Helastel

Helastel E-Portfolio

Helastel E-Portfolio cloud-based education and learning service for healthcare, government and justice. E-Portfolio enables learners to access course materials and capture, manage and submit evidence for assessments and competence measurement. The system supports alerting, task management and certification in a secure environment that supports multimedia and mobile platforms.

Features

  • Flexible and secure user permissions
  • Simple and intuitive interface for all users
  • Designed for learners, assessors and training managers
  • Accessible at any time, from any location and any device
  • Single entry - removes the need to duplicate information
  • Adaptable API
  • Modular and scalable
  • Supports multiple disciplines
  • Alerts and Notifications
  • Reporting and Analytics

Benefits

  • Simple, consistent evidence capture and submission
  • Course and assessment progress tracking
  • Access to all curriculum information
  • Collaborative tool for exchange of messages and ideas
  • Create personal development plans and track progress
  • Manage access and viewing
  • Management and storage of documents and forms
  • Easy import and export of information and documents

Pricing

£10000 to £35000 per licence per year

Service documents

G-Cloud 10

209620439513459

Helastel

Rob Fox

01173830380

rob.fox@helastel.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Typically, constraints are limited to the use of approved browsers. If there are any additional constraints as a result of the client's particular configuration or requirements, these will be fully documented as part of the contractual process.
System requirements Browser: IE11+, Chrome, Edge, Firefox or Safari 9+

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based upon customer agreed service level agreements, but Helastel provide a manned help desk service during office hours and out of hours alarm monitoring. Typical response times are within 1 hour dependent upon the incident classification. Weekend cover is by arrangement.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Helastel bespoke support packages to customer requirements. However, typically Helastel will respond to critical issues within one hour and non-critical issues within one business day.

Support costs will be agreed as part of the contract between Helastel and the client.

Support is provided via telephone or email to the helpdesk portal. On site support is available at extra cost and Helastel provide a named Service Delivery Manager (SDM) for all customers where a Service Level Agreement is in place. The SDM will be responsible for providing regular reporting and feedback to customers on service delivery, ongoing issues and performance against SLA's.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Helastel can provide onsite training or online training depending upon the client's requirements, Documentation is not normally provided unless agreed as part of the contract negotiations.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Multiple formats available for export; Helastel will export data in a format specified by the client, for example CSV. To manage change control, SQL files can be provided and version control applied. Helastel will work with the client to agree a convenient schedule for export of files.
End-of-contract process Helastel systems are capable of a complete export of all data and associated information in open formats to allow portability to other systems.

Multiple formats available for export; Helastel will export data in a format specified by the client, for example CSV. To manage change control, SQL files can be provided and version control applied. Helastel will work with the client to agree a convenient schedule for export of files.

Helastel offers options for end-of-contract support; these and their associated costs will normally be agreed between Helastel and the client as part of the contract negotiations.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service In general, there are no functional differences between mobile and desktop services. However, in some cases functionality might vary depending upon the configuration of the system
Accessibility standards None or don’t know
Description of accessibility Helastel adopts basic accessibility functions such as: clear naming of control functions, non-intrusive formatting, no reliance on colour, resizable text, keyboard input options, no keyboard traps, no flashing images, clear labelling, consistent navigation and identification, error notification and error prevention. The majority of users are therefore able to work comfortably within the user interface, and make adjustments to improve the experience for a particular user. The system supports a configurable front end, so that additional accessibility requirements can be provided where specified by a particular client. Helastel systems are responsive, so can be used on desktop and mobile devices.
Accessibility testing No generic accessibility testing is performed. Helastel systems are developed with basic accessibility options and additional accessibility options can be supported to meet the particular requirements of a client or implementation.
API Yes
What users can and can't do using the API The system API supports all functions of the full web application.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation In general, authorised system administrators may customise the service by editing, granting or removing user access permissions. Other service customisations may be allowed, but these would be agreed and implemented as part of a set of specific requirements for a particular client or deployment

Scaling

Scaling
Independence of resources Helastel uses dedicated server(s) per client

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Helastel systems enable users to export their data using CSV, TSV, XLS, XLSX and ODF formats.
Data export formats Other
Other data export formats
  • CSV
  • TSV
  • XLS
  • XLSX
  • ODF
Data import formats Other
Other data import formats
  • CSV
  • TSV
  • XLS
  • XLSX
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Helastel's service level agreement is 99.9% of uptime. We will respond to critical hosting issues within one hour and to non critical issues within one business day.
Approach to resilience Helastel hosting services are supported from a Tier 3 and Tier 2+ datacentres, certified to ISO 27001 and operates virtualised platforms. The datacentre provides full Business Continuity, back-up and data security. There is N+1 redundancy on power and data connections. The datacentres are based within the UK; all data are stored within the UK and fall within UKL data protection legislation.
Outage reporting All outages are reported via email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Restrictions are managed through user permissions and user and/or administration roles and privileges
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Approachable Certification
ISO/IEC 27001 accreditation date 22/09/2017
What the ISO/IEC 27001 doesn’t cover Helastel are accredited for the provision of a software consultancy including design, engineering, infrastructure and support services.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Information Governance (IG) Level 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Information Governance (IG) Level 2
Information security policies and processes Helastel follows its internal Information Security Policy, Information Security Incident Management Procedure, Information Security Management Report and Information Governance Policy. Helastel complies with the NHS Information Governance (IG) standard. All of Helastel's internal information security policies are compliant with ISO 27001 and 9001 accreditation. All incidents and issues are reported to Helastel's Information Governance Lead.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Helastel uses source control with revision history. All changes are fully tested and verified before before deployment to a live environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Helastel uses a combination of Information Governance compliance, external penetration testing, best-practice design, best-practice configuration, validation, use of up-to-date components and thorough testing to ensure that its systems are not vulnerable to the OWASP top ten.The time taken to deploy patches where vulnerabilities are detected depends on the type and severity. For example, potential loss of sensitive data would be a priority issue and would receive immediate attention; where there was a minor issue with very little chance of a system being compromised, the fix might wait until the nest software release.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Helastel employs active monitoring of the system and identifies any suspicious behaviour outside normal usage. Such threats are investigated immediately and responded to within the timeframes stipulated within the Service Level Agreement.
Incident management type Supplier-defined controls
Incident management approach Helastel's Information Security Incident Management Procedure defines what may constitute an incident, how it is to be reported and actions to be taken. Broadly, all incidents and security breaches are forwarded to the Information Governance (IG) Lead, who logs the incident on Helastel’s risk register, investigates and documents the incident using the Information Security Incident Report, and provides feedback. All incidents are monitored to identify recurring or high-impact incidents. Helastel requires that information security incidents are reported as soon as possible. All security incidents are prioritised by the IG Lead in order of seriousness.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10000 to £35000 per licence per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