HT2 Limited

Curatr Learning Experience Platform (LXP)

Curatr LXP is an award-winning learning platform that allows you to provide content recommendations, activity recommendations and courses to your employees that are intelligently recommended, gamified and social. Make use of your existing content, curate content from around the web or use the thousands of curated items included for free.


  • Easy Curation: Use our free content, existing content or curate.
  • Social Learning: Learners contribute to discussions about learning resources.
  • User Contributions: Learners can upload files and embed external resources.
  • Smart recommendations: AI-driven, personal recommendations for learners.
  • Easy for you: Easy administration and clear reporting.
  • Customisation: Scope for personalised branding, images and terminology.
  • Unlimited access to our Support Team and Help Centre.
  • For Pro customers: Social Intelligence Dashboard (Machine Learning analysis)
  • For Pro customers: Customised recommendation system.
  • For Pro customers: SSO, Custom Homepage, Learning Locker included.


  • Save time and money with easy curation
  • Improve Results; Engaged users, twice as likely to recall training
  • Improve Engagement with discussions, contributions and knowledge sharing
  • Power your existing or free content with our recommendation engine
  • Deliver scalable learning easily and intuitively
  • Reduce administration with smart, automatic recommendation
  • Turn your existing content into a modern, user-friendly, intelligent experience


£5.25 to £60.00 per user per year

  • Education pricing available

Service documents

G-Cloud 11


HT2 Limited

Alan Betts


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Curatr LXP will work on all modern browsers and systems
  • A connection speed of 20Mbps is recommended for some content

User support

User support
Email or online ticketing support Email or online ticketing
Support response times HT2’s SLA is based upon working hours of 9.00am - 5.00pm (BST), Monday to Friday in the UK, excluding public holidays.

The Customer may log new support queries using HT2’s automated email helpdesk system at:

We respond within 4 hours, within 1 hours for Priority 1 issues.

(Priority 1 = An incident that impairs the Customer’s ability to maintain Service operation causing a severe loss of Service. There is no acceptable workaround for the Customer).
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Support and hosting are included in the licence fees.

The Customer may log new support queries using HT2’s automated email Helpdesk system at:
Alternatively, the Customer may contact the HT2 Account Manager.

We also have a dedicated Customer Success Manager to help companies get started, and as needed throughout the contract. Where technical integration in required, an Implementation Manager will also be assigned to the client.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Customers are generally able to start using Curatr LXP without any help, but we make Customer Success Manager available to any organisation starting with us to provide training, support and best practice guidance as required.

Larger organisation/projects will also be assigned an Implementation Manager to take care of any technical work (for example, integrations).

We are able to provide onsite or remote training, and there is extensive user documentation, a user community, and user support available at:
Service documentation Yes
Documentation formats Other
Other documentation formats Online Help Centre (Publicly Accessible)
End-of-contract data extraction Clients are able to extract their data via CSV, end users are able to use the Open Badge functionality to export progress data in a standardised format,
End-of-contract process Organisations are able to extract their data via CSV if they choose to. All data is then deleted.

If an organisation requested something different, this could be costed and charged.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Users access the same system via their mobile browser. All functionality is available and the display is optimised for smaller device screen size.
What users can and can't do using the API An API is available for users to access some of our features. We have clients doing this, but the majority of our users access our platform.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Organisations customise their Curatr LXP instance during set up. Branding, images, colours, settings, reporting etc. can all be customised by the organisation.

Organisations use the software to create their own courses - this is done by the organisation's administrators, with support from our Customer Success Manager as required.

Further customisations are available to 'Pro' customers, including custom homepage, SSO, their own analytics tool, a bespoke recommendation engine.


Independence of resources All systems are monitored and have the ability to autoscale services based on demand.


Service usage metrics Yes
Metrics types Total users numbers (based on a limit per organisation)
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Organisations are able to export their data via CSV, individual users can use the Open Badge functionality to export their progress via an open standard format.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability HT2 guarantees that the Service will be available to the Partner for not less than 99.5% of each calendar month (where a calendar month is considered to be 730 hours), excluding known maintenance windows and scheduled downtime. Where the service must be taken offline for maintenance, HT2 will endeavour to give the Partner at least five working days notice. In certain circumstances, such as in the event of a security concern, it may be necessary to take the service offline at less notice. Where possible, maintenance will be performed outside of core business hours, either at evenings or weekends. Service downtime during these windows will always be kept to an absolute minimum; typical maintenance windows last around 15 minutes. HT2 will notify the Partners named representative of all maintenance windows and schedules.
Approach to resilience At every stage all services are built with redundancy in mind. Whether it be load balancing application servers, or replica/slave database setups. We also ensure that where we have multiple instances of hardware for failover that they exist across different physical zones.
Outage reporting We contact clients via email, to either the business lead client side, or a listed contact for emergency outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Our stance is one of ‘least privileges’ with personnel being granted only the minimum data access required to perform their role on a given task. These processes govern our operating processes, from the physical security of the buildings in which we work, to the security practices we follow in writing and deploying applications.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 02/09/2013 (first), 08/04/2019 (latest re-issue)
What the ISO/IEC 27001 doesn’t cover S9.4.4 Use of Privileged utility programs
We do not use Privileged utility programs that might be capable of overriding system and application controls as such there is no process in place to restrict or control such system.

s10.1.1 and s10.1.1 We apply encryption externally according to the needs of our customers. However it is felt inappropriate to do the same internally as the ability to use data is central to many of the tasks we undertake internally.

s11.1 Data is stored on our third party cloud providers with extensive security provisions in place. As a result of this and a policy of not storing special personally identifiable information locally on clients our offices do not have a physical security perimeter other than lockable, controlled entrance.

s14.2.7 Supervision of outsourced system development - this is not considered required since we do not outsource such development.

s14.3.1 - Test data selection. Our clients select test data to test system integration and setup. As a result we do not have a policy around test data selection.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Privacy Shield

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of our ISO27001 we defined our Information Security Management systems policy which is appended to this application. Our Data Security Officer and ISO manager reports directly to the Chairman of the Board of Directors.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The Senior Management Team of HT2 control any potential changes, this is then delegated to a responsible person as a “project manager”.

He or she will conduct a “research background” to determine the feasibility of the changes with regards to:-

Any potential consequences
Integration of the quality management system
The availability of resources
The allocation or reallocation of responsibilities and authorities
Technical Skills

This then forms part of the Management Review together with including within the internal audit schedule.

All code is published through version control and goes through both peer code reviews and then QA
Vulnerability management type Supplier-defined controls
Vulnerability management approach We commission annual penetration testing by NCC Group Trust and develop our solution following OWASP guidelines.
Critical security patches applied as soon as possible as part of managed hosting agreements. Minor patches are applied as part of regular update patterns, which are typically applied once per month.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We manage potential compromises by exception. We get system notifications for unusual traffic etc. from our third party provider. AWS employs an IDS at the perimeter of its network with 24/7 active monitoring. In addition we deploy New Relic monitoring tools at our application layer. This is monitored by HT2 staff.

We monitor both the servers and the endpoints of all applications. When a failure is found a case is automatically generated and the appropriate team members are alerted. Depending on the severity of the situation this is escalated and work would begin to rectify the problem.
Incident management type Supplier-defined controls
Incident management approach Incidents are defined as part of our Business Continuity and Disaster Recovery Plan that is being tested at least once a year. We further have a Data loss prevention strategy that outlines our approach to a Data incidents. Our Data Security Officer will contact customers of a (potential) data loss. The reports are given in writing via email.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5.25 to £60.00 per user per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