Our E>nable Audit Management System helps you to manage adherence to your standard operating procedures, policies, risk areas and compliance requirements. The system can be used to create a wide range of audits, for example: Ofsted, Funding, Accountancy, Safeguarding, IPTS, ISO, BRC Global Standard for Food Safety.
- Staff and organisation records
- Input and manage standard operating procedures/processes
- Store audit evidence
- Ongoing audit management
- Corrective action planning
- Audit sampling
- Audit scheduler
- Collaborative audit feature
- Visual reporting
- Record and log standard operating procedures in a central system
- Store key audit and management review documents centrally
- Plan, prioritise and schedule audits and assessments
- Produce a risk based audit plan and analyse risk
- Track audit progress to ensure adherence to timescales
- Log and monitor non-conformance/compliance and track preventative/corrective actions
- Report compliance information at a site, department or organisation
- Gain a bird's eye view of all key audit data
- Improve reputation through compliance with quality and compliance standards
- Manage supplier compliance
£5940 to £21000 per unit per year
- Education pricing available
- Free trial available
Virtual College Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Our solution is highly configurable to customer requirements and there are no significant service constraints. If you wish to discuss your requirements with us any further, please call on 01943 605 976 or email firstname.lastname@example.org.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Full email support is available to all our users, including system administrators and individual users. This service is available from 8.30am to 5.30pm, Monday to Friday, via our help and support team. In addition we have an out of hours service; where urgent e-mail enquiries are checked, allocated and responded to and calls are answered within out service level agreements. Our response standards are within two hours of receipt or next working day if received outside working hours. 80% of all support emails are answered within 2 hours and 95% of emails are resolved without the use of further correspondence.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.0 AAA|
|Web chat accessibility testing||None.|
|Onsite support||Onsite support|
Your Virtual College Account Manager is the long term manager of the contract and is the dedicated contact for all support and help throughout the period covered by the contract. You will have access to your account manager via email and phone, including a mobile phone number for your account manager.
In addition, we offer extensive scheduled account manager communication and support. This includes the opportunity for monthly catch-up calls, project plan meetings, 6- and 9-month reviews along with e-Champions training.
Account Managers are also responsible for coordinating responses to incidents and issues on behalf of our customers, and keep them informed of how they are progressing. Issues can be escalated to the Technical Team and are dealt with in relation to their severity.
Account Managers endeavour to acknowledge all email requests within 1 working day.
In addition the Account Manager is backed by a dedicated support team who can be contacted by phone or by email. Email queries are monitored hourly so that questions or issues raised will be acted upon quickly and efficiently, and communication on progress will be timely and effective.
|Support available to third parties||Yes|
Onboarding and offboarding
Virtual College provides on-boarding and project management services aimed at supporting customers in the effective roll out of our systems. These services are very much dependent on individual customer requirements, such as the project scale and level of configuration required.
The principles that underpin our approach to project implementation and on boarding are:
Collaboration and partnership – work with customers in a spirit of partnership
Creativity and innovation – provide our customers with creative and innovative solutions
Experience – provide our customers with a very experienced team of individuals
A typical on-boarding process includes:
Scoping – establishing what the customer is trying to achieve through their chosen solution
System hierarchy and levels of access
Service initialisation and establishment of connectivity
Application of customer branding and customisation of look and feel
Set up of customer-specific settings
Upload of SCORM compliant content
Creation of learners
Deployment of the live LMS service
Post go live support
Evaluation and feedback
|End-of-contract data extraction||
When a contract ends we ensure customers are able to fully extract the data they need.
Initially we would inform them they have a certain amount of time to extract their data themselves should they wish. System administrators have access to all user data held in the system and can extract by their preferred method. They are also able to run any number of system reports and export these from the LMS as a comprehensive record of all system data.
If the files are too large for them to extract we will offer to do this on their behalf. Upon extracting the data will send it to them via an encrypted memory pen. This data would usually be extracted in the form of a series of system reports that provide the customer with all the user data they require.
