Virtual College Ltd

Audit Management Service

Our E>nable Audit Management System helps you to manage adherence to your standard operating procedures, policies, risk areas and compliance requirements. The system can be used to create a wide range of audits, for example: Ofsted, Funding, Accountancy, Safeguarding, IPTS, ISO, BRC Global Standard for Food Safety.


  • Staff and organisation records
  • Input and manage standard operating procedures/processes
  • Store audit evidence
  • Ongoing audit management
  • Corrective action planning
  • Audit sampling
  • Audit scheduler
  • Collaborative audit feature
  • Visual reporting


  • Record and log standard operating procedures in a central system
  • Store key audit and management review documents centrally
  • Plan, prioritise and schedule audits and assessments
  • Produce a risk based audit plan and analyse risk
  • Track audit progress to ensure adherence to timescales
  • Log and monitor non-conformance/compliance and track preventative/corrective actions
  • Report compliance information at a site, department or organisation
  • Gain a bird's eye view of all key audit data
  • Improve reputation through compliance with quality and compliance standards
  • Manage supplier compliance


£5940 to £21000 per unit per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Virtual College Ltd

Patrick Hebbert

01943 605976

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Our solution is highly configurable to customer requirements and there are no significant service constraints. If you wish to discuss your requirements with us any further, please call on 01943 605 976 or email
System requirements
  • Windows Vista to Windows 7 and above
  • OSx Snow Leopard 10.6 + to OSx Yosemite 10.10 +
  • IOS 8.3 and above to to iOS 9 and above
  • Android Lollipop, Marshmallow and Nougat
  • Internet Explorer (IE) 11 and above
  • Google Chrome latest version
  • Mozilla Firefox latest version
  • Microsoft Edge
  • Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Full email support is available to all our users, including system administrators and individual users. This service is available from 8.30am to 5.30pm, Monday to Friday, via our help and support team. In addition we have an out of hours service; where urgent e-mail enquiries are checked, allocated and responded to and calls are answered within out service level agreements. Our response standards are within two hours of receipt or next working day if received outside working hours. 80% of all support emails are answered within 2 hours and 95% of emails are resolved without the use of further correspondence.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AAA
Web chat accessibility testing None.
Onsite support Onsite support
Support levels Your Virtual College Account Manager is the long term manager of the contract and is the dedicated contact for all support and help throughout the period covered by the contract. You will have access to your account manager via email and phone, including a mobile phone number for your account manager.

In addition, we offer extensive scheduled account manager communication and support. This includes the opportunity for monthly catch-up calls, project plan meetings, 6- and 9-month reviews along with e-Champions training.

Account Managers are also responsible for coordinating responses to incidents and issues on behalf of our customers, and keep them informed of how they are progressing. Issues can be escalated to the Technical Team and are dealt with in relation to their severity.

Account Managers endeavour to acknowledge all email requests within 1 working day.

In addition the Account Manager is backed by a dedicated support team who can be contacted by phone or by email. Email queries are monitored hourly so that questions or issues raised will be acted upon quickly and efficiently, and communication on progress will be timely and effective.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Virtual College provides on-boarding and project management services aimed at supporting customers in the effective roll out of our systems. These services are very much dependent on individual customer requirements, such as the project scale and level of configuration required.

The principles that underpin our approach to project implementation and on boarding are:
Collaboration and partnership – work with customers in a spirit of partnership
Creativity and innovation – provide our customers with creative and innovative solutions
Experience – provide our customers with a very experienced team of individuals

A typical on-boarding process includes:
Scoping – establishing what the customer is trying to achieve through their chosen solution
System hierarchy and levels of access
Service initialisation and establishment of connectivity
Application of customer branding and customisation of look and feel
Set up of customer-specific settings
Administrator training
Upload of SCORM compliant content
Creation of learners
Deployment of the live LMS service
Post go live support
Evaluation and feedback
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction When a contract ends we ensure customers are able to fully extract the data they need.

Initially we would inform them they have a certain amount of time to extract their data themselves should they wish. System administrators have access to all user data held in the system and can extract by their preferred method. They are also able to run any number of system reports and export these from the LMS as a comprehensive record of all system data.

