Desire2Learn UK Ltd.

Brightspace LMS

We are a provider of learning management software and associated services, supporting higher education, K12 and enterprise organizations.


  • Learning Environment (LMS) - fully mobile responsive
  • Learning Repository - content and learning activity repositories
  • Electronic ePortfolio - integrated ePortfolio tool for lifelong learning
  • Performance Plus - Advanced analytics suite including predictive analytics
  • Engagement Plus - Lecture capture system and game-based learning engine
  • Mobile Apps - student, grading, ePortfolio
  • Integrated Virtual Classroom
  • Extensible Platform - LTI compliant and open REST-based APIs
  • Hosted in AWS
  • Management of professional development for staff


  • Drives efficiencies for academics (drag & drop course creation etc)
  • Improves student learning experience
  • Personalises learning pathways
  • Provides actionable insight through inbuilt analytics
  • Improves adoption of technology for all stakeholder groups
  • Enables anytime, anywhere learning from any device
  • Widens participation and provides equal opportunity - fully accessible LMS
  • Helps improve student outcomes
  • Drives CPD for staff - improves staff outcomes
  • Improves student and staff retention rates


£10 to £15 per user per year

Service documents


G-Cloud 11

Service ID

4 9 2 0 1 2 0 1 1 0 9 4 7 9 8


Desire2Learn UK Ltd.

Charles Thrift


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
No. We offer a 99.9% uptime SLA with no downtime.
System requirements
  • Valid internet connection
  • Access to a browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have different SLOs depending on the support package you pick. Our Basic administrator support package starts at a 120 second phone or chat response time, and our Platinum package has a 45 second phone or chat response time.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
For 7 years now, D2L has employed a blind screen reader user in the role of accessibility tester, test strategist and consultant She not only tests our products before release, but also offers consultation to designers on intuitive use cases and processes for delightful use of our products with assistive technologies. She has also used our end user support tools and offered suggestions to make them not only accessible but also more easily usable. Every time a new tool or feature is built for the platform or for end user support, these are tested in-house first.
We also partner with Fable Tech Labs ( who offer a community of testers with a range of disabilities using a variety of assistive technologies such as speech input, special keyboards, screen magnifiers and screen readers. Through Fable’s cloud-based platform, our designers, developers, and testers have access to testing our products and features with any relevant assistive technology they need to.
Finally, the Canadian National Institute for the Blind (CNIB) has been our client since 2017. Being used by vision impaired users from CNIB on a regular basis should speak to the accessibility and usability of our end user support portals and chat applications.
Onsite support
Support levels
BASIC (no additional cost)
M-F 8 a.m. to 8 p.m. (local client time zone) chat case supporting
24x7x365 email and web-based support for 2 Approved Support Contacts (ASCs)
60 cases per year

24x7x365 chat, email and web-based support for 3 ASCs
Unlimited number of cases
Monthly case reports

24x7x365 email, chat, telephone, and web-based support for 3 ASCs
Unlimited number of cases
Monthly case reporting
Monthly SLO reporting
Semi-annual reviews of support service experience
Priority follow the sun support for P1 issues
Post Case Summary for P1 cases reporting upon request

24x7x365 email, chat, telephone, and web-based support for 5 ASCs with a dedicated 800 number
Unlimited number of cases
Priority queuing and major case management
Priority follow the sun support for P1 issues
Monthly case reporting
Monthly SLO reporting
Quarterly reviews of support service experience
Post Case Summary for P1 cases reporting upon request
Includes a TAM: a named technical contact that provides specific technical guidance for projects, infrastructure, and support issues as well as some reports and semi-annual product roadmap review meetings
Support available to third parties

Onboarding and offboarding

Getting started
We deliver a fixed price implementation (including training) for all new customers.

Based on the package purchased, we will work with the customer to provide a Statement of Work and Project Plan. These documents will define effort, responsibilities, and timelines for the project and our total implementation price will remain fixed for the delivery of all tasks outlined in the Statement of Work.

All implementations include planning, configuration, SSO, SIS integration, course migration services and training. Training is typically delivered online in bite-size chunks (though can be delivered onsite if desired) and all new customers will receive access to our Subscription Training offering in year 1 of their contract. Subscription Training provides unlimited access to live and pre-recorded online training sessions.

