O'Reilly Media, Inc.

O'Reilly Online Learning

O’Reilly online learning is where organizations get answers to solve problems and drive productivity. With unlimited access to over 57,000 books, videos, live online courses, learning paths, certification prep tests, interactive coding, and more—created by industry experts to help you get smarter about AI, operations, data, leadership, and beyond.

Features

  • Live coding environments—no installation or configurations required
  • Certification guides plus Pearson practice exams to ensure comprehension
  • Resource Centers curate content by level from beginner to expert
  • Learning Paths for self-paced structured learning to build expertise
  • In-depth usage reporting to empower decision makers
  • Early Releases and content ahead of trends for competitive advantage
  • Live events hosted-in-platform for rich interactive learning
  • On-demand access for on and offline learning
  • Case Studies learn what worked and what didn’t from others
  • Shareable Playlists to save organize and share favorite content

Benefits

  • Editorially managed and curated for consistent relevance, quality and coverage
  • Gain a competitive edge with content ahead of what’s next
  • Trusted content from 200+ publishers, experts and practitioners
  • Problem-solving and time-saving tools to boost productivity
  • Multiple learning formats to address each learner’s preference
  • Support all levels so everyone becomes high performers and experts
  • Vast breadth and depth for maximum topic and role coverage
  • Personalized learning experiences for engaging and relevant learning for everyone
  • Social tools make learning continuous and scalable in your organisation
  • Provide your teams the resources used by top tech companies

Pricing

£355.64 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

4 8 7 1 4 8 7 7 7 8 1 6 0 9 0

Contact

O'Reilly Media, Inc. Camille Sullivan
Telephone: (913) 574-7271
Email: csullivan@oreilly.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Access is granted on a named-user basis. The Buyer will provide the first name, last name, and email address for each user. Generic ID logins or anonymous logins are not allowed. Platform maintenance windows are communicated in advance in the event downtime is anticipated. We are a SaaS platform. There is no special hardware or configuration needed. All that is required is internet access. Users can access via a desktop browser or the mobile iOS or Android native apps. Content can be downloaded for offline viewing.
System requirements
  • User credentials
  • Password requirement for users
  • Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Europe Tel: +44 20 3355 9998
Mon-Fri, 9am–1am, excluding UK bank holidays
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Your subscription to O’Reilly online learning includes access to a high-quality customer service team that is available via email or phone as well as a Customer Success Manager and Strategic Account Manager available via email, phone, and video conference at no additional charge.
Support available to third parties
No

Onboarding and offboarding

Getting started
As part of our commitment to your success, we provide a comprehensive 30-day onboarding program composed of scheduled activities and resources led by your dedicated customer success manager (CSM). He/she will work closely with your administrator(s) to schedule online training sessions and launch an initial campaign to support early user adoption and engagement. Your admin(s) will receive their own training and resources found in their Admin Console to learn how to use the Insights Dashboard for in-depth reporting to benefit the organization. O’Reilly also provides a web-hosted onboarding Launch Kit where your admin(s) can readily access onboarding tools to support awareness during their early days with O’Reilly. Materials include customer testimonials, tips to create a learning culture in your organization, and our calendar where users and admins can register for live webcasts on how to make the most of O’Reilly. These aren’t recordings—they’re live experiences, supplemental to your scheduled training with your CSM.
Service documentation
Yes
Documentation formats
Other
Other documentation formats
.xml
End-of-contract data extraction
Users can request to have their data sent to them or to have their data deleted.
End-of-contract process
Personal data related to the users are either deleted or returned upon request.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Users can either access via their desktop using SSO credentials or use individual login details to directly log into our companion mobile apps. Content can be viewed and downloaded to the mobile app for offline viewing. The desktop and mobile history are synched for a seamless user experience.
Service interface
Yes
Description of service interface
We support SSO using SAML 2.0 and can provide federation of search and usage data using open API.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
O'Reilly seeks to conform to the WCAG 2.1 AA standard to make its web content accessible for those with a wide range of disabilities. We are continually working to improve the user experience and to keep up with how new technologies and services impact our current coverage. Our Software Development Lifecycle (SDLC) includes WCAG considerations as part of our development practices.
O’Reilly is committed to WCAG 2.1 AA and our level of conformance is reflected in our annual VPAT report. The VPAT report is available upon request.
O’Reilly is in the process of rolling out a new front-end design system that uses inclusive design and creates a consistent user experience. The design system is built with an accessibility-first mindset and will be deployed across the entire learning platform throughout 2020 and into early 2021.
API
Yes
What users can and can't do using the API
We support SSO using SAML 2.0 and can provide federation of search and usage data using open APIs.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Our platform can support millions of users and our uptime rate is best in class at 99%. There is continuous monitoring of the availability of our network and related systems/equipment. Our customers are notified as soon as possible in the event of a site availability issue.

