Holhooja Ltd.

edX Platform as a Service

This is a shared edX LMS Platform to enable the delivery of small and short term project based online training courses. Course content will need to be supplied by the projects


  • Google, Amazon or Azure Hosted
  • Wide mix of supported media (SCORM, Interactive Documents, HVP, Video)
  • Create and manage eLearning delivery and assessment
  • Personal development plans for targeted training, and full competency/goal management
  • Integrated interactive performance Dashboards for Corporate performance management
  • Integrate with third party authentication/HR systems, and OpenBadges


  • Hosted on secure Google, Azure or AWS Cloud
  • Manage classroom sessions for blended learning
  • See what percentage has completed compliance training
  • Full project coaching services with your team to get results
  • Managers can assign learning, and view completion data


£0.50 to £5 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@holhooja.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 6 7 8 6 4 4 0 8 9 3 1 2 8 9


Holhooja Ltd. Government Cloud Team
Telephone: 07736552007
Email: gcloud@holhooja.co.uk

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No Constraints
System requirements
  • Web Browser
  • SCORM Compliant eLearning Content

User support

Email or online ticketing support
Email or online ticketing
Support response times
Same working day
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
This service is intended for short term projects so we recommend our basic support package: 10 x 1 Hour Support Credits @ £750 + Vat

We are able to offer more customised support services that will suite your project requirements.
Support available to third parties

Onboarding and offboarding

Getting started
Our basic package for smaller projects can be up and running within a day by customer requesting number of users and receiving admin account for their own environment.

If you requires additional support, training, migration then we will work closely with you and your team to understand the requirements and plan the delivery together within your time scales.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The end user can extract data at any time during the contract period using core system reports.
End-of-contract process
The customer can extract any data they require through front end reports.

We can offer at a one off charge the supply of the customer database.

After expiry of the agreement, the customer environment is wiped from the hosted environment after 3 weeks of grace.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All features available on the desktop site are also available on the mobile site. The site responds to the screen size and distributes content appropriately to be displayed on desktop, smartphone and tablet devices.
Service interface
What users can and can't do using the API
EdX has an extensive API Library including: RESTful, SOAP, XMLRPC, JSON and AMF, SCORM and LTI standards, NTLM, Shibboleth. LDAP and SAML, SQL and Oracle database connections
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The system is highly configurable to meet local requirements. Home-pages, navigation menus and dashboards can be configured by the site administrators.

Within the front end we can turn on/off specific functionality and design work flows to ensure staff see functions relevant to their role.

Further customisations that may require own environment hosting within the public cloud is also possible and can be offered by our developers.


Independence of resources
This is a shared service running on scalable Google Cloud. Where customers require a guarantee of resources allocated we can offer dedicated hosting environment with agreed initial and scalale resource.


Service usage metrics
Metrics types
Service metrics are available through edX Dashboard.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Standard edX System reports available to customer primary account
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The environment is a stable enterprise version of the software hosted on resilient highly available public cloud environments.

We pass to the customer the SLA for Google Cloud, Microsoft Azure or Amazon Web Services but make no guarantees beyond those offered by these providers.
Approach to resilience
This is a public cloud hosted service and we pass to the customer the resilience afforded to the environment by Google Cloud, Microsoft Azure or AWS.
Outage reporting
Yes all public cloud service have an outage reporting dashboard which can be used by the customer to verify availability

Any outages due to maintenance or software patching will be reported to customers by email.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Through IAM roles and policies

Google Cloud: https://cloud.google.com/iam/docs/overview

Microsoft Azure: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

AWS: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_controlling.html
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We adhere to ISO 27001 Information Security Standards and we are working towards such certification but have not achieved it yet.
Information security policies and processes
We adhere to the following security policies and processes:

- Data Loss and Corruption
- Secure and logged access and modifications
- take measures to protect from loss or corruption,
- follow the Data Protection Act 2018 and EU GDPR 2016
- Directors retain responsibility for security
- Staff and Consultants are trained and work by security principles.

Our Information Security policy is available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
- LMS Software Platforms
- Open Source and Commercial Plugins
- Underlying Compute Environment
- Administration Dashboard and Users
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We perform vulnerability assessments on a regular basis primarily focused on issues affecting the LMS environment or any of its plug-ins through security alerts from the relevant sources.

We also run security scans and keep up to date with the latest insights from the cyber security industry.

Cyber security and protection is assessed based on the severity and likelihood of the threat using a Common Vulnerability Scoring System.

New vulnerabilities reported normally result in a patch being generated rapidly. We would install this within one day in most cases.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
- Detect is made through cloud based monitoring tools provided by the public cloud hosted environment

- We have configured alarms and audit logs to identify suspicious activity.

- Hierarchical levels of access security.

- Events are analysed to identify potential compromises or inappropriate use of our service.

- Action taken same day (immediately or within hours) of detection.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
- Internal Reporting to person in charge
- Incident Assessment
- Loss of Personal Data is reported immediately
- Active attacks are diverted or service suspended.
- Support is sought from public cloud provider.
- Customers are informed if personal data loss or suspension of services occurred.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.50 to £5 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@holhooja.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.