IMC (UK) Learning

Learning Management System

Our LMS, the imc Learning Suite, provides functionality to cater for all the needs of a modern enterprises training management and delivery, supporting all processes around eLearning, classroom learning, blended learning, on-the-job / informal learning and social learning.

Features

  • Anytime learning from any web enabled browser device
  • Flexible, scale-able and secure with hosting through MS Azure
  • Supports all aspects of learning. Online, offline, blended, and more
  • Fully configurable, real time reports and analysis functionality
  • Built using responsive design principles for multi device compatibility
  • Support for multiple content types for the delivery of training
  • Open integration framework for interoperability with 3rd party solutions
  • Personalised learning environments based on user roles and type
  • Modular framework to simply add/remove functionality through configuration alone
  • Full compliance and certification workflow management functionality

Benefits

  • Provide learning anytime, anywhere, from all devices
  • Reduces training costs through clearer training planning and management
  • Intuitive, simple interface for quick adoption of the solution
  • Allows to analyse training needs through reporting and feedback tools
  • Quickly roll-out new and updated training activities and content
  • Instant scalability, vertically and horizontally to grow with an organisation
  • Organisation and group management lets model rights and relationships easily
  • Open up new revenue streams by selling training
  • App lets users work anywhere, offline or online, when want
  • Automation of processes reduces need for complex, daily administration

Pricing

£19.00 a user a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 6 3 8 1 7 2 6 4 1 7 0 9 1 5

Contact

IMC (UK) Learning Russell Donders
Telephone: 02080655215
Email: russell.donders@im-c.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
The service is fully managed, with an expected up time at a minimum 99%. This is inclusive for maintenance which would scheduled with the customer beforehand. There would be an expected 2 hours downtime for an upgrade or patch installation, with all communications managed through our support desk and will typically be targeted to be performed out of hours, for minimal service disruption to users.
System requirements
  • Minimum: 512 kbit/s per user internet connection
  • Recommended:100 Mbit/s internet connection
  • 3rd party licence for any specific content provider library
  • 3rd party licence for preferred virtual classroom technology provider

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide 24x7, 3rd level online support with the response times governed by the severity of the support issue, governed and outlined within the SLA's.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our support and maintenance costs includes access to 3rd level support, accessible by phone or email, or by submitting a support ticket using our ticketing system’s Service Desk Portal (powered by JIRA).

There will be a support handover meeting at the end of the implementation project and when the system goes into production. The purpose of this meeting is to introduce the IMC Support account manager, explain the IMC support processes, service level agreements, patch cycles, demonstration of the JIRA ticket system, and discuss escalation paths.

We also provide additional support options with 2nd level support available. 2nd Level Support provides customers with flexible telephone and email support for issues or questions that are not included in the standard 3rd level support and corrective maintenance package. It can be utilised by customer users who are authorised to access IMC third level support. The service can be drawn down in minimum units of 15 minutes. The balance of 2nd level support hours will be reported to customers monthly. 2nd level support packages are an optional service and service packages can be ordered by customers at any time.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As part of the implementation project, core admin training is provided to ensure that the main system admins have a solid understanding of the daily settings and management functions, to help with a smooth transition. Further ad-hoc training is available to wider groups of users that may have specific system use cases, and a member of the consulting team will be available throughout the deployment to manage any questions, issues and provide general guidance.

Our training programs are typically ‘hands-on’ to enable a smooth transfer of knowledge from imc experts to the nominated LMS personnel. Participants will directly be accessing the imc product to learn system logic, theory and practical application in scenarios that match your configured application. All of our training programs are available to be run online, in your organisation or other location of your choosing.

We also have our Customer Success program and portal which hosts All your team will have access to our Customer Success programs at no additional cost, and the LMS comes with a comprehensive user manual that covers all topics relevant for system administrators. Through the support desk, you are also able to search for FAQ’s for known issues.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
A detailed transition out plan can be agreed as part of the project, however IMC is willing and able to support any transition out activities required including (but not limited to);
- Provision of all data (MS SQL) and content held within the system
- Provision of all related documentation and project files built during the project
- Copy of the database model to query the MS SQL database
- Removal of all files from IMC servers and destruction of all data including sanitisation of any disks used to hold such data
- Specific reports and views of data to meet ongoing reporting and compliance requirements
- Consultancy services and engagement to new vendor/provider
End-of-contract process
When exiting a contract with us, we can confirm all data can be extracted and the database will be provided to you, and all data will them be deleted at no additional cost. This would include any created media assets and the database can be returned as whole, or via csv files which can be extracted via the interface at any time.

Data deletion of user accounts and any other data held is included as part of the overall service agreement, with no additional off-boarding costs. We commit to specific processes when a customer leaves a cloud service, including deleting customer data, and then providing you with a formal certificate that has been completed.

