Holhooja Ltd.

Moodle Platform as a Service

This is a shared Moodle LMS Platform to enable the delivery of small and short term project based online training courses. Course content will need to be supplied by the projects

Features

• Google, Amazon or Azure Hosted
• Wide mix of supported media (SCORM, Interactive Documents, HVP, Video)
• Create and manage eLearning delivery and assessment
• Personal development plans for targeted training, and full competency/goal management
• Integrated interactive performance Dashboards for Corporate performance management
• Integrate with third party authentication/HR systems, and OpenBadges

Benefits

• Hosted on secure Google, Azure or AWS Cloud
• Manage classroom sessions for blended learning
• See what percentage has completed compliance training
• Full project coaching services with your team to get results
• Managers can assign learning, and view completion data

£0.50 to £5 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

492534202858620

Contact

Government Cloud Team
07736552007
gcloud@holhooja.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No Constraints
• System requirements:
  • Web Browser
  • SCORM Compliant eLearning Content

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same working day
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: This service is intended for short term projects so we recommend our basic support package: 10 x 1 Hour Support Credits @ £750 + Vat; ; We are able to offer more customised support services that will suite your project requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our basic package for smaller projects can be up and running within a day by customer requesting number of users and receiving admin account for their own environment. ; ; If you requires additional support, training, migration then we will work closely with you and your team to understand the requirements and plan the delivery together within your time scales.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The end user can extract data at any time during the contract period using core system reports.
• End-of-contract process: The customer can extract any data they require through front end reports. ; ; We can offer at a one off charge the supply of the customer database. ; ; After expiry of the agreement, the customer environment is wiped from the hosted environment after 3 weeks of grace.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features available on the desktop site are also available on the mobile site. The site responds to the screen size and distributes content appropriately to be displayed on desktop, smartphone and tablet devices.
• Service interface: No
• API: Yes
• What users can and can't do using the API: Moodl has an extensive API Library including: RESTful, SOAP, XMLRPC, JSON and AMF, SCORM and LTI standards, NTLM, Shibboleth. LDAP and SAML, SQL and Oracle database connections
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system is highly configurable to meet local requirements. Home-pages, navigation menus and dashboards can be configured by the site administrators.; ; Within the front end we can turn on/off specific functionality and design work flows to ensure staff see functions relevant to their role.; ; Further customisations that may require own environment hosting within the public cloud is also possible and can be offered by our developers.

Scaling

• Independence of resources: This is a shared service running on scalable Google Cloud. Where customers require a guarantee of resources allocated we can offer dedicated hosting environment with agreed initial and scalale resource.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are available through Moodle Dashboard.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard Moodle System reports available to customer primary account
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The environment is a stable enterprise version of the software hosted on resilient highly available public cloud environments. ; ; We pass to the customer the SLA for Google Cloud, Microsoft Azure or Amazon Web Services but make no guarantees beyond those offered by these providers.
• Approach to resilience: This is a public cloud hosted service and we pass to the customer the resilience afforded to the environment by Google Cloud, Microsoft Azure or AWS.
• Outage reporting: Yes all public cloud service have an outage reporting dashboard which can be used by the customer to verify availability; ; Any outages due to maintenance or software patching will be reported to customers by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Through IAM roles and policies; ; Google Cloud: https://cloud.google.com/iam/docs/overview; ; Microsoft Azure: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview; ; AWS: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_controlling.html
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We adhere to ISO 27001 Information Security Standards and we are working towards such certification but have not achieved it yet.
• Information security policies and processes: We adhere to the following security policies and processes: ; ; - Data Loss and Corruption; - Secure and logged access and modifications; - take measures to protect from loss or corruption, ; - follow the Data Protection Act 2018 and EU GDPR 2016; - Directors retain responsibility for security ; - Staff and Consultants are trained and work by security principles. ; ; Our Information Security policy is available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: - LMS Software Platforms; - Open Source and Commercial Plugins; - Underlying Compute Environment ; - Administration Dashboard and Users
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We perform vulnerability assessments on a regular basis primarily focused on issues affecting the LMS environment or any of its plug-ins through security alerts from the relevant sources. ; ; We also run security scans and keep up to date with the latest insights from the cyber security industry. ; ; Cyber security and protection is assessed based on the severity and likelihood of the threat using a Common Vulnerability Scoring System. ; ; New vulnerabilities reported normally result in a patch being generated rapidly. We would install this within one day in most cases.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: - Detect is made through cloud based monitoring tools provided by the public cloud hosted environment ; ; - We have configured alarms and audit logs to identify suspicious activity. ; ; - Hierarchical levels of access security. ; ; - Events are analysed to identify potential compromises or inappropriate use of our service. ; ; - Action taken same day (immediately or within hours) of detection.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: - Internal Reporting to person in charge; - Incident Assessment ; - Loss of Personal Data is reported immediately; - Active attacks are diverted or service suspended. ; - Support is sought from public cloud provider. ; - Customers are informed if personal data loss or suspension of services occurred.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £0.50 to £5 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF