Valamis Learning UK Limited

Valamis Learning Experience Platform

Valamis - Learning Experience Platform, is an award-winning, open-source solution. It is being used by corporations, government agencies, universities, and other organizations to facilitate learning and improve performance

Features

  • Compelling metrics and reporting of critical talent management data
  • Chatbot, machine learning, artificial intelligence
  • Supports SCORM and Experience xAPI
  • Content curation
  • Own content creation tool compatible with external authoring tools
  • Competencies and skills portlet management
  • Native APP supports iOS and Androids (Works offline)
  • Supports microlearning and macrolearning
  • Responsive web design (RWD)
  • GDPR Compliant

Benefits

  • Aligns corporate learning strategy with the business strategy
  • Facilitates the onboarding, upskilling and training of the workforce
  • Data driven decisions
  • Keeps the training and the business agile: Blended learning
  • Microlearning decreases information overload and increases knowledge retention
  • Foster a continuous learning culture
  • Accessibility: Learning happens any time, anywhere, on any device
  • Leveraging the training as a competitive advantage
  • Knowledge sharing is continuously nurtured through the social learning
  • Publish content in real-time

Pricing

£15,000.00 an instance

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.mills@valamis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 9 7 4 3 7 3 7 5 0 4 6 1 5 3

Contact

Valamis Learning UK Limited Daniel Mills
Telephone: +44 (0)7736 088990
Email: daniel.mills@valamis.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Our service does not have any constraints for potential buyers. In order to avoid interference with our customers' regular operations, the maintenance and updates are planned in cooperation with our clients.
System requirements
  • Browser on a computer, connected to internet
  • Mobile device or tablet with internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
- 24/7/365 support is available

Response time depends on the incidents category.
Response times are:

- An extremely critical error which prevents the production use of the application: 2 hours.

- A non-critical error which significantly prevents the production use of the application: 4 hours.

- Non-critical error, which does not prevent but makes production use of the application unnecessarily difficult. Can be described as a cosmetic
improvement: 1 day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels:
Basic, included in subscription cost.
Extended, 10% of subscription cost
Premium, 15% of subscription cost

We provide Technical account manager and Customer Experience Manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our system has been designed to be intuitive and user-friendly. However, customers can choose how they prefer the onboarding session: Onsite training, online training or self-training using the support material like the User guide documentation and videos.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Instructional videos
  • Webinar recordings
End-of-contract data extraction
The data is exportable in machine-readable format, including data in a standard format where applicable (xAPI for example).
End-of-contract process
At the end of a contract, all customer's data will be extracted and provided to the customer at no extra charge. After ending the contract, customer's data and the application will be removed, including the backups.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Valamis mobile application is providing mostly Learner's functionality, while web version has also Learner, Designer and Administrator functions. Only the mobile App has offline functionality.

Valamis mobile application supports iOS and Androids.
Service interface
No
API
Yes
What users can and can't do using the API
There are different sets of API available, including API for Learners (browser learning content, enroll, submit etc.), Learning Designers (create, publish content etc.), Admins (create users, grant permissions etc.). Access to API is following Role Based Permissions configurations same way as access to Web/Mobile Application.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Look and feel and white-labelling. Integrations. Custom content and co-development.

Scaling

Independence of resources
The environment can be dynamically scaled based on the number of active users. Projections for the number of users are estimated when new customers are added to Valamis Cloud.

Analytics

Service usage metrics
Yes
Metrics types
. Amount of users
- Amount of usage per day

Any other customer-specific request can be created separately.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Microsoft Azure complies with many security standards, including CSA CCM v3.0 for physical access control. In addition, data at rest is encrypted using Storage Service Encryption.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users have the possibility to export all their data in a machine-readable format by using standard functionality of Valamis.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our approach to the refund policy works in the form of “Service Credits”. When our customer reaches the renewal date, or if they would like to add new users to the service. As a company, we’ll first draw from our customer's credit balance before any charges.
Approach to resilience
The information available on request.
Outage reporting
We got email alerts from Valamis Cloud environment outages from two different monitoring (Nagios and New Relic). The New Relic alerts are coming also to our support phone.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
Valamis can be integrated with different authentication mechanisms, including LDAP, different SSO, and social logins, like Google, LinkedIn, and Facebook. Also, 2-factor authentication using Google Authenticator can be integrated,
Access restrictions in management interfaces and support channels
A dedicated group of support people and system administrators. Production networks are separated with restricted access. Physical separation/restricted access to hardware.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
KPMG IT Certification Ltd
ISO/IEC 27001 accreditation date
11/11/2019
What the ISO/IEC 27001 doesn’t cover
The whole company is ISO27001 certified
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
KATAKRI: Finnish equivalent to ISO 27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Company level security is ensured by following ISO27001 requirements. We have documented security incident process, and risk assessment meetings semi-annually. For the personnel, there is a mandatory security training session implemented on our internal Valamis training platform. We monitor completion of these lessons and have personal tutoring session for all incoming personnel. On projects, we use internal audits on three stages: After architectural decisions, during development, before testing. This audit has been formalized as security checklist card. At the moment we are preparing for SOC2 certification, which will take place in Q4 2020.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Team lead and/or customer’s product owner can submit change requests. These are handled primarily in the release meetings. The effect of these requests is documented (budget, work) and accepted by the customer in written form. If the effect of the change request is too large to be accepted by the product owner, the request will be escalated to the management team for acceptance.

We use Atlassian JIRA Agile for the change management to collect, document and track the requests and plan their implementation in releases. Customer has access to our company JIRA for reporting change requests and tracking their progress.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
In regard to vulnerability management process, we follow the standards and notifications provided by the National Cyber Security Centre Finland (NCSC-FI).

Also, we work in close cooperation with F-Secure who on a regular basis assess potential threats to our services.

About patches: They are applied based on the issue's vulnerability level. Critical vulnerability issues are immediately attended by our hot-fixes team.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our solution has in place a protective monitoring process which follows the notifications and suggestions by the National Cyber Security Centre. Also, our partner F-Secure performs on a regular basis scanning of our services.

The responses and actions in regard to potential compromises are tracked, followed and solved by leveraging actionable tickets in our monitoring system Atlassian JIRA.

We have defined an issues' severity level structure which determinates the actions and response time.
Incident management type
Supplier-defined controls
Incident management approach
Our solution has in place a protective monitoring process which follows the notifications and suggestions by the National Cyber Security Centre Finland (NCSC-FI). Also, our partner F-Secure performs on a regular basis scanning of our services.

The responses and actions in regard to potential compromises are tracked, followed and solved by leveraging actionable tickets in our monitoring system Atlassian JIRA.

We have defined an issues' severity level structure which determinates the actions and response time.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£15,000.00 an instance
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We have various trial packages, some free and some paid. The free options enable organizations to test the platforms core features which will save 90% of what an organisation would seek to launch with. These can last up to 2 weeks for audiences of roughly 25 people.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.mills@valamis.com. Tell them what format you need. It will help if you say what assistive technology you use.