Valamis Learning UK Limited

Valamis Learning Experience Platform

Valamis - Learning Experience Platform, is an award-winning, open-source solution. It is being used by corporations, government agencies, universities, and other organizations to facilitate learning and improve performance

Features

• Compelling metrics and reporting of critical talent management data
• Chatbot, machine learning, artificial intelligence
• Supports SCORM and Experience xAPI
• Content curation
• Own content creation tool compatible with external authoring tools
• Competencies and skills portlet management
• Native APP supports iOS and Androids (Works offline)
• Supports microlearning and macrolearning
• Responsive web design (RWD)
• GDPR Compliant

Benefits

• Aligns corporate learning strategy with the business strategy
• Facilitates the onboarding, upskilling and training of the workforce
• Data driven decisions
• Keeps the training and the business agile: Blended learning
• Microlearning decreases information overload and increases knowledge retention
• Foster a continuous learning culture
• Accessibility: Learning happens any time, anywhere, on any device
• Leveraging the training as a competitive advantage
• Knowledge sharing is continuously nurtured through the social learning
• Publish content in real-time

£15,000.00 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.mills@valamis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

497437375046153

Contact

Daniel Mills
+44 (0)7736 088990
daniel.mills@valamis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our service does not have any constraints for potential buyers. In order to avoid interference with our customers' regular operations, the maintenance and updates are planned in cooperation with our clients.
• System requirements:
  • Browser on a computer, connected to internet
  • Mobile device or tablet with internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: - 24/7/365 support is available; ; Response time depends on the incidents category.; Response times are:; ; - An extremely critical error which prevents the production use of the application: 2 hours.; ; - A non-critical error which significantly prevents the production use of the application: 4 hours.; ; - Non-critical error, which does not prevent but makes production use of the application unnecessarily difficult. Can be described as a cosmetic; improvement: 1 day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels:; Basic, included in subscription cost. ; Extended, 10% of subscription cost; Premium, 15% of subscription cost; ; We provide Technical account manager and Customer Experience Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our system has been designed to be intuitive and user-friendly. However, customers can choose how they prefer the onboarding session: Onsite training, online training or self-training using the support material like the User guide documentation and videos.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Instructional videos
  • Webinar recordings
• End-of-contract data extraction: The data is exportable in machine-readable format, including data in a standard format where applicable (xAPI for example).
• End-of-contract process: At the end of a contract, all customer's data will be extracted and provided to the customer at no extra charge. After ending the contract, customer's data and the application will be removed, including the backups.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Valamis mobile application is providing mostly Learner's functionality, while web version has also Learner, Designer and Administrator functions. Only the mobile App has offline functionality.; ; Valamis mobile application supports iOS and Androids.
• Service interface: No
• API: Yes
• What users can and can't do using the API: There are different sets of API available, including API for Learners (browser learning content, enroll, submit etc.), Learning Designers (create, publish content etc.), Admins (create users, grant permissions etc.). Access to API is following Role Based Permissions configurations same way as access to Web/Mobile Application.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Look and feel and white-labelling. Integrations. Custom content and co-development.

Scaling

• Independence of resources: The environment can be dynamically scaled based on the number of active users. Projections for the number of users are estimated when new customers are added to Valamis Cloud.

Analytics

• Service usage metrics: Yes
• Metrics types: . Amount of users; - Amount of usage per day; ; Any other customer-specific request can be created separately.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Microsoft Azure complies with many security standards, including CSA CCM v3.0 for physical access control. In addition, data at rest is encrypted using Storage Service Encryption.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users have the possibility to export all their data in a machine-readable format by using standard functionality of Valamis.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our approach to the refund policy works in the form of “Service Credits”. When our customer reaches the renewal date, or if they would like to add new users to the service. As a company, we’ll first draw from our customer's credit balance before any charges.
• Approach to resilience: The information available on request.
• Outage reporting: We got email alerts from Valamis Cloud environment outages from two different monitoring (Nagios and New Relic). The New Relic alerts are coming also to our support phone.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: Valamis can be integrated with different authentication mechanisms, including LDAP, different SSO, and social logins, like Google, LinkedIn, and Facebook. Also, 2-factor authentication using Google Authenticator can be integrated,
• Access restrictions in management interfaces and support channels: A dedicated group of support people and system administrators. Production networks are separated with restricted access. Physical separation/restricted access to hardware.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: KPMG IT Certification Ltd
• ISO/IEC 27001 accreditation date: 11/11/2019
• What the ISO/IEC 27001 doesn’t cover: The whole company is ISO27001 certified
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: KATAKRI: Finnish equivalent to ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Company level security is ensured by following ISO27001 requirements. We have documented security incident process, and risk assessment meetings semi-annually. For the personnel, there is a mandatory security training session implemented on our internal Valamis training platform. We monitor completion of these lessons and have personal tutoring session for all incoming personnel. On projects, we use internal audits on three stages: After architectural decisions, during development, before testing. This audit has been formalized as security checklist card. At the moment we are preparing for SOC2 certification, which will take place in Q4 2020.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Team lead and/or customer’s product owner can submit change requests. These are handled primarily in the release meetings. The effect of these requests is documented (budget, work) and accepted by the customer in written form. If the effect of the change request is too large to be accepted by the product owner, the request will be escalated to the management team for acceptance.; ; We use Atlassian JIRA Agile for the change management to collect, document and track the requests and plan their implementation in releases. Customer has access to our company JIRA for reporting change requests and tracking their progress.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: In regard to vulnerability management process, we follow the standards and notifications provided by the National Cyber Security Centre Finland (NCSC-FI).; ; Also, we work in close cooperation with F-Secure who on a regular basis assess potential threats to our services.; ; About patches: They are applied based on the issue's vulnerability level. Critical vulnerability issues are immediately attended by our hot-fixes team.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our solution has in place a protective monitoring process which follows the notifications and suggestions by the National Cyber Security Centre. Also, our partner F-Secure performs on a regular basis scanning of our services.; ; The responses and actions in regard to potential compromises are tracked, followed and solved by leveraging actionable tickets in our monitoring system Atlassian JIRA.; ; We have defined an issues' severity level structure which determinates the actions and response time.
• Incident management type: Supplier-defined controls
• Incident management approach: Our solution has in place a protective monitoring process which follows the notifications and suggestions by the National Cyber Security Centre Finland (NCSC-FI). Also, our partner F-Secure performs on a regular basis scanning of our services.; ; The responses and actions in regard to potential compromises are tracked, followed and solved by leveraging actionable tickets in our monitoring system Atlassian JIRA.; ; We have defined an issues' severity level structure which determinates the actions and response time.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £15,000.00 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We have various trial packages, some free and some paid. The free options enable organizations to test the platforms core features which will save 90% of what an organisation would seek to launch with. These can last up to 2 weeks for audiences of roughly 25 people.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.mills@valamis.com. Tell them what format you need. It will help if you say what assistive technology you use.