • Course evaluation to capture learner feedback
  • Instant help and support guides for learners and administrators
  • All courses updated with legislative changes and best practice thinking
  • Select courses City & Guilds accredited

Benefits

  • Flexible learning in bite-sized sections
  • Suitable for learners from introductory to advanced levels
  • Excellent learner experience, improves completion rates
  • Value for money packages to suit job roles
  • Supports both compliance requirements and performance
  • Easy onboarding and set up, with ongoing support
  • High quality and interactive courses improve learner engagement
  • Capable of being hosted in any SCORM compliant system
  • Cost effective option to support a blended learning approach
  • Can be completed any time, anywhere, on any device

Pricing

£5 a licence

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@virtual-college.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 0 6 9 5 4 8 6 7 9 1 0 0 9 7

Contact

Virtual College Ltd Felicity Fiore
Telephone: 01943 605976
Email: contracts@virtual-college.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
A SCORM compliant hosting platform is required.
Cloud deployment model
Private cloud
Service constraints
Content must be hosted in a platform such as a learning management system. The host system may also dictate the file format of the content (e.g. SCORM).
System requirements
Access to a hosting platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Full email support is available to all our users, including system administrators and individual users. This service is available from 8.30am to 5.30pm, Monday to Friday, via our help and support team. Our response standards are within two hours of receipt or next working day if received outside working hours. 80% of all support emails are answered within 2 hours and 95% of emails are resolved without the use of further correspondence
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All users have access to our learner support team - accessible by phone or email during business working hours. All users have access to our learner support team - accessible by phone or email during business working hours. If the content is hosted in our learning management system help and support guides are also available. If more extensive support is required (for example if purchasing a large selection of titles or support with roll-out) then Account Management support is also available. A dedicated Account Manager will provide: • communication and support including regular catch-ups and reviews • coordinate responses to incidents and issues. Issues can be escalated to the Technical Team and dealt with in relation to their severity. Account Managers will acknowledge all email requests within 1 working day. Each business wide training implementation program will be supported by an implementation team of at least a dedicated Account Manager and Second Line Support Executive, overseen by a manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our content has been designed to be easy for new learners to pick up and use. For one-off purchases made online the user will be sent an email to their registered address confirming their login details and a link to the training. Should the purchaser being doing so on behalf of a group of learners they will have their own hosting domain setup and the purchasers be set as an administrator for that domain. They will then be able to set up users and allocate the courses as they require. They will have access to an array of support guides on the system's Help and Support page.

If a purchase has been made for the content to be hosted in another platform a link from which to download the files would be sent to a named administrator.

Further on-boarding support can be provided by the support team if required.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Platform help and support page
End-of-contract data extraction
The course does not capture any client data however the client's learners will be able to download their certificates as evidence of completion prior to the contract's end.

Should our hosting platform be employed we ensure customers are able to fully extract the data they need. Initially we would inform them they have a certain amount of time to extract their data themselves should they wish. System administrators have access to all user data held in the system and can extract by their preferred method. They are also able to run any number of system reports and export these from the LMS as a comprehensive record of all system data. If the files are too large for them to extract we will offer to do this on their behalf. Upon extracting the data will send it to them via an encrypted memory pen. This data would usually be extracted in the form of a series of system reports that provide the customer with all the user data they require.
End-of-contract process
If a customer requests to leave our service, we commit to providing a simple and efficient exit process to enable customers to end their service with us and where appropriate, move learners and their respective records to a different supplier and/or retrieve their data. On receipt of confirmation that a customer will be leaving us, we will send them Off-Boarding correspondence via email. This will confirm the products that the customer has chosen not to renew, the date that access will cease, the steps taken in Off-Boarding a customer, and the contact details of a named individual within Virtual College, should they have any questions. We do not charge customers for any costs associated with our standard off-boarding procedure. At the end of a customer’s contract we will usually leave administrator access open for 1 month following the final learning date – this timeframe will be agreed with the relevant Account Manager.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All the content we produce can be used on mobile devices. In most instances the content will appear on the mobile device as it does on a desktop.
Service interface
Yes
Description of service interface
All our content has clearly labelled navigation and menu features which are explained to the learner at the start of the course. These are support by the course narration. All our courses also feature a menu button, enabling the learner to move to a particular page within the content.

We include elements such as keyboard navigation and other accessibility features (such as compatibility with screen readers) to ensure the content can be viewed by a wide learner base.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We test all our content on Internet Explorer 11, Firefox, Android, Google Chrome, Safari and Edge as well as on our own learning management system.
API
No
Customisation available
Yes
Description of customisation
Our content team can customise our ready-to-content to meet a clients requirements. This includes rebranding, making amendments to particular pages, adding new interactive elements or resources or new pages entirely.

Customisation can only be provided by our content team. Costs are dependent on the scope of the required amendments.

Scaling

Independence of resources
We load test our service using a number of software tools which emulate a large number of active clients on the system. We are aiming towards the system being able to host 10,000 concurrent users. Each customer using the LMS is set up on their own domain. These domains are separated, so no users in one domain may affect another domain. Multi-domain access is restricted to the admin panel, which only certain members of the Technical Team have access to.

