Emerald Works Limited

Mind Tools for Business learning and development solutions from Emerald Works

Proven public sector learning, training and development solutions. Working with you, we create a learning culture for individuals and organisations to thrive. Mind Tools online resources improve employee performance through real-time, easy-access to learning - when, where and how they need it. Our customisable e-learning/training courses meet specific learners’ needs.


  • Learning and development tools/functionality for users and managers
  • Mind Tools – Online interactive toolkit with on-demand, skill-building resources
  • E-Learning – interactive “off-the-shelf” or custom-made courses/training that improve performance
  • Access to 54 topic areas, and 2000+ individual resources
  • 13 formats including infographics, audio, video, guides, exercises, self-assessments
  • Customer Success Team – help to roll-out the best solution
  • Account management – ongoing support from a dedicated Account Manager
  • Launch support – tech support, help promoting campaigns and training
  • Analytics – data on login-frequency, time spent learning and more
  • Accredited – fully recognised accreditations by relevant bodies


  • Reassurance – market leader of learning and development solutions
  • Versatility – scalable L&D services in wide range of formats
  • Flexible – friendly and experienced teams, by your side throughout
  • Expertise – implementation, training, legalities, data security and privacy
  • Stability – established 1967, we're a financially secure, global business
  • Proven – award-winning resources that improve performance
  • Secure – end-to-end control of data, managed in-house
  • Reliability - Service available at least 99.5%, 24/7/365
  • Client control – add your own content, features and branding
  • Bespoke – customised learning and development solutions


£2.13 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@emerald.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 4 9 3 9 8 3 7 4 8 4 6 8 8 9


Emerald Works Limited Colin Howell
Telephone: 07712 184337
Email: publicsector@emerald.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
HR Management Systems
Employee Benefits Systems
Talent Management Systems
Other internal organisational systems
Cloud deployment model
Private cloud
Service constraints
Technical support is available between 8.30 am and 5.30 pm Monday to Friday. Outside of these times support requests can be logged 24x7 via email. Requests will be prioritised as required during business hours and an anticipated turnaround time provided on a per case basis.
It supports Internet Explorer 11+, and the latest stable releases of Microsoft Edge, Chrome, Firefox and Safari. It is accessible on any device with the latest stable releases of iOS and Android with a modern browser.
System requirements
Cloud-based, no requirements other than IE from version 11

User support

Email or online ticketing support
Email or online ticketing
Support response times
0-8 hours (during business hours) for issues classified as high priority.
48 hours for issues classified as medium priority.
5 working days for issues classified as low priority.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
High priority: Loss of access for all users or loss of data will be dealt with immediately. Initial contact will be with your dedicated account manager who will escalate to the Technical Director as required. Our service is monitored 24 x 7 and automated alerts issued to key personnel as soon as service degradation is detected.
Medium priority: Data requests or bugs impacting low numbers of users will be acknowledged within 4 working business hours. Your dedicated account maanger will proactively keep you updated.
Low priority: Low lever bugs such as cosmetic or browser specific problems will be acknowledged within 4 working business hours with an ETA provided by your account manager.
Support available to third parties

Onboarding and offboarding

Getting started
We provide a full implementation and onboarding programme which includes an onsite meeting, remote training, user documentation and a full project plan.
Service documentation
Documentation formats
End-of-contract data extraction
User data can be exported via CSV and uploaded to new system.
End-of-contract process
All access is revoked after the end of the contract, all negotiations about renewal of contract will happen before the end date. The data is maintained for 30 days after the end of the contract to comply with our Disaster Recovery Policy.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No differences
Service interface
Description of service interface
Our Toolkit is an online provision consisting of 54 topic areas, with over 2000 individual resources. The resources sit under the following four topic headings: Leadership & Strategy, Managing People & Teams, Personal Skills & Development, Services, Projects & Operations.
The Toolkit consists of 13 different resource formats including infographics, audio, video, key ideas, questionnaires, how to guides, exercises, self-assessments, top tips, surveys, case studies and more.
Our platform is fully responsive – offering a consistently excellent user experience on any device with a modern browser, meaning staff are able to access the resources wherever and whenever they need it.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our QA team uses a tool called NVDA along with Chrome plugins that simulates users with certain kinds of disability.
What users can and can't do using the API
Users cannot make changes to the API.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
The platform can be customised in many levels:
Mobile tile
Color scheme
Font Configuration
Footer text or image
Order of the contents displayed on "Spotlight on"
Contents in general
Name and order of the folders
Contents inside the folders
Weekly email's sender email address, name and subject
Support contact
Phone number
Error page


Independence of resources
Our service should be available at least 99.5% of the time on a 24/7/365 basis.
We provide full contract support to all customers with a range of suitably qualified employees; each customer is owned by designated individuals.
This ensures our customers have a designated person in the business to contact for their specific needs as well as a clear escalation route.


Service usage metrics
Metrics types
In a determined period of time, the manager can see and download:
Active Users
New Users
Total Time Spent in Resources
Usage (Total View) by Date
Resources Accessed by user, date and topic.

