Smart Apprentices Ltd

E-portfolio Technology Platform

Smart Assessor is a cloud based eportfolio and progress tracking software eliminating paper portfolios to support learners, employers and training providers gather evidence and be assessed towards their standards and qualifications. By migrating to a digital learning journey users experience increased efficiency, quality, Ofsted compliance within a collaborative learning journey,


  • Dynamic progress dashboard reporting
  • Ofsted Compliance including Off the Job Tracking
  • Assessing against competency, knowledge, skills and behaviours
  • Knowledge Tests
  • Offline Apps
  • Electronic forms and signatures
  • Safeguarding, Prevent Duty and Well-Being
  • Mathematics & English Functional Skills
  • Course Builder to use for any course, standard or qualification
  • Electronic resources for e-learning


  • Cloud-based remote access with offline apps - always available
  • Easy to see learners at risk of not completing
  • Includes Mathematics and English - single place to track everything
  • No paperwork so nothing gets lost or overlooked
  • No last minute panic when Ofsted call at short notice
  • Secure log in’s for learners, employers, assessors and quality assurers
  • Adapt standards and qualifications for different learners
  • Reminders, alerts and dashboards means you never miss anything
  • Environmentally friendly to reduce your carbon footprint
  • 10 years track record with more than 600,000 learners


£35 to £95 per licence per year

  • Free trial available

Service documents

G-Cloud 11


Smart Apprentices Ltd

Danny Taylor


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned maintenance is completed outside of normal hours and advance notice is given for minimal downtime
System requirements Latest browser is preferable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLA response time is within 8 working hours. Current average is 4 working hours.

Technical support is available Monday-Friday 8:30 - 5:30 not including English bank holidays
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Ticket support - free to
E-mail support through a dedicated account manager - free
Phone support for champions through their dedicated account manager - free
Best practice health checks - free
Ask the expert webinars - free
User engagement academy - included in the price model
Training - online free
Training - onsite £650 per day inc travel expenses
Each client account manger has access to a technical account manager for escalations - free
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Smart Apprentices employs a dedicated onboarding project manager. We use an ISO 9001 quality accredited onboarding project template which is configured for each new client. The onboarding project manager leads a multi-disciplined project team in collaboration with our clients.

The onboarding commences with a handover meeting from the business development team to the client team when a dedicated account manager is appointed. The account manager stays with the client for the entire client journey starting at onboarding.

There is a proactive 8-12 week onboarding programme where the Smart Apprentices team ensure the platform is configured to the clients requirements.

, Onsite training, online training, full user guides, free group webinars and client accreditation academy are all available for clients.

*Further training is available as required
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats MS word in editable format
End-of-contract data extraction Full export of learner data is available as an excel/csv export
Summative portfolio exports of evidence is available in HTM: format at any time.
End of contract hosting is also available at an additional annual cost.
End-of-contract process The client can extract their data at no cost at any time until 5 days after the contract expires. Alternatively we can host the e-portfolio within the technology platform to complete existing learners and access completed portfolio's on an annual renewable contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The technology platform is responsive to mobiles with the availability of all features, the app works off line with all of the major features included from the Cloud technology platform functionality
What users can and can't do using the API We have standard API’s for creating/viewing/updating users including learners, assessors and employers. We will also work with clients to support adapting our API’s for specific requirements to make changes.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Default settings can be customised including branding, alerts, risk rating bands, review frequency, custom files, reports. All customisable features are configurable by master administration roles,
Other system defaults can be changed by our support team, including features such as SSRS, advanced reporting, annotation and Smart VlE


Independence of resources We have a team who monitor systems, they identify any emerging performance issues and take appropriate containment and escalation actions in line with our ISO accredited service level agreements.

3 years scalability is factored into all infrastructure plans.

Our hosting partner supports our scale up as required.


Service usage metrics Yes
Metrics types Reporting available monthly on request
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export the portfolios via html files at any point during the contract, Users can click an 'export to excel' option to export their learner and employer data at any point during the contract.

