We are a provider of learning management software and associated services, supporting higher education, K12 and enterprise organizations.
- Learning Environment (LMS) - fully mobile responsive
- Learning Repository - content and learning activity repositories
- Electronic ePortfolio - integrated ePortfolio tool for lifelong learning
- Performance Plus - Advanced analytics suite including predictive analytics
- Engagement Plus - Lecture capture system and game-based learning engine
- Mobile Apps - student, grading, ePortfolio
- Integrated Virtual Classroom
- Extensible Platform - LTI compliant and open REST-based APIs
- Hosted in AWS
- Management of professional development for staff
- Drives efficiencies for academics (drag & drop course creation etc)
- Improves student learning experience
- Personalises learning pathways
- Provides actionable insight through inbuilt analytics
- Improves adoption of technology for all stakeholder groups
- Enables anytime, anywhere learning from any device
- Widens participation and provides equal opportunity - fully accessible LMS
- Helps improve student outcomes
- Drives CPD for staff - improves staff outcomes
- Improves student and staff retention rates
£10 to £15 per user per year
Desire2Learn UK Ltd.
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||No. We offer a 99.9% uptime SLA with no downtime.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We have different SLOs depending on the support package you pick. Our Basic administrator support package starts at a 120 second phone or chat response time, and our Platinum package has a 45 second phone or chat response time.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||
For 7 years now, D2L has employed a blind screen reader user in the role of accessibility tester, test strategist and consultant She not only tests our products before release, but also offers consultation to designers on intuitive use cases and processes for delightful use of our products with assistive technologies. She has also used our end user support tools and offered suggestions to make them not only accessible but also more easily usable. Every time a new tool or feature is built for the platform or for end user support, these are tested in-house first.
We also partner with Fable Tech Labs (https://www.makeitfable.com) who offer a community of testers with a range of disabilities using a variety of assistive technologies such as speech input, special keyboards, screen magnifiers and screen readers. Through Fable’s cloud-based platform, our designers, developers, and testers have access to testing our products and features with any relevant assistive technology they need to.
Finally, the Canadian National Institute for the Blind (CNIB) has been our client since 2017. Being used by vision impaired users from CNIB on a regular basis should speak to the accessibility and usability of our end user support portals and chat applications.
BASIC (no additional cost)
M-F 8 a.m. to 8 p.m. (local client time zone) chat case supporting
24x7x365 email and web-based support for 2 Approved Support Contacts (ASCs)
60 cases per year
24x7x365 chat, email and web-based support for 3 ASCs
Unlimited number of cases
Monthly case reports
24x7x365 email, chat, telephone, and web-based support for 3 ASCs
Unlimited number of cases
Monthly case reporting
Monthly SLO reporting
Semi-annual reviews of support service experience
Priority follow the sun support for P1 issues
Post Case Summary for P1 cases reporting upon request
24x7x365 email, chat, telephone, and web-based support for 5 ASCs with a dedicated 800 number
Unlimited number of cases
Priority queuing and major case management
Priority follow the sun support for P1 issues
Monthly case reporting
Monthly SLO reporting
Quarterly reviews of support service experience
Post Case Summary for P1 cases reporting upon request
Includes a TAM: a named technical contact that provides specific technical guidance for projects, infrastructure, and support issues as well as some reports and semi-annual product roadmap review meetings
|Support available to third parties||No|
Onboarding and offboarding
We deliver a fixed price implementation (including training) for all new customers.
Based on the package purchased, we will work with the customer to provide a Statement of Work and Project Plan. These documents will define effort, responsibilities, and timelines for the project and our total implementation price will remain fixed for the delivery of all tasks outlined in the Statement of Work.
All implementations include planning, configuration, SSO, SIS integration, course migration services and training. Training is typically delivered online in bite-size chunks (though can be delivered onsite if desired) and all new customers will receive access to our Subscription Training offering in year 1 of their contract. Subscription Training provides unlimited access to live and pre-recorded online training sessions.
Post-implementation, all customers have access to the Brightspace Community site where user guides, training videos and help are all available, and they will also have access to our Technical Support and their Customer Success Manager.
|Other documentation formats||Docx|
|End-of-contract data extraction||
D2L provides a set of export tools within the product to allow clients to export course content materials in a standard, packaged format as well as grades and other specific elements of data. If the client requires additional support, D2L can provide such data export and other services for a fee on a time and materials basis.