If the files are too large for them to extract we will offer to do this on their behalf. Upon extracting the data will send it to them via an encrypted memory pen. This data would usually be extracted in the form of a series of system reports that provide the customer with all the user data they require.
End-of-contract process If a customer requests to leave our service, we commit to providing a simple and efficient exit process to enable customers to end their service with us and where appropriate, move learners and their respective records to a different supplier and/or retrieve their data.

On receipt of confirmation that a customer will be leaving us, we will send them Off-Boarding correspondence via email. This will confirm the products that the customer has chosen not to renew, the date that access will cease, the steps taken in Off-Boarding a customer, and the contact details of a named individual within Virtual College, should they have any questions.

We do not charge customers for any costs associated with our standard off-boarding procedure.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our system is optimised to function on mobile web browsers. We regularly test our LMS interface on these devices and operating systems, and any new functionality that is added to the system is thoroughly tested on all supported form factors / devices, operating systems and browsers.

To guarantee a fully device-adaptive user experience, the program interface will change depending on to fit the device that is used to access it. This allows it to adapt to smart phones, tablets and other devices.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our platform is regularly tested access tested by an the Shaw Trust concerning users with the following disabilities:
Blind users
Low vision users
Mobility impaired
Cognitive impairments
User's who need assistive technologies - such as screen readers
Both the learning management system and the content were tested. Shaw Trust remarked that both had a better accessibility standard than most and had some recommendations on how we could improve further.

Shaw Trust came up with a number of recommendations, such as greater keyboard access, changes to colour contrast and visual focus, changes to how users zoom in and out of text and greater compatibility with screen readers. We are currently working to include all these recommendations in to the system, so it offers the best possible experience to disabled users.
What users can and can't do using the API We are committed to making our systems as flexible as possible; creating software solutions that improve workflow and online training requirements.

Our LMS (Learning Management System) is able to supply advanced data integration features. These features allow data to be transferred between the LMS and other systems, such as Human Resources systems.

For LMS customers requiring this service, we supply a RESTful API for our customers to connect to and exchange data between systems. This API includes functionality to retrieve all or part of any learner data, for creating purchases for an external shop, retrieving a list of modules and then a series of user functions to create users etc. We can add to this relatively easily for new customers and this list will grow as we add more functionality in the coming months.. The data can be consumed and processed by a third-party system in any manner desired. The API also supports the creating, editing and archiving of users.
In terms of how the API is used this would depend on how the customer wants the LMS to link to their system. We are flexible in our approach and would look to fully facilitate customer needs.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Branding - System colours and logo can be changed to replicate an organisations look.

Groups - The system has a groups feature which allows administrators to create separately branded pages. These can be created and branched to replicate an organisations structure.

Content Creation - This feature allows administrators to create and configure a range of different elements. This includes uploading content and putting it together in to an e-learning module, creating assessments and certifications as well as job roles and records of learning completed outside the system.

Reports - the system has a reporting suite of thirteen different reports . These can be customised by filters or adding/removing fields.

Optional fields - Administrators are able to turn on additional fields of information, which will appear when users register. This gives them ability to capture more user information.

Customisable dashboards - The administrators dashboard can be edited to include graphical reports.

Adaptable course calendar - The course calendar that appear on the main dashboard is configured to record upcoming training events for that user.

Help and support page - This page can also be customised so users can add their own help and support resources.


Independence of resources We load test our service using a number of software tools which emulate a large number of active clients on the system. We are aiming towards the system being able to host 10,000 concurrent users. Each customer using the LMS is set up on their own domain. These domains are separated, so no users in one domain may affect another domain. Multi-domain access is restricted to the admin panel, which only certain members of the Technical Team have access to.


Service usage metrics Yes
Metrics types System Administrators are able to view service metrics by a variety of means. They can view user records which contain their system data and can further drill down in to individual pieces of data, such as courses, to view these in greater detail.

The system also has a reporting suite which features 13 customisable reports. These report on a number of elements such as system usage, course data, evaluation data etc. These are presented in a tabular format and provide a comprehensive view of all elements of service usage.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Physical access controls complying with ISO 27001
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users are able to export data system data, such as notes and reports by clicking the 'Export' button on-screen. They have the option to export them in a variety of different formats.

