Tribal Education Limited

Engage by Tribal

Tribal Engage allows you to manage the student experience. Designed for the cloud, with flexibility to work with current student information systems. Connect key institution stakeholders with students throughout the whole academic lifecycle. Continuous insight allows for timely interventions - improving retention and outcomes.


  • True cloud mobile app
  • Complete personalisation
  • Student support all in one place
  • Early intervention and prevention
  • Connect, communicate and collaborate with students
  • Real time, relevant communication
  • Fully integrated with student information systems
  • Open APIs connect to enterprise systems
  • Fully scalable to meet changing needs
  • Switch modules on and off as you need


  • Available anytime/anywhere, to ease student access to the whole institution
  • Students see a personalised view of their day, at-a-glance
  • Queries logged in one place, from enquiry to graduation
  • Spot and solve student problems quicker to improve their experience
  • Combine communication/collaboration with private, monitored and measured systems
  • Staff and students can communicate 1-2-1/in groups in real time
  • Integration allows for rapid deployment, adoption and advocacy
  • Save/reinvest budget by only paying for what you use
  • Avoid lost revenue by cutting drop-out rates
  • Modular approach means you can evolve at your own pace


£7,500 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 2 7 0 1 1 8 2 5 3 4 8 9 2 5


Tribal Education Limited Tribal Bids Team
Telephone: 0330 016 4000

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Engage can integrate with our ebs, Maytas, SID and SITS products
Cloud deployment model
Public cloud
Service constraints
Engage is a fully cloud-based solution with no local hardware requirements
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our response times to queries and incidents is based upon the severity of the incident in question. Critical faults (P1) are responded to within an hour. Major faults (P2) are responded to within two working hours. Important faults (P3) are responded to within four working hours. Minor faults (P4) are responded to within eight working hours. Our working hours are Monday-Friday 0900 to 1700 - therefore there would not be a response on weekends. Customers can provide us with an impact and urgency rating for any issues they raise which we use to help triage and assign priority.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All services offered will be supported by a Service Level Agreement suitable to the customer and the service ordered. There are three levels of service available; Essential, Enhanced and Enterprise and depending on the level of service required this will include a Service Delivery manager, Technical Project Coordinator and assigned Cloud Consultant. If additional out of hours or onsite support is required then this option is available at additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
At project onset we offer a series of introductory sessions for both staff and students, which extends to training on the staff side to utilise the systems and apps. We can also offer more technical onboarding session in terms of API management should this be required. Documentation for the system is also available.
Service documentation
Documentation formats
  • HTML
  • ODF
End-of-contract data extraction
The underlying database containing all customer data would be provided to a customer-accessible destination prior to the contract ending, in a format of their choosing.
End-of-contract process
We would work with the customer to define an exit plan which would involve extraction of data and completion of any outstanding services. The exact nature and cost of this exit plan will vary from customer to customer depending on their requirements.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
Engage is a mobile service which integrates with existing web-based student management systems
Service interface
Description of service interface
The Engage platform has a mobile app and web interface. The mobile app is available to download via iOS and Android stores and the web interface supports Chrome, Firefox, Edge and Safari browsers. Both the mobile and web user interface and user experience is designed to be familiar to other common social and learning network applications helping to drive adoption by users and institutions.

The mobile app and web interface can be branded for institutions and the software has and will continue to be built with the use of API’s.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The web portal aims to be compatible with WCAG AA accessibility standards. The institution can customise the portal to ensure any styling that is used is accessible as well as using the programmed solutions. We test with a range of screen readers which all work within our web portal. In order to make our web screens perceivable we aim to provide text alternatives for any non-text content so that it can be changed to fit the user’s requirements. We aim to make all of our web functionality available from a keyboard so that it is operable by any user. To make our web content understandable we aim to make web pages operate in predictable ways by ensuring that common features work in the same way across the software. We try to help users to both avoid and correct any mistakes on the web pages by providing help text and useful error messaging.
What users can and can't do using the API
The Tribal Edge ecosystem is a service-first system, allowing users to access and input data from their chosen systems as well as Tribal's technology.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Buyers can customise the modules and functionality within those modules. The system can be customised and branded to suit corporate look and feel.


