New Media Warehouse Ltd T/A Synergy Learning

Totara LMS - Learning Management System (Fully Managed Service)

Moodle and Totara LMS bring the benefits of open source learning to organisations, significantly reducing the cost of your learning management, with advanced functionality for workplace learning. Our platforms support competency management, training delivery, team management, compliance tracking, classroom management and flexible reporting features.

Features

  • Track learning progress and compliance
  • Personal development plans
  • Manage team development
  • Encourages and fosters knowledge sharing (social learning)
  • Delivery of effective eLearning
  • HR/ERP/CRM integration
  • Organisation and position frameworks
  • Performance management, appraisals and 360 feedback tools
  • Accessible anywhere, any time, from any device
  • Sophisticated reporting

Benefits

  • Map learning to individual jobs, management, departments, teams and groups
  • Access instructor led training, self-paced eLearning and virtual training
  • Deliver training and content to users on any device
  • Integration and interoperability with other platforms
  • Content authoring and management capabilities with both content and activities
  • Create assessments from question banks, track scores and completion rates
  • Determine compliance criteria and maintain clear and accurate audit trails
  • Maintain current and historical records of active and completed learning
  • Support informal and social learning, allowing employees to share knowledge
  • Complete picture of usage, progress and achievement across your business

Pricing

£6300 per unit per year

  • Free trial available

Service documents

G-Cloud 9

329389713814367

New Media Warehouse Ltd T/A Synergy Learning

Jonathan McAlister

+44 (0) 28 9042 2000

jonathan.mcalister@synergy-learning.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Preference is for deployment on LAMP environments. Synergy Learning provide a fully managed service on this stack.
System requirements
  • Internet Explorer 9+
  • Recent versions of other browsers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Average resolution time of 50 minutes, first response within 30 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Synergy Learning provides second line support to a dedicated team of Moodle/Totara administrators/support staff with fixed or unlimited hour options available.

The provision of ongoing support includes the capturing of all feedback and calls logged with Synergy Learning in our helpdesk. Nominated users with access to the helpdesk will have access to all tickets, from all users, and will be able to view their status, change the priority, respond to any query and monitor the total time used.

For application support the severity of the issues or problems submitted determines the time and method of our response (email or by phone).

Fixed hour contracts range from £999-2,499 with unlimited support available for £3,499. All costs exc VAT

An account manager is assigned to each customer with a technical account manager provided where applicable. Cloud support engineers are available as part of the application support provided.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We begin each implementation of our service with a series of onsite/remote consultancy days and training.

This ensures all required users are trained in the appropriate areas and the site is configured correctly.

In addition to have an implementation consultant and trainer, online documentation with self-service guides are available.

Administrators of the platforms will also have access to our application support helpdesk via email and/or phone.

Where additional training is required this can be provided onsite or remotely in short sessions, covering specific use cases that are unique to your requirements and workflows.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the conclusion of the hosting and support period, if the contract is not extended, the client can request all of their files and data to be provided as a migration to another platform/provider. Synergy Learning provides;

* Database dump
* Archived folder for Moodle files
* Archived folder of uploaded data and files
* Removal of all data once confirmation received that all files have been received

We also recommend and support you in creating specific reports that extract user records with the report builder, delivering data in a spreadsheet format, in addition to the entire site data backup.
End-of-contract process We provide the download of your site data, if under 5GB, as part of the contract. For any sites above 5GB a small charge will be applied to download your data locally, adding this to a portable storage device and securely sending this via courier.

For any transfers of sites via RSYNC an additional cost would be applicable for any additional time or transfers requested if this was required as part of a migration.

The daily rate for server engineers would be applicable to this.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is no difference in the mobile and desktop service. All features are available on mobile. The learning platforms are responsive in their design, ensuring the content responds accordingly based on the size of the screen the user is accessing the site on.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our goal is to be fully accessible and usable for all users regardless of ability.

Core developers of our web platforms spend a lot of time making sure new developments are accessible. Part of the process when building new code is to follow established best practices and part of the process for accepting new code into the platform is to test pages carefully and gather feedback from experts and end-users.

Our platforms are complex systems with many parts with code that is always evolving. Modules can be enabled and disabled. The interface can be heavily customised using themes and thousands of settings. Actual content can be produced by any trainer or any learner.

Accessibility is not a state, it is a process of continuous improvement in response to our users and the wider technical environment.
API Yes
What users can and can't do using the API Web services enable other systems to push and/or pull date from the platforms and perform operations. This simple example will give you an idea of how our web services infrastructure works;

* The client sends a username and password to the web service login script.
* The script returns a token for that user account.
* The client calls a particular web service function on a protocol server including the token .
* The protocol server uses the token to check that the user can call the function.
* The protocol server call the matching external function, located in a externallib.php file inside the relevant module.
* The external function checks that the current user has_capability to do this operation.
* The external function calls the matching Moodle core function (in lib.php usually).
* The core function can return a result to the external function.
* The external function will return a result to the protocol server.
* The protocol server returns the result to the client.

With over 200+ web services available in the core platform and the ability to write your own to extend the platform, the possibilities are limitless.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation As an Open Source platform the core code can be deployed as-is or customised to meet specific needs. This includes, but not limited to:

* New features or functionality
* The interface and user experience (theme)
* Additional web services
* Integration with third-party software
* Addition of community plugins, developed/contributed by others

User can customise either through the application itself (via settings that can be modified via the browser) or through development of their own code/plugins. Where this skillset is not available we can provide this service for you.

Customisations can be provided by other parties or suppliers and would require a review from a security and performance perspective before being applied to your own site.

Scaling

Scaling
Independence of resources We provide both shared cloud and private cloud options for the managed hosting service of our applications.