If a customer requests to leave our service, we commit to providing a simple and efficient exit process to enable customers to end their service with us and where appropriate, move learners and their respective records to a different supplier and/or retrieve their data.
On receipt of confirmation that a customer will be leaving us, we will send them Off-Boarding correspondence via email. This will confirm the products that the customer has chosen not to renew, the date that access will cease, the steps taken in Off-Boarding a customer, and the contact details of a named individual within Virtual College, should they have any questions.
We do not charge customers for any costs associated with our standard off-boarding procedure.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Our system is optimised to function on mobile web browsers. We regularly test our LMS interface on these devices and operating systems, and any new functionality that is added to the system is thoroughly tested on all supported form factors / devices, operating systems and browsers.
To guarantee a fully device-adaptive user experience, the program interface will change depending on to fit the device that is used to access it. This allows it to adapt to smart phones, tablets and other devices.
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
Our platform is regularly tested access tested by an the Shaw Trust concerning users with the following disabilities:
Low vision users
User's who need assistive technologies - such as screen readers
Both the learning management system and the content were tested. Shaw Trust remarked that both had a better accessibility standard than most and had some recommendations on how we could improve further.
Shaw Trust came up with a number of recommendations, such as greater keyboard access, changes to colour contrast and visual focus, changes to how users zoom in and out of text and greater compatibility with screen readers. We are currently working to include all these recommendations in to the system, so it offers the best possible experience to disabled users.
|What users can and can't do using the API||
We are committed to making our systems as flexible as possible; creating software solutions that improve workflow and online training requirements.
Our LMS (Learning Management System) is able to supply advanced data integration features. These features allow data to be transferred between the LMS and other systems, such as Human Resources systems.
For LMS customers requiring this service, we supply a RESTful API for our customers to connect to and exchange data between systems. This API includes functionality to retrieve all or part of any learner data, for creating purchases for an external shop, retrieving a list of modules and then a series of user functions to create users etc. We can add to this relatively easily for new customers and this list will grow as we add more functionality in the coming months.. The data can be consumed and processed by a third-party system in any manner desired. The API also supports the creating, editing and archiving of users.
In terms of how the API is used this would depend on how the customer wants the LMS to link to their system. We are flexible in our approach and would look to fully facilitate customer needs.
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||
Branding - System colours and logo can be changed to replicate an organisations look.
Groups - The system has a groups feature which allows administrators to create separately branded pages. These can be created and branched to replicate an organisations structure.
Content Creation - This feature allows administrators to create and configure a range of different elements. This includes uploading content and putting it together in to an e-learning module, creating assessments and certifications as well as job roles and records of learning completed outside the system.
Reports - the system has a reporting suite of thirteen different reports . These can be customised by filters or adding/removing fields.
Optional fields - Administrators are able to turn on additional fields of information, which will appear when users register. This gives them ability to capture more user information.
Customisable dashboards - The administrators dashboard can be edited to include graphical reports.
Adaptable course calendar - The course calendar that appear on the main dashboard is configured to record upcoming training events for that user.
Help and support page - This page can also be customised so users can add their own help and support resources.
|Independence of resources||We load test our service using a number of software tools which emulate a large number of active clients on the system. We are aiming towards the system being able to host 10,000 concurrent users. Each customer using the LMS is set up on their own domain. These domains are separated, so no users in one domain may affect another domain. Multi-domain access is restricted to the admin panel, which only certain members of the Technical Team have access to.|
|Service usage metrics||Yes|
System Administrators are able to view service metrics by a variety of means. They can view user records which contain their system data and can further drill down in to individual pieces of data, such as courses, to view these in greater detail.
The system also has a reporting suite which features 13 customisable reports. These report on a number of elements such as system usage, course data, evaluation data etc. These are presented in a tabular format and provide a comprehensive view of all elements of service usage.
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||Physical access controls complying with ISO 27001|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Users are able to export data system data, such as notes and reports by clicking the 'Export' button on-screen. They have the option to export them in a variety of different formats.
