New Media Warehouse Ltd T/A Synergy Learning

Totara TXP (Learn, Perform and Engage) - Learning Management System

Totara Learn brings the benefits of open source learning to organisations, significantly reducing the cost of your learning management, with advanced functionality for workplace learning. Our platforms support competency management, performance management, team management, compliance tracking, classroom management and flexible reporting features.


  • Track learning progress and compliance
  • Personal development plans
  • Manage team development (performance management)
  • Encourages and fosters knowledge sharing (social learning)
  • Delivery of effective eLearning
  • HR/ERP/CRM integration
  • Organisation and position frameworks
  • Performance management, appraisals and 360 feedback tools
  • Accessible anywhere, any time, from any device
  • Sophisticated reporting


  • Map learning to individual jobs, management, departments, teams and groups
  • Access instructor led training, self-paced eLearning and virtual training
  • Deliver training and content to users on any device
  • Integration and interoperability with other platforms
  • Content authoring and management capabilities with both content and activities
  • Create assessments from question banks, track scores and completion rates
  • Determine compliance criteria and maintain clear and accurate audit trails
  • Maintain current and historical records of active and completed learning
  • Support informal and social learning, allowing employees to share knowledge
  • Complete picture of usage, progress and achievement across your business


£6,750 a unit a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 3 0 4 5 1 7 7 8 3 7 2 4 7 0


New Media Warehouse Ltd T/A Synergy Learning Jonathan McAlister
Telephone: +44 (0) 28 9042 2000

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Preference is for deployment on LAMP environments. Synergy Learning provide a fully managed service on this stack.
System requirements
  • Microsoft Edge
  • Google Chrome
  • Recent versions of other browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Average response time is 1 hour 20 minutes

No ticketing support response is available at weekends.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
None to date but we plan to
Onsite support
Yes, at extra cost
Support levels
Synergy Learning provides second line support to a dedicated team of Totara administrators/support staff with fixed or unlimited hour options available.

The provision of ongoing support includes the capturing of all feedback and calls logged with Synergy Learning in our helpdesk. Nominated users with access to the helpdesk will have access to all tickets, from all users, and will be able to view their status, change the priority, respond to any query and monitor the total time used.

For application support the severity of the issues or problems submitted determines the time and method of our response (email or by phone).

Fixed hour contracts range from £1,500-3,000. All costs exc VAT

An account manager is assigned to each customer with a technical account manager provided where applicable. Cloud support engineers are available as part of the application support provided.
Support available to third parties

Onboarding and offboarding

Getting started
We begin each implementation of our service with a series of onsite/remote consultancy days and training.

This ensures all required users are trained in the appropriate areas and the site is configured correctly.

In addition to have an implementation consultant and trainer, online documentation with self-service guides are available.

Administrators of the platforms will also have access to our application support helpdesk via email and/or phone.

Where additional training is required this can be provided onsite or remotely in short sessions, covering specific use cases that are unique to your requirements and workflows.
Service documentation
Documentation formats
End-of-contract data extraction
At the conclusion of the hosting and support period, if the contract is not extended, the client can request all of their files and data to be provided as a migration to another platform/provider. Synergy Learning provides;

* Database dump
* Archived folder for Moodle files
* Archived folder of uploaded data and files
* Removal of all data once confirmation received that all files have been received

We also recommend and support you in creating specific reports that extract user records with the report builder, delivering data in a spreadsheet format, in addition to the entire site data backup.
End-of-contract process
We provide the download of your site data, if under 5GB, as part of the contract. For any sites above 5GB a small charge will be applied to download your data locally, adding this to a portable storage device and securely sending this via courier.

For any transfers of sites via RSYNC an additional cost would be applicable for any additional time or transfers requested if this was required as part of a migration.

The daily rate for server engineers would be applicable to this.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There is no difference in the mobile and desktop service. All features are available on mobile. The learning platforms are responsive in their design, ensuring the content responds accordingly based on the size of the screen the user is accessing the site on.
Service interface
Description of service interface
The platform is accessed by all users and administered by users with higher privileges via a web browser. Different features are presented to a user based on the role assigned to them. Full administrator access would be provided to allow full service management.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have been involved in a number of government projects and we have completed, and continue to do, testing for users with assistive needs, especially to meet the requirements in the project GDS panel.
What users can and can't do using the API
Web services enable other systems to push and/or pull date from the platforms and perform operations. This simple example will give you an idea of how our web services infrastructure works;

* The client sends a username and password to the web service login script.
* The script returns a token for that user account.
* The client calls a particular web service function on a protocol server including the token .
* The protocol server uses the token to check that the user can call the function.
* The protocol server call the matching external function, located in a externallib.php file inside the relevant module.
* The external function checks that the current user has_capability to do this operation.
* The external function calls the matching Moodle core function (in lib.php usually).
* The core function can return a result to the external function.
* The external function will return a result to the protocol server.
* The protocol server returns the result to the client.

With over 200+ web services available in the core platform and the ability to write your own to extend the platform, the possibilities are limitless.
API documentation
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
As an Open Source platform the core code can be deployed as-is or customised to meet specific needs. This includes, but not limited to:

* New features or functionality
* The interface and user experience (theme)
* Additional web services
* Integration with third-party software
* Addition of community plugins, developed/contributed by others

User can customise either through the application itself (via settings that can be modified via the browser) or through development of their own code/plugins. Where this skillset is not available we can provide this service for you.

Customisations can be provided by other parties or suppliers and would require a review from a security and performance perspective before being applied to your own site.


Independence of resources
We provide both shared cloud and private cloud options for the managed hosting service of our applications.