Post-implementation, all customers have access to the Brightspace Community site where user guides, training videos and help are all available, and they will also have access to our Technical Support and their Customer Success Manager.
Service documentation
Documentation formats
Other documentation formats
End-of-contract data extraction
D2L provides a set of export tools within the product to allow clients to export course content materials in a standard, packaged format as well as grades and other specific elements of data. If the client requires additional support, D2L can provide such data export and other services for a fee on a time and materials basis.
We will delete, destroy or render inaccessible client files and data residing on our servers 30 days after termination, unless otherwise agreed in writing. At any time during the term of the agreement and prior to the end of this 30-day period, clients may recuperate their data through the user interface by archiving or through the export utility.
End-of-contract process
At the end of the initial contract period customers will have the choice to renew for a further period (as agreed between parties) or to terminate the relationship/contract. At this point, should the customer decide to terminate we would provide assistance to ensure they are able to export all data from their Brightspace site using our standard system tools, and the site will then be shut down. Should the customer need extended access to the site for a period post end of contract date, this would be a chargeable service and a price would be agreed between parties.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Brightspace is built using responsive design so you can access all of Brightspace using any device and it adjusts accordingly. As such, the only difference between our mobile and desktop services is that when you view us on a mobile device it looks different so you don't need to scroll horizontally.
Service interface
Description of service interface
There is a fully mobile responsive and modern interface for all users to interact with.
Accessibility standards
WCAG 2.1 A
Accessibility testing
At D2L, usability testing with users having disabilities is a norm rather than an exception. To begin, we make sure that technical issues are minimized before testing with users: We build in accessibility standards compliance rules into our design and development processes through design pattern libraries, web components, and best practices.
Before engaging with users of assistive technologies, our design and development experts do a first pass. Our design teams test their designs for low vision users using colour contrast analyzers, OS magnification features, and colour neutralizers. Our development and testing teams view their features using a screen reader (Voiceover on Mac or NVDA on Windows). Thereafter, our in-house screen reader expert tests products and features with multiple screen readers (JAWS, NVDA, Voiceover) on different browsers (Edge, Firefox, Chrome, Safari) as relevant.
When it comes to testing with multiple screen reader users or with other technologies such as screen magnifiers (ZoomText), voice input (Dragon Naturally Speaking) and a variety of alternative input devices such as pointers and switches, we engage with a community of people with disabilities who use these technologies natively – through Fable Tech Labs (, who are contracted to assist in testing with users having diverse disabilities.
What users can and can't do using the API
Brightspace APIs employ a standard, platform-neutral REST-like approach with JSON as the data interchange format. This allows for real-time management of administrative functions for User management, org units management, Enrolment management and Grades pass back to your SIS. A full list of our available API’s and associated documentation is maintained here -
Administrators/Developers can use whatever web development platform they are comfortable with to interact with these APIs.
Brightspace APIs need all calls to be signed with application credentials that the back-end service can verify, allowing the platform to identify every API call as coming from a known, approved-of application. Nearly all API calls must also be signed with user credentials that Brightspace specifically grants to the calling application (the only exceptions to this are a small number of calls that have to do with properties of the API itself, such as querying the supported API contracts available and beginning a sequence to request user credentials). In this way, the Brightspace platform can identify every API call as coming from a known, approved-of application on behalf of a known, authenticated user.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Many aspects of Brightspace that offer you the flexibility to tailor (customise) the look and feel of the online environment, including the homepages (at all levels of the organisation), along with branding, and navigation, to name a few.
Each homepage can be configured with different widgets, such as standard calendar and announcement widgets or custom widgets built with the HTML Editor. Similarly, each organisation unit can also have a branding logo at the top of the page and can also have its own navigation bar with different links and link menus.

Colour schemes can be applied to a course or to the entire organisation. Also, shared resources such as picture libraries can be used as one controllable source for your logos and images to be used by multiple courses or programs.

Homepages can also look different for different roles (e.g. a teacher will have access to more content than students) and can be modified based on user preferences via Account Settings (e.g. if a Student needs to be able to view text in a larger or open dyslexic font, they can set this up).


Independence of resources
We have a capacity planning team which meets regularly. We also have significant monitoring on our resources, which include thresholds that alert us before performance and capacity issues become a problem.


Service usage metrics
Metrics types
We offer analytics within the platform that will cover service usage (logins, tool usage, etc). We also offer uptime visualizations and reporting against your SLA and support level objectives.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data Hub gets you the data you are looking for by allowing administrators to access to pre-defined collections of data (data sets) from Brightspace. Administrators can then export data sets as CSV files for further analysis in third party tools giving you the flexibility to filter, aggregate, and transform data for your needs. API-based access to data is also available to allow you to build automated data integration with Business Intelligence (BI) tools.

