Holhooja Ltd.

Dedicated edX Platform

This is a dedicated edX LMS Platform to enable the delivery of large scale secure online training courses with flexibility for customisation, own security and cost management.


  • Google, Amazon or Azure Hosted
  • Wide mix of supported media (SCORM, Interactive Documents, HVP, Video)
  • Create and manage eLearning delivery and assessment
  • Personal development plans for targeted training, and full competency/goal management
  • Integrated interactive performance Dashboards for Corporate performance management
  • Integrate with third party authentication/HR systems, and OpenBadges


  • Hosted on secure Google, Azure or AWS Cloud
  • Manage classroom sessions for blended learning
  • See what percentage has completed compliance training
  • Full project coaching services with your team to get results
  • Managers can assign learning, and view completion data


£0.10 a user a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@holhooja.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 6 7 0 4 5 3 8 1 8 7 1 6 8 1


Holhooja Ltd. Government Cloud Team
Telephone: 07736552007
Email: gcloud@holhooja.co.uk

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No Constraints
System requirements
  • Web Browser
  • SCORM Compliant eLearning Content

User support

Email or online ticketing support
Email or online ticketing
Support response times
Same working day
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
We can customise our support model on various levels of requirements which will need to be discussed with the customer to include one or more of the following:

- Hosting & Security;
- HTTPS /TLS /SSL Security;
- Server and stack maintenance;
- Sandpit Staging environment;
- System maintenance patch /bug fixes;
- System maintenance patch /bug fixes;
- Branding to reflect the organisational identity;
- Telephone Support UK Business hours;
- ROI Meetings 3 per annum;
- On Site Support & Coaching
Support available to third parties

Onboarding and offboarding

Getting started
We will engage the customer through a project planning workshop to understand and scope the requirements, deployment, responsibilities and time frames.

- Design and Theme.
- eCommercee
- Badging and Certification
- Hosting and Scalability
- Security Management
- Data and Information Security
- New or migration requirements.

Data templates are populated with the required data in the new LMS.

A ‘go-live’ date is agreed for the new LMS at which point you will be trained in the live system.

Training day are not consecutive to allow administrators to learn the basics initially and then learn advanced functions.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
This is a dedicated environment for the customer and will have their own databases.

The end user can also extract data at any time during the contract period using core system reports.
End-of-contract process
The customer can extract any data they require through front end reports.

We can offer at a one off charge the supply of the customer database.

After expiry of the agreement, the customer environment is wiped from the hosted environment after 3 weeks of grace.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All features available on the desktop site are also available on the mobile site. The site responds to the screen size and distributes content appropriately to be displayed on desktop, smartphone and tablet devices.
Service interface
What users can and can't do using the API
EdX has an extensive API Library including: RESTful, SOAP, XMLRPC, JSON and AMF, SCORM and LTI standards, NTLM, Shibboleth. LDAP and SAML, SQL and Oracle database connections
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The system is highly configurable to meet local requirements. Home-pages, navigation menus and dashboards can be configured by the site administrators.

Within the front end we can turn on/off specific functionality and design work flows to ensure staff see functions relevant to their role.

Further customisations that may require own environment hosting within the public cloud is also possible and can be offered by our developers.


Independence of resources
This is a dedicated service running on auto scalable Google Cloud, or Azure or AWS. The autoscalability will be based on agreed performance parameters.

We will offer customers guarantee of resources allocated through dedicated hosting environment with agreed initial and scalale resources


Service usage metrics
Metrics types
Service metrics are available through edX Dashboard and hosted environment
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Standard edX System reports available to customer primary account
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The environment is a stable enterprise version of the software hosted on resilient highly available public cloud environments.

We pass to the customer the SLA for Google Cloud, Microsoft Azure or Amazon Web Services but make no guarantees beyond those offered by these providers.
Approach to resilience
This is a public cloud hosted service and we pass to the customer the resilience afforded to the environment by Google Cloud, Microsoft Azure or AWS.
Outage reporting
Yes all public cloud service have an outage reporting dashboard which can be used by the customer to verify availability

Any outages due to maintenance or software patching will be reported to customers by email.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Through IAM roles and policies

Google Cloud: https://cloud.google.com/iam/docs/overview

Microsoft Azure: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

AWS: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_controlling.html
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We adhere to ISO 27001 Information Security Standards and we are working towards such certification but have not achieved it yet.
Information security policies and processes
We adhere to the following security policies and processes:

- Data Loss and Corruption
- Secure and logged access and modifications
- take measures to protect from loss or corruption,
- follow the Data Protection Act 2018 and EU GDPR 2016
- Directors retain responsibility for security
- Staff and Consultants are trained and work by security principles.

Our Information Security policy is available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
- LMS Software Platforms
- Open Source and Commercial Plugins
- Underlying Compute Environment
- Administration Dashboard and Users
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We perform vulnerability assessments on a regular basis primarily focused on issues affecting the LMS environment or any of its plug-ins through security alerts from the relevant sources.

We also run security scans and keep up to date with the latest insights from the cyber security industry.

Cyber security and protection is assessed based on the severity and likelihood of the threat using a Common Vulnerability Scoring System.

New vulnerabilities reported normally result in a patch being generated rapidly. We would install this within one day in most cases.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
- Detect is made through cloud based monitoring tools provided by the public cloud hosted environment

- We have configured alarms and audit logs to identify suspicious activity.

- Hierarchical levels of access security.

- Events are analysed to identify potential compromises or inappropriate use of our service.

- Action taken same day (immediately or within hours) of detection.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
- Internal Reporting to person in charge
- Incident Assessment
- Loss of Personal Data is reported immediately
- Active attacks are diverted or service suspended.
- Support is sought from public cloud provider.
- Customers are informed if personal data loss or suspension of services occurred.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.10 a user a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@holhooja.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.