When the contract ends, we will store your users’ data in a limited-function account for 90 days to give you time to extract the data or renew your subscription. This includes all user records, course content and materials.

After this 90-day retention period, Microsoft will disable the account and delete all the customer data. The data stored on the server is thoroughly overwritten before being reused with any new contract and space, eliminating the possibility of any data being left and accessible

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
With the solution accessible through a web browser on any web enabled device, the appearance, functionality and use case would be consistent across all the devices. There is also a mobile app that can be used across mobile and tablets, from the desktop, this provides support for offline learning. content can be downloaded and completed, then upon reconnection to the internet, will sync up all data.
Service interface
Yes
Description of service interface
The LMS has a very clear and consistent navigational structure throughout, providing a simple and intuitive front-end for learners and managers, with only minimal training required for administrators. All the dashboard panels are fully configurable to provide as clean and clear a display as necessary, with only the information and tools that the user would need displayed.
The system is built around a fully modular framework, allowing for only the modules that are required to be deployed, providing that user with only the relevant modules to them.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The IMC Learning Suite ‘Learner Portal’ is developed to the guidelines of WCAG 2.0 AA compatibility as much as possible. As the guidelines also are related to the scenarios configured as well as the content entered into the system we can offer to test the full scenarios with the added content (extra costs apply). The main testing outside of the customer scenario testing includes testing for screen readers, with the system text capable of being resized up to 200% without loss of clarity or functionality.
API
Yes
What users can and can't do using the API
The LMS provides a REST interface that is fully is documented, and robust - as we are using the same API ourselves to communicate between the various layers of our applications (e.g. backend with the front end, mobile apps etc) so you can be sure it is a complete and comprehensive API set. The imc Learning and Talent Suite provides a REST interface for the following content:
– People (export): profile data for the user who is logged on
– News (export)
– Courses (export):
– News
– Syllabus and library
– Tests, questions and feedback
– Course registration and start by learners
– Rating
– Course room configuration
– Prerequisites
– Course templates
– prebooking
– Media for selected content types (export)
– Catalogue (export):
– Dates (export)
– SCORM data (import/export)
– Search (export): selected simple and aggregated searching for learners, tutors, HR and supervisors.
– Dashboard pages (export)
– Groups (export)
– Programs (export)
– Bookshelf
Area of application:
– Mobile apps and Learnbase (offline client for Windows)
– Client-specific interfaces
– Portal systems
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The solution is built on our own-developed, ground up framework, allowing for a lot of flexibility in the solution to meet organisation requirements. There are also some system areas that would be customisation themselves, including the system logo's, colours and images, all demonstrated during any system training.

Further system customisation's would be carried out by ourselves to an agreed specification with the customer. We have a specific process for any change requests that may require customisation of the solution. These can be raised through the Jira ticketing system, through a change request ticket. Once ticket is reviewed, an estimation of the cost and required time to implement is provided. Once agreed, this is then passed to our technical services team to implement the developments, with full tracking of the ticket progress available, with the ability for the customer to leave comments at any stage. When the change is available and ready for delivery, this will first be patch tested by internal QA, then once signed off internally will be implemented to the customers test/staging environment for review. Once approved, an update to the production system is scheduled and performed.

Scaling

Independence of resources
Our services are provided through a dedicated subscription on MS Azure, ensuring no conflict in resources of other clients. Capacity planning is discussed for provisioning before projects with the platform providing scalability, so during production phase, should capacity need to be increased, there is possibility. We can provide several options for this, either providing flexible resources around expected periods of heavy use, i.e. seasonal onboarding, or can increase the resources permanently for increased base user numbers. Furthermore, with MS Azure, we can mobilise the additional resources near instantaneously.

Analytics

Service usage metrics
Yes
Metrics types
We monitor our Azure implementations with Microsoft Application Insights. This provides full statistics in real-time, detailing the system at that exact time. The key metrics available include;
- Server response time
- Server requests
- System availability
- Incoming requests and request duration
- Outgoing requests
- Overall system health, with CPU % and memory usage
- Concurrent users with defined time periods
- User information including country of origin, operating system and browser.
This system has configurable alerts to notify technicians of any service issues. This is available 24/7, with reports communicated through the support team.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
For system administrators within the reporting dashboards, these are available through the export options, available to csv and xls. Any data list in the system can be exported to these formats.
For system users, as part of requirements under GDPR, we support the right to data portability, with the IMC Learning Suite providing users with the ability to request a full, personal data report which will be delivered via email. In addition, they will be able to export learning records to PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • Xml
  • Xls

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Through the provision of Microsoft Azure for the hosting service platform, the system will be available 24/7, 365 days, with a guaranteed system availability of 99.0%, except for scheduled maintenance which requires your approval and updates would be out of hours with minimal downtime.