In terms of exporting personal data this task would need to be performed by our Business Administration team.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||TLS (Version 1.0 and above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
We have an internal technical team that manages and solves any day to day technical issues with the systems we operate. They are also responsible for implementing technical developments and new features. The core of this team is available from 8.30am to 5.30pm, Monday to Friday.
In addition we have an out-of-hours agreement with key technical staff members that provide out of hours technical support in the event of infrastructure issues. The monitoring software on our hosted systems alerts all key staff to any problems or issues. We also have 4-hour hardware service agreements with both DELL and Com-Com. Because we take our service and security responsibilities extremely seriously, our current system availability statistics show that we have achieved 99.9% system availability over the last year.
|Approach to resilience||This information is available on request.|
|Outage reporting||Any potential outage would be reported by sending out a notification in the system to warn LMS users. These notifications would pop up on the user's dashboard and be stored among their notifications.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
When using the system a user needs to be either set up as an LMS Administrator, or be allocated an Admin Role (with defined permissions) to access the management interface. These user types are controlled by System Administrators who select which users they will apply to.
In terms of support channels all users can access the Learner Support team with any queries by phone, email or live chat. We also offer a full account management service, backed by a business support team, access to whom is restricted to an organisations administrators.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Our organisation depends on the security of its information assets. Confidentiality is key to this security. As we require all staff to recognise their responsibilities with regards to information security Virtual College is proactive in providing information, training and supervision. This ensures that all those associated with the organisation have the confidence to recognise the key aspects of information security and their relevance. Key aspects include: -
Virtual College IT Infrastructure team
Our Data Protection and Confidentiality policy applies to all information, whether electronic and / or paper based, and covers all business locations.
|Information security policies and processes||
Virtual College recognises that the on-going success of the organisation depends on the security of its information assets. Confidentiality is key to this security. As we require all staff to recognise their responsibilities with regards to information security Virtual College is proactive in providing information, training and supervision. This approach ensures that all those associated with the organisation have the confidence to recognise the key aspects of information security and the relevance of these aspects to their individual role/s. The key aspects have been identified as: -
Virtual College IT Infrastructure team
Our information security policy applies to all information, whether electronic and / or paper based, and covers all business locations.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||For our code base, everything is under strict version control so nothing is lost and everything is backed up. For configuration and content within the LMS, there is also version control to allow administrators to revert any changes and have a history of changes.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Security is paramount within the design of the LMS and rigid design protocols are utilised to reduce the threat of vulnerabilities.
Using Entity Framework and MVC with extensive use of stored procedures to mitigate SQL injection attacks through comprehensive sanitization of input and stored procedure permissions.
We also have regular penetration testing undertaken by British Council and in house. Using tools including Nexpose, ZAP and BurpSuite vulnerabilities are dealt with expediently and added to sprints where necessary to mitigate the risks of cross site scripting, cross site request forgery, click jacking etc.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We have monitoring services on the server to alert our IT staff of any potential issue. We then have extensive reporting in the system which logs any potential risk or attack. When a compromise is found, it is looked at according to our SLA. If the risk is high it will be solved within 2-3 hours.|
|Incident management type||Supplier-defined controls|
|Incident management approach||All incidents are reported using Virtual Colleges own mechanism as part of our ISO process. An RCA (Root Cause Analysis) form is filled out and then a detailed report of the issue, how it has been rectified and measures to prevent in the future is created and distributed internally and externally when required. Minor requests will be completed within twenty-four hours. More in-depth requests are assessed on receipt. We then provide a set timeframe in which the request will be completed, communicated via the account managers. Two days’ notice (posted on the login page) will be given of any down-time.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£5940 to £21000 per unit per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||We are more than happy to offer a trail prior to purchase. The available functionality and availability period of the trial system would be dependent on which features the prospective customer wished to see. We would also be happy to upload a selection of content to demonstrate our e-learning portfolio.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|