All the data sets are available as weekly fulls and daily differentials with Brightspace Core.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • IMS Content package
  • QTI

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
D2L has a 99.9% uptime SLA. Should downtime occur, our monitoring logs will show the time stamp for when the offline period occurred. Downtimes are reviewed, and if downtime classifies for a penalty, our Cloud Operations team alerts our Finance team to issue the credit. If a credit is to be issued, this is reflected on the customer’s next annual invoice, or if an agreement is terminating and there are no further invoices, a refund is granted.
Approach to resilience
Brightspace is built on the most modern software architecture in our industry. Microservices-based architecture makes the system faster, flexible, and scalable. This resilient and scalable approach is more flexible to be used across more potential services, APIs, or end-user devices like desktops, mobile devices, wearables, or whatever you want to connect next.

We use a continuous delivery model for updates so you don't have to worry about versions, upgrades, or migrations.

We guarantee 99.9% global uptime, and we have a historical track record of exceeding that. Our 24×7 NOC team works to ensure the system is available when users depend on it the most – even at peak times like semester start or employee onboarding. Our system supported more than a billion logins in 2016 and 2017.

We have a Business Continuity team who would make operational decisions and provide direction in response to a major event. This team is responsible for our business continuity plan.

Our Disaster Recovery plan is designed around replicating production data between two distinct data centers. The data centers contain identical infrastructure. As a result we can deliver an RPO of 15 minutes and an RTO of 1 hour.
Outage reporting
Outages are reported through our dashboard, and via email alerts to our clients.

Identity and authentication

User authentication needed
User authentication
Other user authentication
We can authenticate against our own database and we encourage people to use a SAML integration to integrate with customers SSO.
Access restrictions in management interfaces and support channels
Please see our security policies for details on the ways in which we restrict access
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Group America Inc. (BSI Inc.)
ISO/IEC 27001 accreditation date
06/11/2018 to 06/20/2018
What the ISO/IEC 27001 doesn’t cover
D2L complies as per the terms of this certificate.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
Active as of April 15, 2019
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
D2L complies per the terms of this certification.
PCI certification
Other security certifications
Any other security certifications
  • ISO27018
  • SOC1/SOC2

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 27018
Information security policies and processes
D2L has privacy and security-conscious policies that apply to all of its information handling practices including client confidentiality, our practices, and employees. D2L’s contracts include confidentiality provisions that prohibit D2L from disclosing customer confidential information, including customer data, except under certain defined circumstances such as when required by law. D2L agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law. For information collected on D2L’s Web sites, D2L provides assurances around the types of information collected, how that information may be shared and how that information may be used. D2L offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications, and offers individuals the opportunity to update or change the information they provide. Every D2L employee must follow D2L’s code of conduct, sign a confidentiality and non-disclosure agreement as a condition of employment, and follow D2L’s information security policies. D2L has multiple resources responsible for managing security including a Director of IT and Security, a Chief Privacy Officer and an Information Security Risk and Compliance Manager.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our change management practices for our cloud environments require submission of change requests to a multi-representative team of cross-functional specialists who analyze each change and its proposed impact and risks. This Change Advisory Board (CAB) meets each business day to ensure there is both technical and managerial signoff on the proposed changes. Each change request requires a Standard Operating Procedure or Change Order document to provide guidance for the change. This includes the known risks and fallback plans as well as all pertinent work steps and validation checks. Changes initiated by a third-party require the process described above.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Any newly discovered vulnerabilities in production would be remediated based on Common Vulnerability Scoring System (CVSS) score and risk. The following list is a guide to facilitate the required time to remediate the vulnerability: Critical - 2 Days, High - 14 Days, Medium - 30 Days, Low - 90 Days or next patch cycle.
D2L updates monthly. The templates are updated with the latest patches and rolled out with every release. Servers are built from hardened, dedicated images and are scanned for viruses prior to deployment. Source code in repositories is scanned for malicious files and content prior to deployment.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
D2L deploys Application Performance Monitoring (APM) software which considers a variety of metrics to indicate the quality of the end user experience. These metrics have been developed based on typical user expectations, and the actual end user experience is reported back to the Network Operations Center (NOC) staff who take corrective action (such as adding additional web servers, expanding database resources etc.) should the APM report the responsiveness dipping below a preset threshold.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our Security and Privacy Incident Management process is initiated through our support desk or Community. D2L would immediately launch an investigation to determine the cause of the breach and remediate the issue. We would contact customers within 48 hours, once we have verified that a breach has occurred. We’d share details with affected customers, including the cause of the issue and the steps being taken to address the issue. Afterwards, D2L's Security Incident Response Team would investigate the root cause of the issue, ensure no other customers were affected, and take steps to help ensure the issue cannot reoccur.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£10 to £15 per user per year
Discount for educational organisations
Free trial available
Description of free trial
We offer a 30 day free trial of Brightspace (limited functionality) which can be downloaded from our website here:

We also offer a full sandbox experience too (not time limited), once the opportunity has been qualified.
Link to free trial

Service documents

Return to top ↑