SkillSet Limited

Moodle learning management system

Moodle is a complete learning management system, providing elearning, classroom and offline learning features in a single, open source package. SkillSet provides hosting and support services, as well as configuration and customisation of the base platform. Areas of customisation include branding, reporting, custom plug-ins and integration to other software platforms.


  • Fully customisable look and feel using responsive design
  • SCORM 1.2 certified
  • Supports eLearning, classroom, video and other learning formats
  • Customisable reports
  • Advanced quizzing and assessment creation
  • Data segregation by user defined roles
  • Creation of learning paths, including mandatory and locked content
  • Unlimited user accounts
  • Communicate with learners across a variety of channels and devices
  • Support options, including 24*7*365 telephone access


  • Hosts SCORM content from multiple suppliers
  • Responsive design formats content to suit the learner's device
  • Tracks a wide range of learning objects from one interface
  • Extracts the exact data you need for tracking learner progress
  • Assess abilities and gain useful feedback on course content
  • Users only see content specific to their role
  • Administrators can ensure that compliance training is complete
  • Open source allows us to customise to meet your needs
  • Simple to administer
  • Comprehensive training can be provided


£3500 per instance per year

Service documents

G-Cloud 9


SkillSet Limited

Paul Deed

01252 856512

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Google Chrome 30.0 and above
  • Mozilla Firefox 25.0 and above
  • Apple Safari 6.0 and above
  • Microsoft Internet Explorer 9.0 and above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 0 Response within one hour of customer’s initial contact requesting services;

Restoration within 2 hours of above Response;

Resolution within 48 hours of above Restoration.

Priority 1 Response within one hour of customer’s initial contact requesting services;

Restoration within 4 hours of above Response;

Resolution within 48 hours of above Restoration.

Priority 2/3 Response within 2 working days of customer’s initial contact requesting services;

Resolution within:
• Next quarterly maintenance release if reported at least 40 days before the scheduled release
• Next but one quarterly maintenance release if reported within 40 days of the next scheduled release
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Our support service is manned during UK office hours and can be contacted through email, telephone or by raising a ticket on the Freshdesk system directly.
Extended support hours can be tailored to your particular needs, including 24*7*365 direct telephone access, upon request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For administrators of the system we provide training materials and support. For end-users the system is intuitive and able to be used without training.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats ELearning, created in StoryLine (HTML)
End-of-contract data extraction Users' data is primarily in the form of learning records. Depending upon configuration, users can receive certificates or badges to confirm completion of courses and so will have an ongoing record of their activity.
End-of-contract process We would, if requested, make a backup of the site available to you at the end of the contract for you to store and keep - we will also place a backup of the site into long-term archival using Amazon Glacier, or similar to ensure that we could re-instate the site at a later date if required.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The themes used for Moodle are all responsive and so will display the site accordingly.
Accessibility standards WCAG 2.0 AAA
Accessibility testing This is not something that we have done directly, however the Moodle community has and customers often run their own testing in line with their needs.
What users can and can't do using the API
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users can hide elements of the user interface and customise the appearance. They can also change the colour scheme to, for example, select a high-contrast view if they are visually impaired.


Independence of resources Moodle is a single-tenant application and so will run on dedicated VMs for each customer. These can be load balanced and auto-scaled if the customer's workloads are forecast to be variable and require it.


Service usage metrics Yes
Metrics types We can build reports to show a range of usage metrics covering logins, user activity, time spent on the site etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach We use AWS for hosting and take advantage of their ability to encrypt data at rest, including backups for all elements of the service provided.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users' data is primarily in the form of learning records. Depending upon configuration, users can receive certificates or badges to confirm completion of courses and so will have an ongoing record of their activity.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Any format can be allowed.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks The network in which the servers/services are running is only accessibly by named individuals and requires MFA to access it. In addition, all data is encrypted both at rest and in transit.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We use the AWS Cloud Services for its resilience and capacity. AWS commits to a Monthly Uptime Percentage (defined below) of at least 99.95%. We have never had any unscheduled downtime using this platform.

We offer varying levels of support from business hours of 8am-6pm Monday-Friday, and for some customers we offer 24 hour support for business critical systems: this allows access to a member of our support staff at all times.
Approach to resilience All servers providing the service are placed into multiple availability zones that are physically isolated and independent of one another. End-user access is through a load-balancer with health checks and auto-scaling of the underlying instances to ensure continuous monitoring and availability.
Outage reporting Monitoring is at 1 minute intervals and exceptions are raised through alerts that generate email and text message warnings.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Users can be authenticated in a number of different ways depending upon the customer requirements - these include simple username and password, MFA, integration with other identitiy providers.
Access restriction testing frequency At least every 6 months
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date November 11 2016
What the ISO/IEC 27001 doesn’t cover SkillSet's offices - the certificate covers the AWS services on which the solution is built.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance accreditation No
Security governance approach Security is reviewed as part of monthly management meetings.
We are ISO9001:2008 accredited and the data centre we use is ISO 27001 accredited. We are in the process of gaining ISO 27001 as an organisation.
Information security policies and processes As defined/required by customers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All source code is held in Git or Subversion and part of a continuous integration build pipeline. Changes can be raised by customers following our CR process and will be impacted for customer approval. Because each customer is on their own instance, we can make customer-specific changes without impacting other customers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security standards and vulnerability definitions that are regularly updated by AWS security researchers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security standards and vulnerability definitions that are regularly updated by AWS security researchers.
Incident management type Supplier-defined controls
Incident management approach We use Freshdesk's ITIL-aligned service desk software to manage incidents and problems as well as produce a knowledge-base for customer reference.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3500 per instance per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