We will delete, destroy or render inaccessible client files and data residing on our servers 30 days after termination, unless otherwise agreed in writing. At any time during the term of the agreement and prior to the end of this 30-day period, clients may recuperate their data through the user interface by archiving or through the export utility.
|End-of-contract process||At the end of the initial contract period customers will have the choice to renew for a further period (as agreed between parties) or to terminate the relationship/contract. At this point, should the customer decide to terminate we would provide assistance to ensure they are able to export all data from their Brightspace site using our standard system tools, and the site will then be shut down. Should the customer need extended access to the site for a period post end of contract date, this would be a chargeable service and a price would be agreed between parties.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Brightspace is built using responsive design so you can access all of Brightspace using any device and it adjusts accordingly. As such, the only difference between our mobile and desktop services is that when you view us on a mobile device it looks different so you don't need to scroll horizontally.|
|Accessibility standards||WCAG 2.1 A|
At D2L, usability testing with users having disabilities is a norm rather than an exception. To begin, we make sure that technical issues are minimized before testing with users: We build in accessibility standards compliance rules into our design and development processes through design pattern libraries, web components, and best practices.
Before engaging with users of assistive technologies, our design and development experts do a first pass. Our design teams test their designs for low vision users using colour contrast analyzers, OS magnification features, and colour neutralizers. Our development and testing teams view their features using a screen reader (Voiceover on Mac or NVDA on Windows). Thereafter, our in-house screen reader expert tests products and features with multiple screen readers (JAWS, NVDA, Voiceover) on different browsers (Edge, Firefox, Chrome, Safari) as relevant.
When it comes to testing with multiple screen reader users or with other technologies such as screen magnifiers (ZoomText), voice input (Dragon Naturally Speaking) and a variety of alternative input devices such as pointers and switches, we engage with a community of people with disabilities who use these technologies natively – through Fable Tech Labs (https://www.makeitfable.com), who are contracted to assist in testing with users having diverse disabilities.
|What users can and can't do using the API||
Brightspace APIs employ a standard, platform-neutral REST-like approach with JSON as the data interchange format. This allows for real-time management of administrative functions for User management, org units management, Enrolment management and Grades pass back to your SIS. A full list of our available API’s and associated documentation is maintained here - https://docs.valence.desire2learn.com/reference.html
Administrators/Developers can use whatever web development platform they are comfortable with to interact with these APIs.
Brightspace APIs need all calls to be signed with application credentials that the back-end service can verify, allowing the platform to identify every API call as coming from a known, approved-of application. Nearly all API calls must also be signed with user credentials that Brightspace specifically grants to the calling application (the only exceptions to this are a small number of calls that have to do with properties of the API itself, such as querying the supported API contracts available and beginning a sequence to request user credentials). In this way, the Brightspace platform can identify every API call as coming from a known, approved-of application on behalf of a known, authenticated user.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Many aspects of Brightspace that offer you the flexibility to tailor (customise) the look and feel of the online environment, including the homepages (at all levels of the organisation), along with branding, and navigation, to name a few.
Each homepage can be configured with different widgets, such as standard calendar and announcement widgets or custom widgets built with the HTML Editor. Similarly, each organisation unit can also have a branding logo at the top of the page and can also have its own navigation bar with different links and link menus.
Colour schemes can be applied to a course or to the entire organisation. Also, shared resources such as picture libraries can be used as one controllable source for your logos and images to be used by multiple courses or programs.
Homepages can also look different for different roles (e.g. a teacher will have access to more content than students) and can be modified based on user preferences via Account Settings (e.g. if a Student needs to be able to view text in a larger or open dyslexic font, they can set this up).
|Independence of resources||We have a capacity planning team which meets regularly. We also have significant monitoring on our resources, which include thresholds that alert us before performance and capacity issues become a problem.|
|Service usage metrics||Yes|
|Metrics types||We offer analytics within the platform that will cover service usage (logins, tool usage, etc). We also offer uptime visualizations and reporting against your SLA and support level objectives.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Data Hub gets you the data you are looking for by allowing administrators to access to pre-defined collections of data (data sets) from Brightspace. Administrators can then export data sets as CSV files for further analysis in third party tools giving you the flexibility to filter, aggregate, and transform data for your needs. API-based access to data is also available to allow you to build automated data integration with Business Intelligence (BI) tools.
