Think Learning

Flex Learning Content Management System (LCMS)

Flex LCMS (Learning Content Management System) can manage and host elearning content for access within any Learning Management Systems (LMS) or Virtual Learning Environment (VLE) using SCORM and AICC. There are also elearning player options available.


  • Host and manage elearning content
  • SCORM, AICC and xAPI
  • Oracle Learning Management (OLM) SCORM adapter


  • All elearning standards are supported (SCORM, AICC and xAPI)
  • Interoperability and APIs with external systems
  • Integration to Oracle Learning Management (OLM)
  • Compatible with any Learning Management System


£4,320 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 9 5 6 1 0 2 6 8 1 3 8 9 4 3


Think Learning Shaun Wilde
Telephone: 0117 407 0237

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Any external Learning Management System (LMS) or Virtual Learning Environment (VLE)
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Planned downtime for scheduled updates/upgrades, pre-agreed with clients for maximum convenience/efficiency, and minimum disruption to end-users.
System requirements
  • PC: Windows 7+
  • Mac: OS X 10.5+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard response time within UK business hours: - Critical: 1 hour - High: 4 hours - Medium: 8 hours - Low: 16 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Online support (2nd line) = within the support contract;
Technical support (3rd line) and maintenance = within the support contract;
Support (consultancy) = optional within the support contract.
Support available to third parties

Onboarding and offboarding

Getting started
Prior to go live, all system administrators are trained online.

After go live, system administrators can upload content to the LCMS
Service documentation
Documentation formats
End-of-contract data extraction
The off-boarding process comprises:

- Provide compressed copies of content files;
- Purge the data from servers and all historic backups.
End-of-contract process
The off-boarding process is included in the price of the contract, any additional actions would be at additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile service will depend on the LMS/platform which the content is being viewed on.
Service interface
What users can and can't do using the API
SCORM, AICC and xAPI, and the Oracle SCORM adaptor
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
Flex is hosted on scalable cloud servers that are monitored 24/7 using performance monitoring software


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is exported by Think Associates on request.
Data export formats
Other data export formats
  • XAPI
Data import formats
Other data import formats
  • XAPI

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We work to make your System available for use over the internet 24 hours per day, 7 days per week. We commit to no more than 0.1% of the year of unscheduled downtime (total inaccessibility to your site), with service credits if we don’t meet this commitment (based on additional free weeks of hosting/maintenance service). Planned maintenance is excluded from the calculation. At least 5 working days of notice will be provided for any maintenance taking place between 5pm and 8am. At least 10 working days of notice will be provided, for any maintenance taking place between 8am and 5pm (or as agreed with clients). Your site will be monitored via health checks at the server and application layers.
Approach to resilience
We provide clients with access to high performance, secure, entirely UK-based platform services (with ISO27001, ISO9001, ISO27017 certification). Global Switch 2, a tier 3 data centre in London, and 100% network uptime guarantees. Includes a hot spare blade, so that in the event of a blade failure, a fresh blade is provided and restored. Daily backups are provided and stored on a separate SAN located on a separate physical location. NSX Firewalls are provisioned in a High Availability (HA) pair and are fully managed. The DDoS defence system is based on detection/diversion/verification/forwarding, and inspections are performed in real time, including the provision of IDS server monitoring for any malicious activity.
Outage reporting
We report outages through Think Learning Helpdesk notifications, email alerts, and by phone, as relevant.

Identity and authentication

User authentication needed
Access restrictions in management interfaces and support channels
Flex is accessed by the target LMS or VLE. System administrators have content upload permissions only.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO Quality Services Ltd.
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The UK data centre also has ISO27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Information Security Management System policies and processes, certificated and audited bi-annually by ISO Quality Services Ltd. Audit reports available on request. The Information Security Manager is a board level Director. Our Cyber Security and Information Security policies are communicated to, and signed by, all Think Learning employees. Staff training around GDPR is a key element of our onboarding process. We have regular audits of the controls listed above in terms of ensuring that all devices used by staff are fully compliant. All staff are updated at internal company meetings about ongoing cyber and information security requirements of personal devices and internal systems. Think Learning also has an ICO registered Data Protection Officer (DPO).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Code is managed by the Technical Services team utilising GitHub. System configuration and change management is managed initially by the System Implementation) team and then the Client Services team once live. System configuration and change management is documented in SharePoint using a versioned functional and non-functional requirements spreadsheet.

All changes and upgrades are tested within a client specific development environment to ensure functionality and security before moving to the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management is a control within our Information Security Management System (12.6.1). Where vulnerabilities are identified, system asset lists are examined to assess the impact of the vulnerabilities on the security of the system. Where a software update is deemed necessary, then the change control process is initiated.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Flex is monitored 24/7 at the application layer via health checks and performance monitoring. In the event of a compromise the technical team are alerted by text to resolve the issue within the stated SLA.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents via the Think Learning Helpdesk, which triggers the internal incident management process, involving Classification and initial support; Investigation and analysis; Resolution recording, closure and reporting via the Helpdesk

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£4,320 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
There is a trial option available to demo and test the LCMS compatibility. Contact for access.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.