QA Ltd

Cloud Academy Cloud Training Platform

Cloud Academy, a QA company, is the leading enterprise digital skills platform. It is a learner-centric platform which empowers you to build your people’s technology skills, at scale and at the speed you need. We accelerate innovation and cloud adoption through guided learning paths, hands-on labs and skill assessments.


  • Content Engine; Skill Assessments; Lab Based Assessments
  • Skill Profiles
  • Reporting and Analytics for Managers
  • Assignable Training Plans/Content; OOTB Role Based Training Plans
  • Role Based Access Control (RBAC) Features and Content
  • Single Sign-On; Multi Factor Authentication; Web and Mobile Access
  • Deep AWS Library; AWS Hands-on Labs
  • Deep Azure Library; Azure Hands-on Labs
  • Deep GCP Library; GCP Hands-on Labs
  • Third Party Content e.g. Aviatrix, Puppet, HashiCorp


  • Covers all the major Cloud vendors
  • Covers key Cloud and DevOps technologies e.g. Cloud Security/Containers/AI/IoT/Machine Learning
  • 10,000+ hours of online learning from our premium training library
  • Objective-driven certification learning paths, proven to build cloud skills
  • Online Hands-on Labs for AWS, Azure and GCP courses
  • Both the theory and hands-on practice to get certified
  • Content specifically designed with scenario-based business cases for medium/large organisations
  • Breadth of learning resources e.g. videos/live hands-on labs/exercises/exam simulations
  • Practice with simulated real-life situations
  • Fine-tune knowledge and skills using our certification prep


£399 to £464 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 5 7 9 9 6 6 6 6 9 9 9 2 6 9


QA Ltd Michelle Chambers
Telephone: 01793 696057

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Users require access to a web browser or the Android/iOS app.
System requirements
  • Apple Safari
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

User support

Email or online ticketing support
Email or online ticketing
Support response times
Users will be able to contact the Cloud Academy platform support team from Monday to Friday through an email/ticket system at and will get a response within 24 hours. Any feedback or questions can also be shared inside the platform for specific content.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
Cloud Academy is committed to providing an exceptional level of service to our users. Support is provided via our dedicated Cloud Academy Customer Success Managers and our support team. Users will be able to contact the Cloud Academy platform support team from Monday to Friday through an email/ticket system at and will get a response within 24 hours. Any feedback or questions can also be shared inside the platform for specific content.
Support available to third parties

Onboarding and offboarding

Getting started
We provide user documentation to help users start using Cloud Academy.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Reports can be exported from the system, detailing users' progress and activity within the Cloud Academy platform.
End-of-contract process
At the end of the contract, users' licences are de-activated and access to the platform is revoked. Data is retained unless otherwise instructed for it to be removed.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
Due to limitations with third party portals, Hands On Labs are not available on mobile devices.
Service interface
Description of service interface
Cloud Academy offers a full Graphical User Interface (GUI) and Enterprise panel for both administrators and end users to access all the platform's functionalities.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have not currently engaged in interface testing with users of assistive technology.
What users can and can't do using the API
Users can create, manage and sync teams and users from a Learning Management System (LMS) to Cloud Academy.

Users can also pull data on the learners' progress and course catalogue from the API.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
All users have access to the Content Engine which allows them to create their own training plans, learning paths, exams, quizzes and hands-on labs from scratch.

They can clone and customise our extensive content to build training material highly relevant to their organisation in a matter of minutes.

They can add content to existing learning paths to precisely train their team on their actual production environment. For example, they can upload content specific to their organisation, such as audio files, PDFs and video.


Independence of resources
Cloud Academy supports some of the largest organisations in the world where tens of thousands of users are actively logged in at any given time. Cloud Academy is hosted on AWS.


Service usage metrics
Metrics types
Learning Activity Metrics:
• Courses - time spent
• Courses completed
• Exams - time spent
• Exams completed
• Quizzes - time spent
• Quizzes completed
• Hands-on Labs - time spent
• Hands-on Labs completed

Skill Profile
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export their data using the reporting functionality.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Cloud Academy offers 98% up-time as an SLA and additional access time for interruptions in availability that collectively result in less than 98% availability during any single month.
Approach to resilience
This information is available on request.
Outage reporting
We have a public dashboard, reporting any outages.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Individuals have unique login IDs and passwords. An access control system will identify each user and prevent unauthorised users from entering or using information resources. All login IDs are audited at least twice yearly and all inactive login usernames are revoked. HR notifies the Security Officer on departure of employees. Users who desire access to company systems or networks must have completed on-boarding practice and have access specifically requested by their line manager.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cloud Academy follows industry best practice and our approach is in line with the ISO 27001 standard and we are working towards certification of this.
Information security policies and processes
Our information security policies and processes are available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The designated Company employee who is updating, implementing, re-configuring, or otherwise changing the system shall carefully log all changes made to the system. Change logging should be automated in any case where it is possible.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
At Cloud Academy, we:
• Identify and document key vulnerabilities
• Determine probability and criticality
• Develop and document implementation strategy
• Implement and evaluate effectiveness
• Conduct patches daily or on an as-needed basis
• Conduct penetration testing annually
• Conduct vulnerability scans monthly
• Conduct monitoring daily.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
It is the responsibility of each Company employee or contractor to report perceived security incidents on a continuous basis.

Reports of security incidents will be escalated as quickly as possible. All reported incidents are logged and the remedial action indicated.

Each incident will be analysed to determine if changes in the existing security structure are necessary.

Security breaches will be promptly investigated. If criminal action is suspected, the Privacy Officer will contact the appropriate law enforcement and investigative authorities immediately.

Full details can be provided on request.
Incident management type
Supplier-defined controls
Incident management approach
Cloud Academy has pre-defined processes for common events.

Users can report incidents by email or phone. They are then issued with a ticket. Notification to individuals/customers who are affected should occur immediately upon discovery.

Incidents are logged, reported and recommendations made where appropriate.

Full details can be provided on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£399 to £464 a user a year
Discount for educational organisations
Free trial available
Description of free trial
Cloud Academy provides a 30-day structured pilot, which consists of unlimited full access to the Cloud Academy platform, content, assessments and analytics for 30 days.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.