Online DSE Training and Risk Assessment. The service includes tools to manage the risk issues. The service can be integrated into an existing Learning Management System if required.
- Online DSE training
- Dynamic Reporting
- Online DSE Risk Assessment
- Risk resolution and management tools
- Fully editable course and assessment
- Integration to an existing platform
- Comprehensive reporting suite
- Accessible from PC, Laptop or mobile devices
- Automated enrolment and re-enrolment
- Automatically enrol staff on DSE training and Risk Assessment
- Enable employees to self resolve issues
- Comprehensive Compliance Dashboard provides an overview of compliance
- Streamline DSE Assessments and prioritise risk issues
- Editable course and assessment provide relevant training to employees
- Full audit trail of all actions performed
£2.00 per person per year
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
|Service constraints||Planned maintenance is quarterly and is carried out outside working hours|
|System requirements||Browser and internet connection|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We aim to respond same business day, or next business day at the latest. Support issues raised over a weekend will be answered next business day.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Users can type questions which are answered by one of our Support staff in real time.|
|Web chat accessibility testing||None|
|Support levels||Support is included in our subscription pricing and all clients receive the same level of support. All clients have a dedicated Business Development Manager and Support person.|
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||We provide online training sessions to on board clients. We run the training over a series of sessions to ensure the user has time to absorb the training and pull together any questions ready for the next training session. We also provide comprehensive user documentation and online support videos.|
|End-of-contract data extraction||The users can either run reports and export the data from there, or we provide an account shut down service to extract all data and provide it to the client.|
|End-of-contract process||At the end of the contract the client is able to extract their data and the account is closed. Data is then removed from our servers.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None, the software is optimised for use on mobile or desktop.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||Our system works with screen readers such as Read Aloud.|
|What users can and can't do using the API||
We use RestAPI. The service can accept user data from third party software to populate WorkWize (our LMS) and also send training course completion data to a third party web application. Each API request must contain a 'token' parameter which represents the unique key per client. Upon request receipt our server validates the token against incoming IP address and permits or refuses client access.
Important: Client must provide a fixed IP which will be used to communicate with the API.
WorkWize API uses a token to authenticate all API requests.
We require that all requests are done over SSL.
Every string passed to and from the API needs to be UTF-8 encoded.
We can also use an API to integrate the risk assessment process into another LMS, feeding back all risk issues to the WorkWize LMS seamlessly.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
Buyers can edit and amend the content of both the course and the Risk Assessment.
The WorkWize LMS has an editing tool integrated into the platform to allow administrators of the system to edit the course.
Only administrators with the required login privileges are able to edit the course. Clients can decide which administrators are provided with these access privileges.
|Independence of resources||We regularly review our network usage statistics of our production environment to make sure bandwidth and traffic allowances are provided to guarantee network capacity. We employ server monitoring software to notify us of any issues.|
|Service usage metrics||Yes|
|Metrics types||Reports are available within the system to review usage in real time. Usage of the system is training and risk assessments completions by end users and risk issue resolution by administrators.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Customers can download various reports in CSV format from within the WorkWize LMS. User and course completion data can also be accessed through our REST API.|
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
|Guaranteed availability||99.99% assured by contractual commitment|
|Approach to resilience||Our core production infrastructure is managed by Rackspace. The Rackspace Data Centre is ISAE 3402 Type II SOC 1 Audited. Further details are available on request.|
|Outage reporting||We use third-party software to monitor the health of our servers and to notify us of any disruption in service. In addition, we have deployed various e-mail alerts to notify engineers if any critical WorkWize services fail. WorkWize also provides extensive logging of all user activity within the system.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We also support SAML-enabled SSO types including Shibboleth, ADFS, AAD and PingIdentity. In addition we also provide LDAP SSO integration.|
|Access restrictions in management interfaces and support channels||Access is restricted by IP address as well as username/password.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Government Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Our Information Security (IS) standards and procedures are based on the ISO 27000-series.|
|Information security policies and processes||
Our security policies have been developed in-house and are based on the ISO 27000-series. The IS policies and standards are reviewed continuously and updated, with COO approval, as required. There is a formal review and approval by the COO at least annually.
Staff must acknowledge the Information Security policy before being granted access to systems.
Employees also undertake comprehensive workplace, IT and HR training courses - compliance is monitored on an on-going basis.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We employ appropriate software version control systems which ensure that every change to our system is fully recorded and documented. Furthermore every change or feature request is documented in our project management software so it can be traced.
We always carefully assess any impact of operating platforms on our products.
As per our managed services contract with Rackspace patching and security updates to our core infrastructure are managed by Rackspace with exclusions where applicable.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We regularly undertake penetration tests using industry standard tools e.g. Qualys. We have also engaged an independent third-party (Espion) to conduct more comprehensive penetration tests and security assessments. We perform an annual penetration test using Espion and act on their recommendations.
Security patches etc. relating to our core infrastructure is managed by Rackspace who react immediately to any vulnerabilities as per our managed services agreement.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We continuously monitor system logs and receive alerts should any issues arise. All significant changes to customer data is logged including the identity of whoever made the change. These logs are stored remotely with access restricted to authorised staff.
All suspected incidents are reported to the COO.
Training on managing security incidents is included in staff security training.
|Incident management type||Supplier-defined controls|
|Incident management approach||Incident management is the responsibility of our COO who nominates relevant employees with IS duties. All suspected incidents are reported to the COO and the COO is responsible for further action taken, including external reporting to clients and appropriate authorities, when incidents are confirmed.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£2.00 per person per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||EssentialSkillz offer access to our courses through the LMS for trial purposes. This does not give access to the full Learning Management System.|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|