E-portfolio Technology Platform
Smart Assessor is a cloud based eportfolio and progress tracking software eliminating paper portfolios to support learners, employers and training providers gather evidence and be assessed towards their standards and qualifications. By migrating to a digital learning journey users experience increased efficiency, quality, Ofsted compliance within a collaborative learning journey,
- Dynamic progress dashboard reporting
- Ofsted Compliance including Off the Job Tracking
- Assessing against competency, knowledge, skills and behaviours
- Knowledge Tests
- Offline Apps
- Electronic forms and signatures
- Safeguarding, Prevent Duty and Well-Being
- Mathematics & English Functional Skills
- Course Builder to use for any course, standard or qualification
- Electronic resources for e-learning
- Cloud-based remote access with offline apps - always available
- Easy to see learners at risk of not completing
- Includes Mathematics and English - single place to track everything
- No paperwork so nothing gets lost or overlooked
- No last minute panic when Ofsted call at short notice
- Secure log in’s for learners, employers, assessors and quality assurers
- Adapt standards and qualifications for different learners
- Reminders, alerts and dashboards means you never miss anything
- Environmentally friendly to reduce your carbon footprint
- 10 years track record with more than 600,000 learners
£35 to £95 per licence per year
- Free trial available
Smart Apprentices Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Planned maintenance is completed outside of normal hours and advance notice is given for minimal downtime|
|System requirements||Latest browser is preferable|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
SLA response time is within 8 working hours. Current average is 4 working hours.
Technical support is available Monday-Friday 8:30 - 5:30 not including English bank holidays
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Ticket support - free to
E-mail support through a dedicated account manager - free
Phone support for champions through their dedicated account manager - free
Best practice health checks - free
Ask the expert webinars - free
User engagement academy - included in the price model
Training - online free
Training - onsite £650 per day inc travel expenses
Each client account manger has access to a technical account manager for escalations - free
|Support available to third parties||Yes|
Onboarding and offboarding
Smart Apprentices employs a dedicated onboarding project manager. We use an ISO 9001 quality accredited onboarding project template which is configured for each new client. The onboarding project manager leads a multi-disciplined project team in collaboration with our clients.
The onboarding commences with a handover meeting from the business development team to the client team when a dedicated account manager is appointed. The account manager stays with the client for the entire client journey starting at onboarding.
There is a proactive 8-12 week onboarding programme where the Smart Apprentices team ensure the platform is configured to the clients requirements.
, Onsite training, online training, full user guides, free group webinars and client accreditation academy are all available for clients.
*Further training is available as required
|Other documentation formats||MS word in editable format|
|End-of-contract data extraction||
Full export of learner data is available as an excel/csv export
Summative portfolio exports of evidence is available in HTM: format at any time.
End of contract hosting is also available at an additional annual cost.
|End-of-contract process||The client can extract their data at no cost at any time until 5 days after the contract expires. Alternatively we can host the e-portfolio within the technology platform to complete existing learners and access completed portfolio's on an annual renewable contract.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The technology platform is responsive to mobiles with the availability of all features, the app works off line with all of the major features included from the Cloud technology platform functionality|
|What users can and can't do using the API||We have standard API’s for creating/viewing/updating users including learners, assessors and employers. We will also work with clients to support adapting our API’s for specific requirements to make changes.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Default settings can be customised including branding, alerts, risk rating bands, review frequency, custom files, reports. All customisable features are configurable by master administration roles,
Other system defaults can be changed by our support team, including features such as SSRS, advanced reporting, annotation and Smart VlE
|Independence of resources||
We have a team who monitor systems, they identify any emerging performance issues and take appropriate containment and escalation actions in line with our ISO accredited service level agreements.
3 years scalability is factored into all infrastructure plans.
Our hosting partner supports our scale up as required.
|Service usage metrics||Yes|
|Metrics types||Reporting available monthly on request|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Users can export the portfolios via html files at any point during the contract, Users can click an 'export to excel' option to export their learner and employer data at any point during the contract.
