Conducttr TeamXp

TeamXp is for scenario-based training exercises, recruitment, onboarding or audience engagement experiences. Popular uses are crisis management, crisis communications, business continuity, interactive table-top exercises, social media simulation.

A scenario editor allows you to create facilitator-led or self-paced experiences that play out in a responsive web application.


  • Create your own scenario-based exercise using intuitive authoring tool
  • Simulate social media, email, phone calls, whatsapp
  • Design locally; upload to cloud simulation engine to run anywhere
  • Responsive web application for mobile, tablet and desktop
  • Real-time interaction data
  • Publish content to players based on team, role and group
  • Embed rich media such as images, audio, PDFs and video
  • Pacing can be facilitator-led or self-paced
  • Design tool to change look and feel
  • Export to Word to share content with clients & stakeholders


  • Improve staff performance with training that feels like real life
  • Reduce travel costs by training staff wherever they are
  • Reduce production time and costs: one-click to deploy interactive experiences


£3500 to £20000 per virtual machine per year

Service documents

G-Cloud 10



Robert Pratten


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The fee includes one cloud space to run your experience. Additional spaces can be purchased.
System requirements
  • Adobe AIR to run the authoring application
  • Players need a modern HTML 5 browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Usually 1-2 hours 98% in 24hrs and 100% within 48 hrs
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels There is one support level which is via support desk.
If someone needs onsite support then they pay for a call-out but it's not really necessary if they buy training.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started 1 hour training is included in the price
There are help docs, videos, training courses.
1 day onsite training is available as chargeable extra
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction They own their data throughout and can download whenever required, at any time.
End-of-contract process At the end of the contract we switch the cloud space to inactive. There are no additional charges

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The editor is a downloadable application that runs on Adobe AIR. This only runs on desktop.
Players/customers/trainees don't download anything and the is no difference between mobile and desktop except usual responsive design
Accessibility standards None or don’t know
Description of accessibility End-users access experiences created by Government customer (ie our client) via a web browser and do all the normal things you can do in a browser. Accessibility might depend on the client's design - you can change font size, colors etc. so it's up to the client.
Accessibility testing None.
Customisation available Yes
Description of customisation The whole service is a design, execution and management tool for interactive experiences.
Clients use our AIR application to design their experience - the branching, information gathering etc - and the "skin" - the look-and-feel, colors, images etc and registration type.
Only clients can customise (ie the buyer)


Independence of resources Through our standard operational procedures that makes sure our infrastructure is big enough.
There are usage limits for each cloud space but they tend not to be exceeded.


Service usage metrics Yes
Metrics types The metrics are included in the downloaded information which the client can download at any time.
Facilitated experiences can see data in real-time in the facilitator dashboard.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is downloaded via the scenario editor
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99% availability 24/7
Approach to resilience We use Amazon Cloud Services
Outage reporting Email alerts
Scheduled maintenance is via help desk and email

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is only via VPN and whitelisted IP address
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards We already have Cyber Essentials Plus and by time of contract we'll have ISAME Governance Standard which is equivalent to ISO 27001
Information security policies and processes IASME Governance Standard

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use Jira software to track changes and updates.
Each release is tested on a Development system and then on a Stage system before finally migrating to Live.
Detailed Release Notes are made before going live and a record kept of all changes made.
We use a subversion system to reverse changes if an issue is discovered after migration.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our CTO is responsible for all security matters.
We us RSS feed from security sites to keep up to date with issues and supplier alerts.
Security patches are implemented within 24hrs if necessary but they all patches are assessed for applicability
Protective monitoring type Supplier-defined controls
Protective monitoring approach We mainly use prevention than detection but CPU loading and traffic loading is monitored continuously with alerts sent to CTO and support team if unusual/unexpected loading is seen.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We follow the IASME Governance standard although not yet officially certificated

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3500 to £20000 per virtual machine per year
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day trial of all capabilities
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