API can be used to push data in to other external systems
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • HTML
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.95% uptime per annum. Pro rata credits provided for not meeting this SLA. Smart Apprentices have never breached this SLA in their 10 year history.
Approach to resilience We use 2 independent Cloud Service Providers (CSPs), Azure Rackspace . The CSPs operate with independent power and networking supplied to their data centres. By choosing an independent supplier for our DR facility, in the event of a significant disaster the second supplier is completely separate reducing the risk of problems with shared service reliance.

When setting up our environments in the CSPs where possible we use the local zone redundancy features to minimise the risk of a local failure. We also have the ability to increase server resources to accommodate unusually high demand that may not have been anticipated.
Outage reporting A public dashboard through our support portal. E-mail alerts to named contacts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels A. Access management is controlled and monitored through policy: ‘03 Access Control Policy.doc’ which addresses the following elements:
User Password Management
Review of User Access Rights
Unattended User Equipment
Use of Network Services
User Authentication for External Connections
Equipment Identification in Networks
Remote Diagnostic and Configuration Port Protection
Segregation in Networks
Network Connection & Routing Control
System Utilities
Session Time-Out
Sensitive System Isolation
Correct Processing in Applications – Input Data Validation, Control of Internal Processing, Output Data Validation
Security of System Files – Control of Operational Software, Protection of System Test Data, Access Control to Program Source Code
Physical Access
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACS Registrars Limited
ISO/IEC 27001 accreditation date July 2016
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001 and IS)9001 accredited. It is our policy to:
* Protect all our information assets against loss of confidentiality, integrity or availability.
* Mitigate the risks associated with the theft, loss, misuse, damage or abuse of these assets.
* Ensure that information users are aware of and comply with all current and relevant information security regulations and legislation.
* Provide a safe and secure information system working environment for staff and any other authorised users.
* Make certain that all authorised users understand and comply with this policy and supporting policies and procedures
* Protect the organisation from liability or damage through the misuse of its information.
* Ensure that all users understand their own responsibilities for protecting the confidentiality and integrity of the information they handle.

Our ISO Management Representative reports to the Board and is a Senior Manager reporting directly to the CEO. Appropriate information security awareness training is delivered to staff members at induction and every 8 months. Internal audits are performed on an audit schedule, sampling activities to identify if and where policies may not be being followed so that corrective action can be taken.

The company is supported by an external ISO accredited auditor.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Within our ISO27001 we define configuration and change management Policies, Processes and Procedures which cover all hardware and software that combine to be the production systems.

All changes are checked against an appropriate quality criteria, quality checks are independent to the team implementing the change and the release is approved across multiple disciplined teams with a single person. change agent, taking ownership of the implementation of the change.

No change can be both approved and implemented by a single person
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Within our ISO27001 we define vulnerability management Policies, Processes and Procedures this includes daily monitoring of sources for for new security threats.

Emerging security threats are logged and risk assessed. Where a recognised security threat exists appropriate resolutions are implemented within 48 hours and the changes deployed through our change management processes.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Within our ISO27001 we have a Monitoring Policy and supporting processes and procedures, within these we describe Protective Monitoring and Performance/Capacity Management Monitoring.

Protective Monitoring is achieved through a combination of systems including user event logging within our technology platforms, web server error logs, AV events on systems, OS events on systems, Firewall event logs and WAF security events.

Systems are monitorede by our Team in real time and incidents logged within our information security reports..

Potential incidents are dealt with immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Within our ISO27001 is our Security Incidents Policy defining how we deal with incidents. All staff are expected to report suspicious activity to the CTO. Users can report to our help desk or account manager.

Suspected incidents are investigated as highest priority and is managed through incident management, where the incident relates to customers (such as availability, integrity or confidentiality of services and data) then customer account managers are briefed about the risk, impact ad resolution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £35 to £95 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We have a training site which potential clients can access for up to 2 weeks trial at no cost, Any transactional data will not be saved after 14 days.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