Totara Social is an open source Enterprise Social Network (ESN) designed to manage and connect your people to the knowledge and resources within your organisation. Use Totara Social to become more adaptable, to learn (optionally with Totara LMS), share information and innovate at speed.
- Create, remix and share content
- Social networking
- Engage with comments, forums and chats
- Share ideas, and work on them together
- Build and share knowledge
- Skills profiling
- Integration with Totara LMS
- Create content, add web pages
- Break the silos with Connections and Groups
- Create separate blogs for projects or groups
- Propose ideas, add descriptions, tags and files
- Create talent pools, a digital resumé or an extended profile
- Add Comments to content, pages and feeds
- Ask a question and define who it goes to
£9170 to £47660 per instance per year
- Education pricing available
- Free trial available
0117 344 5007
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Totara LMS, Totara Performance and Totara VLE|
|Cloud deployment model||Private cloud|
|Service constraints||There are no constraints|
|Email or online ticketing support||Email or online ticketing|
|Support response times||1 to 8 hours during UK business hours|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.0 AA or EN 301 549 9: Web|
|Web chat accessibility testing||As per Skype for Business WCAG 2.0 reports for Microsoft products|
|Onsite support||Yes, at extra cost|
Client Services Manager support. Cost based upon number and duration of onsite visits per year.
2nd line system administration user support and training. Cost dependent upon subscription size.
3rd line technical maintenance. Cost dependent upon server configuration.
|Support available to third parties||Yes|
Onboarding and offboarding
Prior to go live, all system administrators are trained onsite.
After go live, system administrators have access to online training and certification, and an online user documentation portal.
In addition, system administrators have ongoing online support via Zendesk and quarterly onsite support from the Client Services team.
|End-of-contract data extraction||
The off-boarding process comprises:
- Provide compressed copies of Site files / Database;
- Transfer domain name;
- Purge the data from servers and all historic backups.
|End-of-contract process||The off-boarding process is included in the price of the contract, any additional actions would be at additional cost.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Totara LMS uses responsive theming and will therefore the user interface will adapt to suit a PC, tablet and smartphone screen size.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||In the latest version of Totara there is testing with the Voluntary Product Accessibility Template (VPAT).|
|What users can and can't do using the API||
AMF, REST, SOAP and XML-RPC can be utilised within Totara and implemented on request by the technical team to integrate external systems such as payroll and HR systems.
SCORM, AICC and xAPI can be utilised for elearning and set by the user within external authoring technologies.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Totara has high configurability built into the system administration menu and this includes the user interface colours and layout. Totara is a permissions based system so anyone with the appropriate level of permission can make the customisations.
Customisation is at the site level, the course level and at the workflow level when designing performance processes such as appraisal reviews.
At the course level, there are a range of course creation options and activities that are customisable including the layout of the activities, and the design of online assessments.
There is a report builder where the appropriate user can customise reports and dashboards.
|Independence of resources||Totara is hosted on scalable cloud servers that are monitored 24/7 using New Relic performance monitoring software|
|Service usage metrics||Yes|
|Metrics types||Totara uses a report source to defines the primary type of data that will be used in a report. The report source for service metrics is called 'Site Logs' for site-wide user activity logging.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Never|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Totara provides a custom report builder that allows system administrators to create custom site-wide reports that can be exported in CSV, ODS and PDF formats.|
|Data export formats||
|Other data export formats|
|Data import formats||
|Other data import formats||External database|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
|Guaranteed availability||The aim is for no more than 0.1% of the year of unscheduled downtime where there is total inaccessibility to your Totara site. There is also an aim for no more than 4 hours a month of scheduled downtime for maintenance. Totara is performance monitored via health checks at the platform layer.|
|Approach to resilience||Our data centre partners, Bytemark, provide a national network built with resilience in mind. The core and data centre networks benefit from 10Gbps of connectivity and are designed to transparently tolerate the failure of any link or piece of equipment. Further details available on request.|
|Outage reporting||Outages and planned maintenance will be reported to system administrators by email.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Totara utilises role-based access control for named system administrators and managers. The individuals, Totara system administration and management roles, and specific configuration access are specified and agreed as part of the implementation. The named system administrators also have access to technical support via Zendesk.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ISO Quality Services Ltd.|
|ISO/IEC 27001 accreditation date||09/03/2017|
|What the ISO/IEC 27001 doesn’t cover||Bytemark have separate ISO27001 certification for the UK data centre. Certificate available on request.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Information Security Management System policies and processes, certificated and audited bi-annually by ISO Quality Services Ltd. Audit reports available on request. The Information Security Manager is a board level Director.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Code configuration is managed by the technical team utilising GitHub. System configuration and change management is managed initially by the Solution Management (implementation) team and then the Client Services team once live. System configuration and change management is documented in SharePoint using a versioned functional and non-functional requirements spreadsheet.
All changes and upgrades are tested within a client specific development environment to ensure functionality and security before moving to the live environment.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Vulnerability management is a control within our Information Security Management System (12.6.1). Where vulnerabilities are identified, system asset lists are examined to assess the impact of the vulnerabilities on the security of the system. Where a software update is deemed necessary, then the change control process is initiated.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Totara is monitored 24/7 at the application layer via New Relic health checks and protective monitoring. In the event of a compromise the technical team are alerted by text to resolve the issue.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Users report incidents via Zendesk and then into the incident management process:
- Classification and initial support;
- Investigation and analysis;
- Resolution recording, closure and reporting via Zendesk.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||New NHS Network (N3)|
|Price||£9170 to £47660 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The free trial site enables you to explore Totara functionality.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|