In terms of exporting personal data this task would need to be performed by our Business Administration team.
Data export formats
  • CSV
  • Other
Other data export formats
  • .XLS
  • .JSON
  • PDF
  • Rich Text
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • PDF
  • .word
  • .mp4
  • .avi

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks TLS (Version 1.0 and above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We have an internal technical team that manages and solves any day to day technical issues with the systems we operate. They are also responsible for implementing technical developments and new features. The core of this team is available from 8.30am to 5.30pm, Monday to Friday.

In addition we have an out-of-hours agreement with key technical staff members that provide out of hours technical support in the event of infrastructure issues. The monitoring software on our hosted systems alerts all key staff to any problems or issues. We also have 4-hour hardware service agreements with both DELL and Com-Com. Because we take our service and security responsibilities extremely seriously, our current system availability statistics show that we have achieved 99.9% system availability over the last year.
Approach to resilience This information is available on request.
Outage reporting Any potential outage would be reported by sending out a notification in the system to warn LMS users. These notifications would pop up on the user's dashboard and be stored among their notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels When using the system a user needs to be either set up as an LMS Administrator, or be allocated an Admin Role (with defined permissions) to access the management interface. These user types are controlled by System Administrators who select which users they will apply to.

In terms of support channels all users can access the Learner Support team with any queries by phone, email or live chat. We also offer a full account management service, backed by a business support team, access to whom is restricted to an organisations administrators.
Access restriction testing frequency At least once a year
Management access authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our organisation depends on the security of its information assets. Confidentiality is key to this security. As we require all staff to recognise their responsibilities with regards to information security Virtual College is proactive in providing information, training and supervision. This ensures that all those associated with the organisation have the confidence to recognise the key aspects of information security and their relevance. Key aspects include: -
Information assets
Personnel security
Physical security
Virtual College IT Infrastructure team
Our Data Protection and Confidentiality policy applies to all information, whether electronic and / or paper based, and covers all business locations.
Information security policies and processes Virtual College recognises that the on-going success of the organisation depends on the security of its information assets. Confidentiality is key to this security. As we require all staff to recognise their responsibilities with regards to information security Virtual College is proactive in providing information, training and supervision. This approach ensures that all those associated with the organisation have the confidence to recognise the key aspects of information security and the relevance of these aspects to their individual role/s. The key aspects have been identified as: -

Information assets
Personnel security
Physical security
Virtual College IT Infrastructure team

Our information security policy applies to all information, whether electronic and / or paper based, and covers all business locations.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach For our code base, everything is under strict version control so nothing is lost and everything is backed up. For configuration and content within the LMS, there is also version control to allow administrators to revert any changes and have a history of changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security is paramount within the design of the LMS and rigid design protocols are utilised to reduce the threat of vulnerabilities.

Using Entity Framework and MVC with extensive use of stored procedures to mitigate SQL injection attacks through comprehensive sanitization of input and stored procedure permissions.

We also have regular penetration testing undertaken by British Council and in house. Using tools including Nexpose, ZAP and BurpSuite vulnerabilities are dealt with expediently and added to sprints where necessary to mitigate the risks of cross site scripting, cross site request forgery, click jacking etc.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have monitoring services on the server to alert our IT staff of any potential issue. We then have extensive reporting in the system which logs any potential risk or attack. When a compromise is found, it is looked at according to our SLA. If the risk is high it will be solved within 2-3 hours.
Incident management type Supplier-defined controls
Incident management approach All incidents are reported using Virtual Colleges own mechanism as part of our ISO process. An RCA (Root Cause Analysis) form is filled out and then a detailed report of the issue, how it has been rectified and measures to prevent in the future is created and distributed internally and externally when required. Minor requests will be completed within twenty-four hours. More in-depth requests are assessed on receipt. We then provide a set timeframe in which the request will be completed, communicated via the account managers. Two days’ notice (posted on the login page) will be given of any down-time.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5940 to £21000 per unit per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We are more than happy to offer a trail prior to purchase. The available functionality and availability period of the trial system would be dependent on which features the prospective customer wished to see. We would also be happy to upload a selection of content to demonstrate our e-learning portfolio.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