If using the private cloud there will be resources allocated directly against the customers site and their users, independent of other sites or services that are provided. This ensures no other demands impact the service.


Service usage metrics
Metrics types
Service metrics are provided around the SLA's in the contract. This includes the response and resolution times of support tickets, the uptime/availability of the site, active user count, performance of the server and storage usage/available.

It is a fully managed service but additional metrics can be provided on request if they are readily available to provide.
Reporting types
Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export their data in spreadsheet format, PDF or OpenDocument formats. Reports can be built to create these exports.

Course data can also be backed up and migrated to a similar system using the backup/export tool. This is saved as a MBZ compressed file. Unique to the learning platform application.

This can be managed without any input from the supplier.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Excel
  • Aiken (text)

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Synergy Learning endeavours to provide the most reliable network infrastructure possible to its Customers. Provided the Customer has complied with its obligations under the hosting Agreement, Synergy Learning guarantees that the network is available 99.95% of the time, excluding: a) scheduled maintenance b) circumstances beyond the Supplier's reasonable control, including, but not limited to: DoS or other network attacks, upstream or 3rd party network outages, war, fire, flood, sabotage, labour disturbance, acts of government and c) breaking this Agreement or the Supplier's Acceptable Use Policy, available within the terms and conditions.

Where levels are not met, users can follow the guidelines in the contract to request a refund or cancel the service should they wish
Approach to resilience
Multiple physical servers are in operation with a healthy amount of RAM installed. The servers use multiple Intel Quad core processors and run the XenServer Hypervisor. The servers have multiple physical NICs, which are actively in use providing a resilient path to the storage area network, public accessible network and the management network. The servers are configured to be in a XenServer pool with High Availability enabled in load-balanced environment. The platform also sits beneath the Synergy Learning perimeter firewalls. These are Cisco ASA firewalls in an Active/Active configuration with stateful failover.

Further information is available on request.
Outage reporting
As per the SLA we will notify clients by email of any outage of prolonged length advising of a guided resolution time along with details of the issue.

Following any outages we follow up via email with a detailed outline of the cause, steps taken to resolve and any future actions advised to ensure this does not occur again.

An account manager will also be in contact for any prolonged issues by email and/or phone.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to the site is controlled by the role you are assigned, at various contexts that have a set of permissions which control what you can and/or cannot do.

Other restrictions can be put in place by management, organisational or position hierarchy within the application where configured correctly, ensuring users only have access to the information that is appropriate.

For support channels we limit the users who can access this resource by requesting names and email addresses of authorised users on contract initiation.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
ISO27001 security accreditation held by the data centers used

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Our datacenter and transit provider has ISO27001 security accreditation and we provide Cloud solutions to public sector organisations including high profile security conscious projects to Judicial Institute and Legal Aid Agency. Our platform falls within IL1/2.

We have documented processes and procedures for all items related to security that all required staff are aware of and follow.
Information security policies and processes
All data will be held within our secure hosting infrastructure and Synergy Learning are registered data handlers under the Data Protection Act 1998 (registered number: Z2723604). By following our polices and internal procedures, both formal and informal, we ensure we meet the required regulatory compliance, this includes regular review of our policies and procedures.

All items from our IT Information Security Policy are covered in the training of new staff, particular those who would have access to the servers and data. This includes IT Department Responsibilities, Users’ Responsibilities, Software Security Measures, Anti-Virus Security Measures, Hardware Security Measures, Access Security, Data Protection, Internet and Email Use, Reporting IT Security Breaches, Workflows and Implementation of Policy.

All staff report directly to the Head of Technical Services and person responsible for security in the matter of any breaches or concerns.

Whilst no guidelines are currently formally met we intend to formalise policies and procedures in the near future. Informal procedures have been agreed and communicated internally with nominated staff should this incident occur in the meantime.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A copy of the code-base will be held in the central version control solution (GIT) managed by our development team. All code changes to the solution’s code base are recorded in this repository.

A staff member will be nominated as Release Manager for all software updates to the different logical environments for the solution.
• Compilation of file update packages to each environment
• Co-ordinating testing with the customer
• Creation of release notes indicating functionality and/or faults resolved in the release.
• Tracking of software updates
• Co-ordinating software releases to the production environment
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use the most recent, and security supported, version of Operating System and platform code to run our applications. Long Term Support (LTS) versions are installed and in operation where possible, with weekly updates and patching of the services occurring every Wednesday.

For any threats we assess these with the required team and owners and determine what action is required and the prioritisation of any actions.

We collect information from trusted sources, partner sites and official product/service sources.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We monitor our systems for potential security risks or breaches. A number of tasks are carried out on a daily basis by our networks team with proactive monitoring in place. For system monitoring the default services which are monitored 24/7 are: Server Alive, HTTP/HTTPS, SSH, Disk Usage, CPU, Load Average, Bandwidth and FTP (If applicable).

Staff are aware of our processes and steps in the event of a security incident and these members of staff would be responsible for either direct communication to the client or updating an account manager who will be in close contact with the client immediately.
Incident management type
Supplier-defined controls
Incident management approach
Where the customer wishes to submit an incident for investigation, a helpdesk is provided by Synergy Learning where tickets are captured in a central location and documented with the client. Tickets can be escalated and all communication is captured within each ticket. A dashboard of all tickets is available as part of our application support and any items escalated appropriately.

Depending on the incident our team will have a pre-defined workflows and information readily available to quickly resolve the incident.

Incident reports, when in breach of SLA or for a prolonged period, are provided as a document to the customer.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£6,750 a unit a year
Discount for educational organisations
Free trial available
Description of free trial
Fully active service, with all functionality, for up to 30-days to review key functionality. No download of data is provided after the trial and is permanently deleted following the end of the trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.