Individual users can see and download their own usage:
Total Time Spent in Resources
Time Spent This Month and Year to Date
Last Accessed Content and Date
Completed Assessments

Your dedicated Account Manager can also provide more detailed analytic information to help you understand your data better.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Encryption at rest using AWS KMS Solution
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
By Excel from within the system.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
In addition, our database is protected by column level encryption, and access is only possible via a secure VPN with individual and timestamped credentials.

Availability and resilience

Guaranteed availability
Our Service should be available at least 99.5% of the time on a 24/7/365 basis.
Approach to resilience
Our platform architecture is deployed by leveraging AWS features. Critical platform components are replicated across multiple AWS Availability Zones, each of them designed as an independent failure zone. All data centres are online and serving customers. No datacentre is "cold". In case of failure, automated processes move customer data traffic away from the affected area. Each availability zone is designed as an independent failure zone.
We leverage this capability by balancing the architecture components between two Availability Zones to keep the system operational even if one stops working.
In case of a failure, the DNS is configured to exclude the unhealthy services from the pool of available services and redirect the traffic to the operational Availability Zone. To cover the increase of traffic in the new zone, the automatic scalability process will begin creating the extra resources needed to keep the service at an acceptable response level. Once the original Zone is back online, the operation team follow a standard procedure to remove the old services that are out of sync. They will then recreate the needed system and link this with the other Zone. The traffic will then start flowing into the original data centre.
Outage reporting
We have a monitoring team available 24/7.
The alerts triggered by high level issues come via Slack, Email and automated phone calls. We also work with level of scalonation to decide who should take the front.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
They can be previously added and access via username/password or just-in-time provisioning using SSO.
Access restrictions in management interfaces and support channels
Minimum access is granted.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
2FA is enabled to any database or webservice associated with management of the service.
Access to our internal management application is only possible via SSO.
Any patches or changes are only allowed if connected to the VPN with individual and timestamped credentials.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Provided by participating learning organisation with support from Account Manager.
Information security policies and processes
Policies are reviewed on at least an annual basis.
Procedures have been established in order to set basic rules for building security into the entire HR process to ensure that policies and procedures are in place to address security issues. Our Employee Handbook contain specific guidance about home working, data protection, information security policy, access control, acceptable use, virus prevention and system security, intrusion detection, remote access, server security, etc.
Personnel are required to complete security awareness training.
Staff are required to undertake compliance training on an annual basis.
All contractors have to sign a written contract we have in place and we hold regular meeting with them to ensure all contractual obligations are being met.
We ensure that all third parties adhere to our policies, as do internal core employees, and adopt the same level of control, audit capability and industry certification. They are all governed by a GDPR compliant data protection contract.
Minimum access required is practiced, and all access is monitored and recorded to an individual.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A systematic approach is applied to managing change and ensure that changes to customer-impacting aspects of any functionality are reviewed tested and approved. Change management standards are based on established guidelines and tailored to the specifics of each change request. Program change documents and security best practices are documented on Confluence and Jira.
The development environments are accessed only by authorised developers and the testing environments are separated from the production environments.
Changes are tested according to established Change Management standards prior to migration to production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use a system called Wazuh to the following: Security Analytics (siem), Intrusion Detection (conjunction with ossec), Log Data Analysis, File Integrity Monitoring, Vulnerability Detection, Regulatory Compliance (such as GPDR and PCI/DSS) .
In the event that a potential or actual breach is detected the task to identify the cause and remediate the breach is worked immediately. If such action involves patching, patches are tested and evaluated before they are installed to ensure they are effective and do not result in side effects that cannot be tolerated.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Continuous monitoring is performed for recommended critical patches and upgrades in order to mitigate risks resulting from exploitation of published vulnerabilities. Any detected security vulnerability is triaged and remediations are prioritised above and beyond to CVSS score depending on several other factors such as exploit availability, malware availability, social media activity, affected assets value etc.
We perform vulnerability scans every 3 months and whenever a major change is made.
Alerts for high risk processing are monitored in real time and anomalies are followed up immediately.
We have documented and maintained threat and vulnerability management policies and procedures.
Incident management type
Supplier-defined controls
Incident management approach
Documented policies and procedures for reporting security, availability and confidentiality incidents are in place for identifying, acting upon and reporting failures, incidents and other security concerns. Incidents are logged within a ticketing system, assigned severity rating and tracked to resolution. An Information Security Incident Response Team (ISIRT) is in charge for the response and mitigation activities and escalation of incidents.

Client will be notified immediately of the discovery of a security breach or data loss incident and all corrective actions will be communicated and shared with client council. Any preventative controls will be agreed with client council.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£2.13 a unit a year
Discount for educational organisations
Free trial available
Description of free trial
The free trial is the exact copy of the service. We have a trial site that the client can be added to for a period of time. The free version is not available for anyone. The user needs to be added to the platform.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@emerald.com. Tell them what format you need. It will help if you say what assistive technology you use.