ION Learning Platform
ION is a Learning Platform. ION comes with everything you need to get your online learning strategy started. Our flexible modular approach lets you expand the functionality and content offered from within ION.This is the right approach to help you demonstrate return on investment and return on excellence.
- Easy authoring and dissemination of content
- Easy to access on any device
- Present content based on role and career with Learning Pathways
- Learning Record can be used to simply assign mandatory content
- Learning Communities enables learners to interact with each other
- Enable Line Managers to explore the progress of their staff
- Event Booking System enables the management of Face-to-Face cources
- Policy tracking tool allows dissemination and acceptance of policies
- Create an enthused culture of learning
- Create an engaging, user-centric learning experience
- Make the traditional LMS more intuitive and user friendly
- Encourage and support social learning and interaction
- Understand and track what your learners use and need
- Ensure you are meeting mandatory and compliant learning requirements
- Increase the performance of your organisation and your workforce
- Reduce the costs of Face-to-Face training programmes
£12995 per instance per year
The Working Manager Limited
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|System requirements||None. Only a web browser is required|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Target Response Time is 48 hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Support is included to the administration team of ION. This is typically managed remotely. Onsite support is available from a consultant at a cost of £850 + VAT per day plus expenses at cost.|
|Support available to third parties||No|
Onboarding and offboarding
Our team of skilled account and project managers can help you analyse the opportunity of moving to ION and enable you to create a user centric environment where learners will not only come to once but on a sustainable basis.
All of our account managers have been exactly where you are and can provide practical advice as they have all been Learning and Development Managers with some of TWM’s clients. This means they can empathise with your challenges and offer insight in a way other providers are unable to deliver. Every TWM client is assigned a dedicated account manager who will be your primary contact and will work with you to manage the delivery, and importantly the help you drive adoption of your solution. Support is provided at every step from initial scoping through to delivery and continued use. We will help make sure that your ION portal evolves with your needs.
As our account managers are uniquely qualified and experienced as Learning and Development Managers, they are well equipped to advise you on the best approaches for both roll out and adoption, as well as how to best leverage benefits from the functionality you will have available to you.
|End-of-contract data extraction||Content developed by the client is of course owned by the client and will be returned by placing a request with their Account Manager|
|End-of-contract process||At the end of contract that is not renewed, the users ION solution will be archived with user access removed. Any data to be returned will be agreed. If a client requests that their solution is permanently deleted, this will be done within 30 days.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None. ION uses a responsive design to adapt to mobile devices.|
|Description of customisation||Using the Site Manager tool client can customise the design, branding and layout of their ION portal to create their own unique organisation learning space.|
|Independence of resources||Each client has their ION solution hosted on their own area of TWM's dedicated servers housed by Rackspace, a leading ISP. TWM monitors individual client usage and server performance to make improvements where necessary and maintain exceptional performance levels.|
|Service usage metrics||Yes|
|Metrics types||Metrics are provided through the Site Manager tool so that managers can understand who is accessing content and when as well as progress. This helps identify engagement strategies to achieve the highest level of engagement possible.|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Exported information must be carried out by our technical team and can be requested through a client's Account Manager.|
|Data export formats||
|Other data export formats|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Availability: 99.5% during the core day. Not more than 2 hours unavailability in any core day
All of the above service levels are measured on a monthly basis. A working day for the purposes of this Schedule shall be Monday to Friday, excluding public holidays and bank holidays. A core day for the purposes of this Schedule shall be (Monday – Friday 09:00 – 17:30hrs).
Availability shall be calculated using the following mechanism
A = (600 x WD) (D Dp) x 100
(600 x WD)
A = Availability in %
600 = Number of minutes per working day
WD = Number of working days per calendar month
D = Total downtime recorded in minutes
Dp = Planned downtime and agreed exclusions recorded in minutes which is scheduled in advance to perform system testing, upgrades, enhancements and routine maintenance activities.
Failure to meet availability levels will be discussed commercially with your Account Manager.
|Approach to resilience||
ION is hosted by Rackspace.
Rackspace are a Tier 4, ISO27001 compliant datacentre in the UK.
The technical resilience of the service is supported through:
• Use of an established data-‐centre, Rackspace, registered to ISO27001
• Multiple data-‐lines and ISPs to the data-‐centre
• High specification dedicated servers for the application and data.
A managed backup plan at RackSpace causes a daily backup of live production data and each day takes an “image” of everything regarding the data and site configuration for the clients site.
Backups are retained for 14 days. The backups are not encrypted as they are retained onsite within the data centre, with the policy being that only backups taken offsite being encrypted. Encryption of backups can be made at request of the client but there may be an additional charge. After the backups have expired they are aged off and overwritten.
The application and database servers have multiple hard drives and use a combination of RAID types 1 and 5 depending on requirements to keep systems running in case of hard drive failure.
Prior to software upgrades we take a full backup of the server.
This enables complete recovery of a previous version if required.
|Outage reporting||Clients will be notified of an outage by email from our support team in the event of any problems. We will always strive to rectify problems as soon as possible.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Support is given administrators only and identity is confirmed via security questions. The close working relationship between client and Account Manager helps reinforce this.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI accredited Rackspace. Certificate IS 636168|
|ISO/IEC 27001 accreditation date||07/10/15|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Visa accredited Rackspace|
|PCI DSS accreditation date||01/06/2009|
|What the PCI DSS doesn’t cover||N/a|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Security is included in all staff induction and regular briefings are held with all staff.
All staff credentials are recorded securely
Any breach is recorded in a security incident log
The log and improvement are reviewed quarterly
|Information security policies and processes||
All information security is overseen by Chris Alexander in collaboration with Rackspace, our ISP used for hosting. Information security policies form part of all staff inductions. Any breach is reported directly to Chris Alexander.
All client data falls into two categories
Restricted – disclosure causes significant risk to clients and/or TWM
Private – disclosure causes moderate risk to clients and/or TWM
We are responsible for ensuring the security of data held
Access to systems:
- Auto-secure of unattended workstations
- Auto-secure of TFS Server
- User Authentication for each Developer
- All code changes tracked
- All versions of code maintained
- Rackspace – RDP Autosecure
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Where the CLIENT or TWM identifies the need for a Change then either party must submit a proposed change using the Change Control Form to the other.
No Change shall be valid until it is authorised in writing by the authorised representative of both parties.
Each Change shall be assigned a unique reference number and effective date of change.
Any improvement or addition to the Systems or Services which does not result in increased costs to the CLIENT shall not be subject to the above change control procedures.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible. Should an incident be identified or reported, we aim to respond to incidents within 4 hours.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Whether incidents are internal or external, users are asked to complete our Incident Response Report Form which is then added to our Incident Log. Information captured includes a summary, notifications made and action taken.
For each incident there is a post incident analysis which generates a lessons learnt. Processes are then updated accordingly.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£12995 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|