Analytics

Service usage metrics
Yes
Metrics types
Our Insights Dashboard provides the following metrics: Emerging trends for an overview of topics among your user base. Engagement highlights of the number and percentage of engaged users, content accessed, minutes watched, total searches, and the number of live online training attended. Learning patterns by number and percentage of users demonstrating linear and nonlinear learning behaviors to see which topics employees are using that are tangential to their work and those that they are devoting focus to through immersive and structured learning. Broadening and deepening for topics employees are exploring and those that are a core focus for them.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Data at the device layer is encrypted using AES256
Data at the storage layer is broken up into “data chunks” that themselves are encrypted using AES256
Each “data chunk” is encrypted with its own key. An ACL ensures that only valid cloud services can be used to decrypt a data chunk.
All keys used for this purpose are stored in the GCP Key Management Service (KMS)
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can request to have their data sent to them or to have their data deleted.
Data export formats
Other
Other data export formats
.xls
Data import formats
Other
Other data import formats
This is not allowed

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our platform can support millions of users and our uptime rate is best in class at 99%. There is continuous monitoring of the availability of our network and related systems/equipment. Our customers are notified as soon as possible in the event of a site availability issue. At the customer's request, O'Reilly Media includes SLAs in its subscription agreements.
Approach to resilience
All services are hosted in a Google Data Center.
Data is replicated across the Google Cloud Platform. This Replicated data stays in the United States.
Our services are pentested on a regular basis by a 3rd party company.
All services that are thirty days old are redeployed to production.
Critical services are configured to use Horizontal Pod Autoscaling in the event of a DDoS attack.
Our services and infrastructure are continuously monitored.
Our microservices are deployed using Infrastructure as Code. This allows us to deploy new/additional service resources quickly.
Outage reporting
We put notices on our platform of any planned or unplanned outages.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to Platform interfaces are controlled by the customer
Support uses an internal verification process to validate customer requests
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Google Cloud Platform
ISO/IEC 27001 accreditation date
17/04/2020
What the ISO/IEC 27001 doesn’t cover
Please visit this link to see Google’s most recent certificate. There is a detailed list of all the certified components that pertain to the Google Cloud Platform offerings.
https://cloud.google.com/security/compliance/iso-27001
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
SOC II Type 2 compliance

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Description required.
Information security policies and processes
We have a written Information Security policy. We do not share internal policies and procedures.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All services are deployed using our CI/CD pipeline.
All services are deployed using Infrastructure as Code.
All code merges are peer-reviewed.
The Engineering Organization receives regular security training.
Vulnerability management type
Undisclosed
Vulnerability management approach
We do regular pentesting; we have a patch management process; critical or high vulnerabilities are patched weekly;
Protective monitoring type
Undisclosed
Protective monitoring approach
We use the following applications for monitoring:
Data Dog
Signal Sciences
GCP Security Command Center
Incident management type
Supplier-defined controls
Incident management approach
We have an internal Security Incident response plan. We conduct incident response exercises at least annually.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£355.64 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The trial version is the same as the paid subscription. The Buyer would not have access to the Admin Console, but usage reports are available during the trial upon request.

Service documents