All the data sets are available as weekly fulls and daily differentials with Brightspace Core.
|Data export formats||CSV|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||D2L has a 99.9% uptime SLA. Should downtime occur, our monitoring logs will show the time stamp for when the offline period occurred. Downtimes are reviewed, and if downtime classifies for a penalty, our Cloud Operations team alerts our Finance team to issue the credit. If a credit is to be issued, this is reflected on the customer’s next annual invoice, or if an agreement is terminating and there are no further invoices, a refund is granted.|
|Approach to resilience||
Brightspace is built on the most modern software architecture in our industry. Microservices-based architecture makes the system faster, flexible, and scalable. This resilient and scalable approach is more flexible to be used across more potential services, APIs, or end-user devices like desktops, mobile devices, wearables, or whatever you want to connect next.
We use a continuous delivery model for updates so you don't have to worry about versions, upgrades, or migrations.
We guarantee 99.9% global uptime, and we have a historical track record of exceeding that. Our 24×7 NOC team works to ensure the system is available when users depend on it the most – even at peak times like semester start or employee onboarding. Our system supported more than a billion logins in 2016 and 2017.
We have a Business Continuity team who would make operational decisions and provide direction in response to a major event. This team is responsible for our business continuity plan.
Our Disaster Recovery plan is designed around replicating production data between two distinct data centers. The data centers contain identical infrastructure. As a result we can deliver an RPO of 15 minutes and an RTO of 1 hour.
|Outage reporting||Outages are reported through our dashboard, and via email alerts to our clients.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We can authenticate against our own database and we encourage people to use a SAML integration to integrate with customers SSO.|
|Access restrictions in management interfaces and support channels||Please see our security policies for details on the ways in which we restrict access https://www.d2l.com/security/policies/.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI Group America Inc. (BSI Inc.)|
|ISO/IEC 27001 accreditation date||06/11/2018 to 06/20/2018|
|What the ISO/IEC 27001 doesn’t cover||D2L complies as per the terms of this certificate.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||Active as of April 15, 2019|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||D2L complies per the terms of this certification.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
|Information security policies and processes||D2L has privacy and security-conscious policies that apply to all of its information handling practices including client confidentiality, our practices, and employees. D2L’s contracts include confidentiality provisions that prohibit D2L from disclosing customer confidential information, including customer data, except under certain defined circumstances such as when required by law. D2L agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law. For information collected on D2L’s Web sites, D2L provides assurances around the types of information collected, how that information may be shared and how that information may be used. D2L offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications, and offers individuals the opportunity to update or change the information they provide. Every D2L employee must follow D2L’s code of conduct, sign a confidentiality and non-disclosure agreement as a condition of employment, and follow D2L’s information security policies. D2L has multiple resources responsible for managing security including a Director of IT and Security, a Chief Privacy Officer and an Information Security Risk and Compliance Manager.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Our change management practices for our cloud environments require submission of change requests to a multi-representative team of cross-functional specialists who analyze each change and its proposed impact and risks. This Change Advisory Board (CAB) meets each business day to ensure there is both technical and managerial signoff on the proposed changes. Each change request requires a Standard Operating Procedure or Change Order document to provide guidance for the change. This includes the known risks and fallback plans as well as all pertinent work steps and validation checks. Changes initiated by a third-party require the process described above.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Any newly discovered vulnerabilities in production would be remediated based on Common Vulnerability Scoring System (CVSS) score and risk. The following list is a guide to facilitate the required time to remediate the vulnerability: Critical - 2 Days, High - 14 Days, Medium - 30 Days, Low - 90 Days or next patch cycle.
D2L updates monthly. The templates are updated with the latest patches and rolled out with every release. Servers are built from hardened, dedicated images and are scanned for viruses prior to deployment. Source code in repositories is scanned for malicious files and content prior to deployment.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||D2L deploys Application Performance Monitoring (APM) software which considers a variety of metrics to indicate the quality of the end user experience. These metrics have been developed based on typical user expectations, and the actual end user experience is reported back to the Network Operations Center (NOC) staff who take corrective action (such as adding additional web servers, expanding database resources etc.) should the APM report the responsiveness dipping below a preset threshold.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Our Security and Privacy Incident Management process is initiated through our support desk or Community. D2L would immediately launch an investigation to determine the cause of the breach and remediate the issue. We would contact customers within 48 hours, once we have verified that a breach has occurred. We’d share details with affected customers, including the cause of the issue and the steps being taken to address the issue. Afterwards, D2L's Security Incident Response Team would investigate the root cause of the issue, ensure no other customers were affected, and take steps to help ensure the issue cannot reoccur.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£10 to £15 per user per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
We offer a 30 day free trial of Brightspace (limited functionality) which can be downloaded from our website here: https://www.d2l.com/en-eu/trial/
We also offer a full sandbox experience too (not time limited), once the opportunity has been qualified.
|Link to free trial||https://www.d2l.com/en-eu/trial/|