iWise2ebusiness Ltd

kokm End Point Assessment

kokm End Point Assessment platform (EPA) is a highly featured End Point Assessment system for End Point Assessment Organisations (EPAO) that want an online and blended assessment platform for Apprentices. kokm EPA is a fully tailorable eCommerce enabled website and EPA Platform for Apprentices, Assessors, Training Organisations, Employers, IQA, EQA.


  • Unified EPA digital workplace: all in one
  • Integrations to legacy applications
  • Workflows for Apprentices, Assessors, Training Company and Employers
  • Feedback processes, web-forms, portfolios, scoring and verification
  • Learning Management System and Assessments
  • Bookings and Events
  • Knowledge Library
  • Digital Asset Management
  • Real Time Reporting
  • eCommerce and Shops


  • Single digital interface improved productivity, engagement & collaboration
  • One place to work, learn, share and sell -tailored workflows
  • Assessment and feedback process
  • Instant Chat equivalent to leading stand alone tools
  • Advanced easy booking of resources and people
  • Multiple content types with any user editing and puiblishing
  • Easy and speedy access to all information
  • Advanced search and find Google like listing and power searching
  • Simple publishing of content to the website
  • Flexible workflows bending the SaaS to your needs


£3500 to £100000 per licence per year

Service documents


G-Cloud 11

Service ID

6 6 0 7 3 7 5 8 7 0 4 4 5 5 0


iWise2ebusiness Ltd

Martin Thomas

+ 44 (0) 7919408924


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
The service does not have any constraints. The service is deployed with all its features and can then be tailored to the client workflows and needs.
System requirements
No specific system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday to Friday UK Business Hours are standard. Extra support e.g. 24x7 can be purchased.

Support can be contacted via phone, email or chat systems.

Acknowledgements are instant and issues addressed according to priority.

Usual responses are:

Guidance <24 hours
Short response <2 hours
Minor <1hrs
Significant <30 mins
Critical <15 mins
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Support is provided to Client Senior 'Site wide' Administrators from the Client Service Manager as part of the contract at no extra cost.

The kokm platform is intuitive for users and they require no additional training or direct support.

A support site is available for Client Senior 'Site Wide' Administrators.

24 x7 or extended user support is at additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
Kokm works closely with each client to define needs and set implementation plans.

kokm implements via a project that has detailed project controls and communications to meet the implementation plan requirements as agreed with the client.

kokm provides detailed support and training to key client users.

Training is often via web conference but can be provided on-site (additional costs may apply).

kokm is intuitive to users so no additional training is required. The kokm system provides at the point of use guidance.

kokm provides a support site for Client Site wide Administrators with a wealth of additional support information, videos etc.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Via kokm support website
End-of-contract data extraction
All data belongs to the user.

kokm will transfer data to the Clients nominated resource as required providing that transfer is technically feasible.
End-of-contract process
Kokm provides data transfer and content transfer if required. This is achieved via either a system to system data transfer, making files and folders available for transfer or is achieved through downloads. This can attract day rate costs depending on the methods and mechanisms chosen. All content belongs to the client and is actioned according to the clients requests e.g. data destroyed. Post completion of any data/content transfers the site and all remaining items are destroyed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Kokm is a fully responsive website and works across all devices.
Service interface
Description of service interface
Kokm is a fully responsive eCommerce enabled website/portal and platform.

It can be accessed as a website: external users seeing the website public content.

Members/staff/clients/suppliers/community/network (approved users) can log in from the website to use the internal features of kokm and/or access direct from integrations with or without the web presence via API's, OAuth, LDAP and SAML with Single Sign On (SSO).

Users can be synchronised with other identity management software such as Microsoft ADFS/AD, OKTA etc.

If integrated users access kokm's tailored landing page dependent on the integration configuration and the users permissions, groups and roles.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
What users can and can't do using the API
Kokm has API's that enabled user integrations and also has SAML capability.

kokm has capability to integrate through RESTful APIs, OAuth, LDAP and SAML.

kokm can build/adapt API's as required or integrate to APIs.

kokm controls all aspects of its API and set up.
API documentation
API sandbox or test environment
Customisation available
Description of customisation
Kokm is a flex-SaaS.

kokm works with the buyer to customise:

Look and feel (fully eCommerce enabled website): Any design can be accommodated.