If using the private cloud there will be resources allocated directly against the customers site and their users, independent of other sites or services that are provided. This ensures no other demands impact the service.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service metrics are provided around the SLA's in the contract. This includes the response and resolution times of support tickets, the uptime/availability of the site, active user count, performance of the server and storage usage/available.

It is a fully managed service but additional metrics can be provided on request if they are readily available to provide.
Reporting types Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Moodle and Totara LMS/Social

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data in spreadsheet format, PDF or OpenDocument formats. Reports can be built to create these exports.

Course data can also be backed up and migrated to a similar system using the backup/export tool. This is saved as a MBZ compressed file. Unique to the learning platform application.

This can be managed without any input from the supplier.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Excel
  • Aiken (text)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Synergy Learning endeavours to provide the most reliable network infrastructure possible to its Customers. Provided the Customer has complied with its obligations under the hosting Agreement, Synergy Learning guarantees that the network is available 99.95% of the time, excluding: a) scheduled maintenance b) circumstances beyond the Supplier's reasonable control, including, but not limited to: DoS or other network attacks, upstream or 3rd party network outages, war, fire, flood, sabotage, labour disturbance, acts of government and c) breaking this Agreement or the Supplier's Acceptable Use Policy, available within the terms and conditions.

Where levels are not met, users can follow the guidelines in the contract to request a refund or cancel the service should they wish
Approach to resilience Multiple physical servers are in operation with a healthy amount of RAM installed. The servers use multiple Intel Quad core processors and run the XenServer Hypervisor. The servers have multiple physical NICs, which are actively in use providing a resilient path to the storage area network, public accessible network and the management network. The servers are configured to be in a XenServer pool with High Availability enabled in load-balanced environment. The platform also sits beneath the Synergy Learning perimeter firewalls. These are Cisco ASA firewalls in an Active/Active configuration with stateful failover.

Further information is available on request.
Outage reporting As per the SLA we will notify clients by email of any outage of prolonged length advising of a guided resolution time along with details of the issue.

Following any outages we follow up via email with a detailed outline of the cause, steps taken to resolve and any future actions advised to ensure this does not occur again.

An account manager will also be in contact for any prolonged issues by email and/or phone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the site is controlled by the role you are assigned, at various contexts that have a set of permissions which control what you can and/or cannot do.

Other restrictions can be put in place by management, organisational or position hierarchy within the application where configured correctly, ensuring users only have access to the information that is appropriate.

For support channels we limit the users who can access this resource by requesting names and email addresses of authorised users on contract initiation.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations ISO27001 security accreditation held by the data centers used

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Our datacenter and transit provider has ISO27001 security accreditation and we provide Cloud solutions to public sector organisations including high profile security conscious projects to Judicial Institute and Legal Aid Agency. Our platform falls within IL1/2.

We have documented processes and procedures for all items related to security that all required staff are aware of and follow.
Information security policies and processes All data will be held within our secure hosting infrastructure and Synergy Learning are registered data handlers under the Data Protection Act 1998 (registered number: Z2723604). By following our polices and internal procedures, both formal and informal, we ensure we meet the required regulatory compliance, this includes regular review of our policies and procedures.

All items from our IT Information Security Policy are covered in the training of new staff, particular those who would have access to the servers and data. This includes IT Department Responsibilities, Users’ Responsibilities, Software Security Measures, Anti-Virus Security Measures, Hardware Security Measures, Access Security, Data Protection, Internet and Email Use, Reporting IT Security Breaches, Workflows and Implementation of Policy.

All staff report directly to the Head of Technical Services and person responsible for security in the matter of any breaches or concerns.

Whilst no guidelines are currently formally met we intend to formalise policies and procedures in the near future. Informal procedures have been agreed and communicated internally with nominated staff should this incident occur in the meantime.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A copy of the code-base will be held in the central version control solution (GIT) managed by our development team. All code changes to the solution’s code base are recorded in this repository.

A staff member will be nominated as Release Manager for all software updates to the different logical environments for the solution.
• Compilation of file update packages to each environment
• Co-ordinating testing with the customer
• Creation of release notes indicating functionality and/or faults resolved in the release.
• Tracking of software updates
• Co-ordinating software releases to the production environment
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use the most recent, and security supported, version of Operating System and platform code to run our applications. Long Term Support (LTS) versions are installed and in operation where possible, with weekly updates and patching of the services occurring every Wednesday.

For any threats we assess these with the required team and owners and determine what action is required and the prioritisation of any actions.

We collect information from trusted sources, partner sites and official product/service sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We monitor our systems for potential security risks or breaches. A number of tasks are carried out on a daily basis by our networks team with proactive monitoring in place. For system monitoring the default services which are monitored 24/7 are: Server Alive, HTTP/HTTPS, SSH, Disk Usage, CPU, Load Average, Bandwidth and FTP (If applicable).

Staff are aware of our processes and steps in the event of a security incident and these members of staff would be responsible for either direct communication to the client or updating an account manager who will be in close contact with the client immediately.
Incident management type Supplier-defined controls
Incident management approach Where the customer wishes to submit an incident for investigation, a helpdesk is provided by Synergy Learning where tickets are captured in a central location and documented with the client. Tickets can be escalated and all communication is captured within each ticket. A dashboard of all tickets is available as part of our application support and any items escalated appropriately.

Depending on the incident our team will have a pre-defined workflows and information readily available to quickly resolve the incident.

Incident reports, when in breach of SLA or for a prolonged period, are provided as a document to the customer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £6300 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Fully active service, with all functionality, for up to 30-days to review key functionality. No download of data is provided after the trial and is permanently deleted following the end of the trial.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