Analytics

Service usage metrics
Yes
Metrics types
System Administrators view service metrics by a variety of means. They can view user records which contain their system data and can further drill down in to individual pieces of data, such as courses, to view these in greater detail. The system also has a reporting suite which features customisable reports. These report on a number of elements such as system usage, course data, evaluation data etc. These are presented in a tabular format and provide a comprehensive view of all elements of service usage.

SCORM compliant systems will also be able to track SCORM files they host.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
TLS (Version 1.0 and above)
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users are able to export data system data, such as notes and reports by clicking the 'Export' button on-screen. They have the option to export them in a variety of different formats. In terms of exporting personal data this task would need to be performed by our Business Administration team.
Data export formats
  • CSV
  • Other
Other data export formats
  • .XLS
  • .JSON
  • .PDF
  • Rich text
Data import formats
Other
Other data import formats
Text input

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
For our own platform TLS (Version 1.0 and above)
Data protection within supplier network
Other
Other protection within supplier network
For our own platform IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Learner Support
• Calls answered within 3 rings
• Emails acknowledged within 2 hours
• Email replied to either resolving the issue or explaining next steps in 1 working day.

Hosting Platform
We have an internal technical team that manages and solves any day to day technical issues with the systems we operate following a priority rating system to ensure business wide/total lock out technical issues are resolved as quickly as possible. They are also responsible for implementing technical developments and new features. Available from 8.30am to 5.30pm, Monday to Friday.

In addition we provide out of hours technical support in the event of infrastructure issues. The monitoring software on our hosted systems alerts all key staff to any problems or issues.

We also have 4-hour hardware service agreements with both DELL and Com-Com.

As we take our service and security responsibilities extremely seriously, our current system availability statistics show that we have achieved 99.9% system availability over the last year.
Approach to resilience
Our services are hosted in modern cloud hosting environments and our hosting providers are verified and have the required accreditations. Further details are available on request.
Outage reporting
Any potential outage would be reported by sending out a notification in the system to warn LMS users. These notifications would pop up on the user's dashboard and be stored among their notifications. Outages are also reported to key contacts via an Account Manager.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
If the content is hosted on our platform a user will be set up as an administrator. Only they are able to access the management interface. In terms of support channels, users can access the Learner Support team with any queries by phone or email. We also offer a full account management service, backed by a business support team, access to whom is restricted to an organisations administrators.

Where the content is to be hosted in a third party system we send a link to the content directly to an administrator, ensuring only they are able to access the files.
Access restriction testing frequency
At least once a year
Management access authentication
Other
Description of management access authentication
Management access to our platform is authenticated via the manager's username and password.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Virtual College takes its data management responsibilities seriously. We train all staff to identify and report all potential risks so that we can take positive measures to eliminate or control these risks whilst working within the data management principles. We are proactive in providing information, training and supervision so that all those associated with the organisation can take reasonable care of their own and other people’s information and feel able to report any situations in line with our Data Protection and Confidentiality Policy. Through our quality assurance procedures and training, a consistent approach is taken by all staff members processing your data so you can be sure that whilst user data is being uploaded to the system, and throughout the ongoing support, it will remain strictly confidential at all times. Virtual College complies with all aspects of data protection and we train all our staff on what this means in practice. We work with an independent consultant in the continuous improvement of our approach and undertake regular audits in order to ensure all staff work within our policies and procedures. Our registration number is Z7723545

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a strictly defined quality process which is managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.

For our code base, everything is under strict version control so nothing is lost and everything is backed up. For configuration and content within the LMS, there is also version control to allow administrators to revert any changes and have a history of changes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security is paramount and rigid design protocols are utilised to reduce the threat of vulnerabilities. Using Entity Framework and MVC with extensive use of stored procedures to mitigate SQL injection attacks through comprehensive sanitization of input and stored procedure permissions. Using tools including Nexpose, ZAP and BurpSuite vulnerabilities are dealt with expediently and added to sprints where necessary to mitigate the risks of cross site scripting, cross site request forgery, click jacking etc.

We have a strictly defined quality process managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have monitoring services on the server to alert our IT staff of any potential issue. We then have extensive reporting in the system which logs any potential risk or attack. When a compromise is found, it is looked at according to our SLA. If the risk is high it will be solved within 2-3 hours.

We have a strictly defined quality process which is managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are reported using Virtual Colleges own mechanism as part of our ISO process. An RCA (Root Cause Analysis) form is filled out and then a detailed report of the issue, how it has been rectified and measures to prevent in the future is created and distributed internally and externally when required. Minor requests will be completed within twenty-four hours. More in-depth requests are assessed on receipt.

We have a strictly defined quality process managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5 a licence
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We would be a happy to provide time limited access to a demonstration version of any course title. Requirements will be discussed and access given by relevant Virtual College contact at the time of enquiry.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@virtual-college.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.