Synap LMS for Medical Schools

Synap is an intelligent formative assessment / online learning platform that helps medical students learn more in less time. We license content from Oxford University Press and have created a platform tailored for use in medical schools.


  • Personalised spaced learning algorithms tailored to each user
  • Single Sign On
  • 5000+ Multiple Choice Questions from Oxford University press
  • Works on any device
  • White-labelled branding and custom domain available
  • Available offline
  • Real time reporting for educators / administrators
  • Data import/export from QTI, JSON, SCORM


  • Students can study anytime, anywhere in 5-10 minutes
  • Increases the efficiency of revision time
  • Reduces cramming and spreads out learning across the year
  • Custom features, integrations and reports available
  • Dedicated account manager and UK-based to assist
  • Developed by and for medical students
  • Incredibly easy to use and engaging for students


£2500 to £50000 per instance per year

  • Free trial available

Service documents

G-Cloud 10



Dr. James Gupta


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Synap is available 24/7. Users are informed in advance of any planned maintenance which usually takes place outside of business hours.
System requirements
  • Web: Modern Browser (IE9+, Firefox 4+, Chrome 11+, Safari 5+)
  • IOS: 10+
  • Android: 6+

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Same day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Synaps web chat is powered by Intercom, an industry-leading customer support solution. We will be performing accessibility testing with users in late 2018
Onsite support Yes, at extra cost
Support levels All users and admin will be able to access email, web and phone support with the Synap team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite and online training at no extra cost. User documentation and a discussion forum for managers / administrators is also provided online. We can set up your LMS within a matter of hours, which comes with all the tools you need to invite users, add content and set up courses. However, we're also happy to spend more time setting up a custom implementation i.e. with integrations to your existing systems, helping to train and onboard your staff and import existing learning content, which we can do within 2-4 weeks. You can perform a bulk upload of users or integrate with Single Sign On / Active Directory to provide access to the system.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We will provide a data extract in CSV/JSON/SQL format
End-of-contract process At the end of the contract, customers may renew their annual license at the same rate. Alternatively, if a customer wishes to cancel their service and informs us in writing at least 60 days before the end of the contract, we will provide exports of their data and learning materials in commonly used formats such as JSON, CSV, SCORM or HTML as appropriate. Following this, their environment will be permanently shut down and data destroyed at a date agreed upon with the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile apps have been developed specifically for iOS and Android device. They offer similar functionality overall, but the mobile apps also benefit from offline access and push notifications
Accessibility standards None or don’t know
Description of accessibility We have developed Synap in-house and complying to modern web browsing / w3c standards.
Accessibility testing We will be conducting user testing session in late 2018
What users can and can't do using the API API access is available on request, and at an additional cost. Users can use the API to update user information, add content and stream analytics
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Universities can customise the portal in a number of ways. It can be completely branded to your university, sitting on a secure custom domain (i.e.

Furthermore we can support learner analytics export / data warehousing, Single Sign On, question import via CSV / QTI, and a range of custom features such as social learning / gamification and other content types.

We have in-house technical expertise and work closely with each client.


Independence of resources Synap is hosted on Amazon Web Services Elastic Beanstalk service. This is an auto-scaling environment, which adds new servers/capacity in real-time to meet demand. For large clients or at an extra cost, we can host a client's Synap instance on its own dedicated environment.


Service usage metrics Yes
Metrics types Synap has a flexible analytics set-up. We provide; Total/ Active Users, Time spent on platform, average score/ improvements
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Request an export from our support team
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability By default, we do not offer an uptime guarantee or SLAs. However, Synap has maintained a consistently high uptime (>99.9%) over the last few years. SLAs and dedicated environments are available at an extra cost.
Approach to resilience Synap is hosted on a modern cloud infrastructure provided by Amazon Web Services, hosted within the EU (Dublin). We use a failover system for our server and database, whereby there are always two instances running so if one fails another is able to take over seamlessly with no service interruption. Our architecture is designed with scale in mind, and currently handles tens of thousands of users each day.
Outage reporting We report outages through public dashboard and email alerts to our clients

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access to our systems are restricted on a 'need to know' basis and reviewed regularly.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IASME Cyber Essentials
Information security policies and processes We are a small team managed in one central location. We do not use removable media, and if sensitive data must be downloaded to an employees device, our policy is to delete it securely as soon as possible.
Passwords must be secure, not written down and changed regularly. Staff have regular security training provided by our CTO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are all tracked through granular commits in Git. Changes are signed so that the author can be positively identified. All changes are manually reviewed by our CTO for potential security impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a managed patch agreement with our hosting provider, Amazon Web services, whereby they will automatically patch our servers with minor and/or critical releases. Larger and other releases, such as to individual components, are done as soon as possible (within 14 days). We get information about potential threats through the AWS dashboard as well as several notification services.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We monitor our servers with AWS tools and other services to detect DDoS and similar attacks. We have pagers set up so that a C-level exec is notified as soon as an incident or potential incident emerges.
Incident management type Supplier-defined controls
Incident management approach Incidents are recorded in our project management software, Jira. We also record error logs which are stored securely. For our mobile apps, errors are automatically recorded and logged with a tool called Crashlytics. Users report incidents via our support service, Intercom.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2500 to £50000 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We can provide a 28 day free trial for customers. This will be a branded, custom environment with access to a sample of Oxford University Press content, or in-house you have imported.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