Independence of resources
Our Tribal cloud customers would be running their applications on dedicated virtual servers (including presentation and database tiers) with reserved resources (cpu/ram/disk) which are available only to them. This ensures that other customers demands on the system do not affect the provision and performance of the application, avoiding so called ‘noisy neighbour’ issues.


Service usage metrics
Metrics types
Tribal Cloud incorporates an application to provide alerts to relevant teams when issues arise or thresholds are exceeded.  It is a SaaS-based automated IT performance platform.  As it is SaaS-based no processing is done on the monitored node, consequently, it has a minimal performance overhead.
It can monitor any Tribal Cloud service as part of our managed service
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Database instances will be encrypted including snapshots at rest using an industry standard. Once the data is encrypted, authentication of access and decryption of the data is handled transparently with a minimal impact on performance. Physical access is managed by AWS/Microsoft as appropriate as it is a public cloud offering.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The users can export their data using the available APIs. Users are also able to request an export of their data from our support teams.
Data export formats
Other data export formats
  • JSON
  • SQL
Data import formats
Other data import formats
  • JSON
  • SQL
  • Xml

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer a minimum 99.5% availability, assured by contractual commitments. Exact SLAs will vary from client to client and their desired uptime.
Approach to resilience
Our service offers the cost and efficiency advantages that virtualisation brings along with centralised management and control, built in redundancy features like clustering, and a unified set of orchestration tools. The environment is backed by both our 100% Network Uptime Guarantee and our One-Hour Hardware Replacement Guarantee, supported by hundreds of Microsoft Certified experts to create a customised Virtualisation environment base.
Outage reporting
Service outages are reported through both our support portal and direct contact from the appropriate service delivery manager who is assigned to the client. The method of communication will be agreed with the specific client, but could include email alerts, direct phone calls etc.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access in management interface and support channels is managed on a Role Based Access Control system (RBAC) as with the rest of the system. In this way you can control which areas of the system and support users have access to.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register LRQA
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
N/A - our ISO accreditation covers all of our business activities.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Tribal has been an ISO27001 certified organisation since 2009 and all of our development and delivery services will be delivered from locations which are specifically ISO27001 certified. The accreditation process included a review of Tribal’s Information Security Management System (ISMS) and our overall policy for handling data including how it is collected, held and maintained.
We have local security forums for all of our offices, which feed into our central Information Security Governance forum which reports to the board. We have permanent Quality and Security Managers who form part of this board.
As well as our regular certification revalidation process (carried out by external evaluators) we regularly test our systems and processes with a series of internal audits to ensure that policies and processes are being followed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
For our software solutions, Tribal has a structured Change Control process for managing requests for change and enhancements. All Requests for Changes (RFCs) are raised via the Service Desk and go through internal vetting by the respective support team before gaining authorisation from Tribal. Regular Change Advisory Boards meet to review Emergency and non-standard changes. Details of all changes are provided to the Service Manager to review and will obtain final approval from the Contracting Body before proceeding. The Contracting Body will be involved in the change Process at each stage and included in any post implementation review as required.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of our ISO27001 processes we have a risk/vulnerability assessment procedure which will be undertaken on any new customer site and service.
Patches will be deployed depending on the severity of the problem and the level of testing required.
Information about potential threats is found based upon initial and recurring risks assessments, internal procedures and known threats highlighted by both the industry and users.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our managed service includes the proactive monitoring of all services to identify potential compromises.
Based upon the nature of the compromise we would then respond to the agreed SLA.
The speed of the response will be determined by the severity of the incident.
Incident management type
Supplier-defined controls
Incident management approach
Our ISO27001 processes include a defined Incident Management process. All personnel are responsible for reporting incidents to the Information Governance Committee (IGC) or Security Forum representatives as quickly as possible. We have a formal Incident Report Form which staff use for recording the details of the incidents.
Security weaknesses will be recorded on a spreadsheet for tracking purposes. Any person can identify weaknesses, which will be managed by the Quality team in conjunction with the Security Forums and IGC as appropriate.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£7,500 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.