For support issues in relation to the Azure implementation, our reaction time to severe incidents, where the system is down and can’t be reached is max. 1 hour. Our RTO is 12 hours and we take nightly backups, therefore the RPO is no more than 24 hours. Backups are performed on a nightly basis as part of our application management service and kept on a rolling basis for 7 days.
Approach to resilience
Microsoft publish their Azure infrastructure design for resilancy, available here https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure-availability, with further controls and processes in place by imc.
As an overview, all our systems are designed to reduce the impact of a single point of failure, for example, all our hosted systems are built using at least 2 ‘roles’ or nodes, meaning that if one goes down the other is still accessible, whilst also providing load-balancing services.
Furthermore, we monitor our Azure implementations with Microsoft Application Insights. This provides us with full statistics in real-time, detailing the full system functionality at that exact time. The key metrics available through here include the following;
- Server response time
- Server requests
- System availability
- Incoming requests and request duration
- Outgoing requests
- Overall system health, with CPU % and memory usage
- Concurrent users. with defined time periods
- User information including country of origin for the request by a user, operating system and browser version of the user.
This system has configurable alerts to also notify technicians of any service issues including alerts on performance changes or crashes. This is available 24/7, with reports communicated through the support team.
Outage reporting
As detailed, we monitor our Azure implementations with Microsoft Application Insights. This provides us with full statistics in real-time, detailing the full system functionality at that exact time.

This system has configurable alerts to also notify technicians of any service issues including alerts on performance changes or crashes. This is available 24/7, with reports communicated through the support team.

In addition, we can provide access to the health dashboards for customers.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Authorisation within the system is governed by access control rights with the system having support for several different identity providers to authenticate the user, ensuring the right user has access to the right system areas. This determines the relevant access to read, write, create and delete objects as needed for their specific use case.
Within imc, the hosting and support team will require specific user authorisation and access rights to be able to access and make any changes to the system. This is only provided on a very limited basis, and only as required.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DQS Holding GMBH
ISO/IEC 27001 accreditation date
15/12/2018
What the ISO/IEC 27001 doesn’t cover
Information security in project management - Information security shall be addressed in project management, regardless of the type of the project. Projects as such are not done within the scope of the ISMS. Thus this control is not applicable.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As dictated by the ISO 27001 certification requirements and process, we have documented policies that cover the following areas:
-Acceptable use policy
-Access Control Policy
-Access Protection Policy
-Backup Policy
-Clear desktop and office policy
-External User Policy
-Information security policy
-Information security policy for customer management
-Information security policy for supplier relationships
-Information transfer policy
-Key management policy
-Logging Policy
-Login Policy
-Mobile Device Policy
-Network Security Policy
-Policy on the use of cryptographic controls
-Server Security Policy
-Teleworking policy
-Virus Protection Policy
-WLAN Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a dedicated QA department responsible for testing all releases with a formal QA process in place. We run automated tests and manual regression tests. The amount of regression testing is based on the type of release. In decreasing order: major, patch, hotfix.

For each new release we run standard performance tests on the same hardware to ensure that no significant performance degradation was inadvertently introduced into the product. We also perform penetration tests/security scans internally, once per year that involve several tests, where any findings are immediately addressed. All logged, tracked and managed through our Jira ticketing system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We perform penetration tests/security scans once per year to determine the probability and severity of an attack. The findings are scored from ok, through to critical, with recommendations on how to be resolved. These are managed through our Jira ticketing system.

Depending on severity and size of the vulnerability, these are addressed in the next available patch release, approx every 3-4 weeks.

In addition, the solution is designed against the OWASP top 10 vulnerabilities to ensure the solution is aligned with the up-to-date industry guidelines.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our solution includes MS Security Center that provides full inclusion protection and anti-virus scanning for all services. Windows Defender Advanced Threat Protection is included within the service for up-to-date threat protection and providing immediate response to the latest threats and system vulnerabilities. Fully configured security policies are in place, with access to the MS Azure cloud platform limited to select support and hosting team members, and the service will also provide alerts for any detected issues to our support personnel 24/7 that are then responded to accordingly and communicated to you through the support desk.
Incident management type
Supplier-defined controls
Incident management approach
Incidents directly affecting the server system and environment are fully managed by Microsoft and their incident management procedures. This includes notification to support staff for any issues affecting customer environments . imc have an internal security and incident management procedure, documenting all processes, classifications and resolutions for a reported incident.

We use a security incident ticketing process to raise any security incidents. After a security event has been reported. It is analysed in order to verify the occurrence and to take first immediate actions if necessary.

Reports are limited to the secuirity team to limit any further security risks.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£19.00 a user a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.