Learning Locker - Learning Record Store (LRS)
xAPI ready, Learning Locker connects systems together, proves impact of training and allows for informed decisions on future learning design. Create a single point of reporting for all learning and performance and visualise data with customisable dashboards. Scalable, affordable and able to integrate with your existing L&D software.
- xAPI-ready to track online and offline learning activity
- Non-xAPI Integrations send data into the Learning Record Store
- Multiple LRS: Create as many as you’d like
- Customisable Dashboards create actionable dashboard data in minutes
- Manage user identities: automatically reconcile users with multiple IDs
- Advanced Query Builder: make every field stored available for query
- Quick Data Visualisation: Bar charts, column charts, you name it
- Create Personas to deepen your search query results
- Numerous Apps including GDPR compliance, CSV to xAPI and more
- Statement Forwarding: send your data to another LRS/3rd party
- Enable an L&D ecosystem that goes beyond the LMS
- Link activity and performance to understand what drives top performers
- Personalise learning to increase engagement
- Highlight expertise to boost levels of morale and lower turnover
- Share data with learners to understand performance using quantified-self measures
- Standardise data structure
- Sharing data from multiple sources acting as a single source
- Avoid vendor lock-in by storing data outside of the LMS
- Switch between LRSs for truly flexible data visibility
- Optimise performance based on up-to-the-minute learner data
£7500 to £30000 per instance per year
- Education pricing available
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||HT2’s SLA is based upon working hours of 9am - 5pm, Monday to Friday in the UK, excluding public holidays. Priority response times are in four categories P1, P2, P3, and P4. Response times are 1, 2,3 and 4 hours respectively.|
|User can manage status and priority of support tickets||No|
|Web chat support||No|
Support and hosting is included in the licence fees.
The Customer may log new support queries using HT2’s automated email Helpdesk system at: firstname.lastname@example.org.
Alternatively, the Customer may contact the HT2 Account Manager.
We also have a dedicated Customer Success Manager to help companies get started and as needed throughout the contract.
|Support available to third parties||Yes|
Onboarding and offboarding
New Learning Locker clients are provided with full set-up, training and customisation.
Generally, a new organisation will go through the following steps with us:
We create instances for them as required (staging, production etc).
We train them and assist in building queries and visualisations.
We train them in administration - user management etc.
We ensure that their data sources are xAPI compliant, helping achieve this through custom development work where required.
We work closely with them through implementation and set up, and then as required through the contract.
We are able to provide onsite or remote training, and there is extensive user documentation, a user community, and user support available at: https://ht2ltd.zendesk.com/
|End-of-contract data extraction||We have a specific GDPR app that allows an individual's data to be quickly queried, returning all data held, for transfer/inspection by the individual, and/or deletion.|
Data can be exported and transferred to the organisation in whichever format is most suitable, usually CSV.
Users are then removed, organisation deleted, all data deleted.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|What users can and can't do using the API||Everything is accessible via API - the service is API-driven.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||We work closely with all clients to set up as per their requirements.|
|Independence of resources||All systems are monitored and have the ability to autoscale services based on demand.|
|Service usage metrics||Yes|
Yes, monitored by us, available to client on request.
Total amount of data stored.
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Organisations are able to export their data via CSV, an individual user's data can be quickly queried via our GDPR app for export.|
|Data export formats||
|Other data export formats||XAPI|
|Data import formats||
|Other data import formats||XAPI (RESTful method)|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||HT2 guarantees that the Service will be available to the Partner for not less than 99.5% of each calendar month (where a calendar month is considered to be 730 hours), excluding known maintenance windows and scheduled downtime. Where the service must be taken offline for maintenance, HT2 will endeavour to give the Partner at least five working days notice. In certain circumstances, such as in the event of a security concern, it may be necessary to take the service offline at less notice. Where possible, maintenance will be performed outside of core business hours, either at evenings or weekends. Service downtime during these windows will always be kept to an absolute minimum; typical maintenance windows last around 15 minutes. HT2 will notify the Partners named representative of all maintenance windows and schedules.|
|Approach to resilience||At every stage all services are built with redundancy in mind. Whether it be load balancing application servers, or replica/slave database setups. We also ensure that where we have multiple instances of hardware for failover that they exist across different physical zones.|
|Outage reporting||Clients are notified via email, either to business contact or specified emergency contact for outages.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Our stance is one of ‘least privileges’ with personnel being granted only the minimum data access required to perform their role on a given task. These processes govern our operating processes, from the physical security of the buildings in which we work, to the security practices we follow in writing and deploying applications.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||02/09/2013|
|What the ISO/IEC 27001 doesn’t cover||
S9.4.4 Use of Privileged utility programs.
We do not use Privileged utility Programs that might be capable of overriding system and application controls as such there is no process in place to restrict or control such system.
s10.1.1 and s10.1.1 We apply encryption externally according to the needs of our customers. However it is felt inappropriate to do the same internally as the ability to use data is central to many of the tasks we undertake internally.
s11.1 Data is stored on our third party cloud providers with extensive security provisions in place. As a result of this and a policy of not storing special personally identifiable information locally on clients our offices do not have a physical security perimeter other than lockable, controlled entrance.
s14.2.7 Supervision of outsourced system development - this is not considered required since we do not outsource such development.
s14.3.1 - Test data selection. Our clients select test data to test system integration and setup. As a result we do not have a policy around test data selection.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Privacy Shield|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||As part of our ISO27001 we defined our Information Security Management systems policy which is appended to this application. Our Data Security Officer and ISO manager reports directly to the Chairman of the Board of Directors.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The Senior Management Team control any potential changes, this is then delegated to a responsible person as a “project manager”.
He will conduct a “research background” to determine the feasibility of changes with regards to:-
Purpose of the change
Any potential consequences
Integration of the quality management system
The availability of resources
The allocation or reallocation of responsibilities and authorities
Once completed this then forms part of the Management Review together with including within the internal audit schedule.
All code is published through version control and goes through both peer code reviews and then QA.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We commission annual penetration testing by NCC Group Trust and develop our solution following OWASP guidelines.
Critical security patches applied as soon as possible as part of managed hosting agreements. Minor patches are applied as part of regular update patterns, which are typically applied once per month.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We manage potential compromises by exception. We get system notifications for unusual traffic etc. from our third party provider. Rackspace/ AWS employs an IDS at the perimeter of its network with 24/7 active monitoring. In addition we deploy New Relic monitoring tools at our application layer. This is monitored by HT2 staff.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Incidents are defined as part of our Business Continuity and Disaster Recovery Plan that is being tested at least once a year. We further have a Data loss prevention strategy that outlines our approach to a Data incidents. Our Data Security Officer will contact customers of a (potential) data loss. The reports are given in writing via email.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£7500 to £30000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The service is available free for 30 days, allows full use of SaaS (subject to acceptable use policy).|