API can be used to push data in to other external systems
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||99.95% uptime per annum. Pro rata credits provided for not meeting this SLA. Smart Apprentices have never breached this SLA in their 10 year history.|
|Approach to resilience||
We use 2 independent Cloud Service Providers (CSPs), Azure Rackspace . The CSPs operate with independent power and networking supplied to their data centres. By choosing an independent supplier for our DR facility, in the event of a significant disaster the second supplier is completely separate reducing the risk of problems with shared service reliance.
When setting up our environments in the CSPs where possible we use the local zone redundancy features to minimise the risk of a local failure. We also have the ability to increase server resources to accommodate unusually high demand that may not have been anticipated.
|Outage reporting||A public dashboard through our support portal. E-mail alerts to named contacts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
A. Access management is controlled and monitored through policy: ‘03 Access Control Policy.doc’ which addresses the following elements:
User Password Management
Review of User Access Rights
Unattended User Equipment
Use of Network Services
User Authentication for External Connections
Equipment Identification in Networks
Remote Diagnostic and Configuration Port Protection
Segregation in Networks
Network Connection & Routing Control
Sensitive System Isolation
Correct Processing in Applications – Input Data Validation, Control of Internal Processing, Output Data Validation
Security of System Files – Control of Operational Software, Protection of System Test Data, Access Control to Program Source Code
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ACS Registrars Limited|
|ISO/IEC 27001 accreditation date||July 2016|
|What the ISO/IEC 27001 doesn’t cover||Nothing|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
ISO27001 and IS)9001 accredited. It is our policy to:
* Protect all our information assets against loss of confidentiality, integrity or availability.
* Mitigate the risks associated with the theft, loss, misuse, damage or abuse of these assets.
* Ensure that information users are aware of and comply with all current and relevant information security regulations and legislation.
* Provide a safe and secure information system working environment for staff and any other authorised users.
* Make certain that all authorised users understand and comply with this policy and supporting policies and procedures
* Protect the organisation from liability or damage through the misuse of its information.
* Ensure that all users understand their own responsibilities for protecting the confidentiality and integrity of the information they handle.
Our ISO Management Representative reports to the Board and is a Senior Manager reporting directly to the CEO. Appropriate information security awareness training is delivered to staff members at induction and every 8 months. Internal audits are performed on an audit schedule, sampling activities to identify if and where policies may not be being followed so that corrective action can be taken.
The company is supported by an external ISO accredited auditor.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Within our ISO27001 we define configuration and change management Policies, Processes and Procedures which cover all hardware and software that combine to be the production systems.
All changes are checked against an appropriate quality criteria, quality checks are independent to the team implementing the change and the release is approved across multiple disciplined teams with a single person. change agent, taking ownership of the implementation of the change.
No change can be both approved and implemented by a single person
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Within our ISO27001 we define vulnerability management Policies, Processes and Procedures this includes daily monitoring of sources for for new security threats.
Emerging security threats are logged and risk assessed. Where a recognised security threat exists appropriate resolutions are implemented within 48 hours and the changes deployed through our change management processes.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Within our ISO27001 we have a Monitoring Policy and supporting processes and procedures, within these we describe Protective Monitoring and Performance/Capacity Management Monitoring.
Protective Monitoring is achieved through a combination of systems including user event logging within our technology platforms, web server error logs, AV events on systems, OS events on systems, Firewall event logs and WAF security events.
Systems are monitorede by our Team in real time and incidents logged within our information security reports..
Potential incidents are dealt with immediately.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Within our ISO27001 is our Security Incidents Policy defining how we deal with incidents. All staff are expected to report suspicious activity to the CTO. Users can report to our help desk or account manager.
Suspected incidents are investigated as highest priority and is managed through incident management, where the incident relates to customers (such as availability, integrity or confidentiality of services and data) then customer account managers are briefed about the risk, impact ad resolution.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£35 to £95 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||We have a training site which potential clients can access for up to 2 weeks trial at no cost, Any transactional data will not be saved after 14 days.|