Branding, Workflows, Reporting, Integrations, User menus and navigation, Naming conventions and nomenclature, Languages and currencies, User journeys, User communications, Bespoke database additions and data collections, IOT (Internet of Things) inputs and graphical displays.

kokm is designed as a flexi-SaaS enabled high degrees of branding, tailoring and customization.

Some of these customisation are done at set up and in the hands of kokm ongoing others are in the hands of the buyer's nominated Client Sitewide Administrators.

kokm has the capacity to create and develop bespoke additions to the base kokm tailoring the platform to the client's exact needs. Legacy systems can be integrated and data transferred from retired systems e.g Filestores like Sharepoint.


Independence of resources
Kokm is hosted in Amazon Web Services (AWS) and utilises scaling technology across its infrastructure. kokm also provides discrete environments for its clients ensuring the key compute elements are isolated to a particular client. kokm also load balances and duplicates key components of its architecture.


Service usage metrics
Metrics types
Kokm provides reports and usage information across a broad range of site activity, user transactions and content usage.

Report metrics come from the database and from kokm's Learning Record Store which is tracking activity via xAPI (Experience API).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported in a number of ways depending on the need within the system. Some data may be exported via integrations/VPN links or downloaded by users or administrators in csv/excel files. kokm has the ability to download many tables and attachments so files may also be downloaded. kokm can also bulk export data if requested or set up automated processes to do the export.
Data export formats
  • CSV
  • Other
Other data export formats
  • Users can download to PDF or Print versions of pages
  • Users can download documents made available for them to download
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF, Open Office, Microsoft Office Word Powerpoint Excel etc
  • Zip files for SCORM xAPI from third party tools
  • Video files: avi, mp4, WMV etc
  • Audio files: mp3, eav etc
  • Images/Pictures: jpg, png, gif, PSD, etc
  • Other file types can be supported

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Kokm's data sits in a Virtual Private Cloud behind Web Application Firewalls inside security subnets and data can be encrypted at rest if required.

Availability and resilience

Guaranteed availability
Kokm provides dupliacted load balanced architecture to provide the highest levels of business continuity.

kokm as a Saas over the internet aims for 99.9% available and has an SLA fo 99.5%.

kokm immediately addresses any outage should it occur and would work with you on restoration should such an event occur.
Approach to resilience
Kokm provides a resilient architecture and more detailed information is available on request.
Outage reporting
Kokm immediately advises key personnel directly if an outage occurs,

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Kokm is a fully eCommerce enabled website so when is use to the piblic as well as signed in authenticated users kokm is used by the public and these users are not authenticated.

Authentication takes place when a user transacts and communicates with the kokm database (e.g. purchases an item) or is logged in.

kokm can authenticate users via a number of methods and provide Single Sign On (SSO). kokm can use Identity Management capabilities such as ADFS and Active Directory and third party services for example OKTA.
Access restrictions in management interfaces and support channels
Kokm is built as one product and management and support access the site as normal users enabling them to use the capability of kokm. They will however be presented with additional options, menus and navigation controls because they carry a support of management role.

Access to capabilities in kokm is driven by your roles, permissions and team membership along with the hierarchy.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
All users access kokm in the same way but are restricted in what they can do based on their roles, permissions and team membership and their position in the organisation hierarchy.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
E-Zest Ltd and AWS
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Note: Our software supplier/developers and hosting environments meet these requirements.
ISO 28000:2007 certification
Who accredited the ISO 28000:2007
E-Zest Ltd and AWS
ISO 28000:2007 accreditation date
What the ISO 28000:2007 doesn’t cover
Note: Our software supplier/developers and hosting environments meet these requirements.
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
Note: This is notifying that our Hosting environment AWS meets these requirements and will certify its data centre on an ongoing basis. The date in nominal.
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Kokm utilises hosting and other service providers that meet ISO27000 and other significant standards. We require evidence of these standards and their maintenance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Kokm utilises a ticketing system using well known proprietary ticketing and code release applications. All changes go through this controlled process accompanied by a staged development through testing to production process.

All changes are approved through this process and testing.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threat assessment is undertaken in several ways:

1. CTO and Executive level constant scanning of environment
2. Alerts from providers of any element of the kokm architecture
3. Software deployed in the kokm architecture to alert, detect and prevent

Changes are deployed based on severity and any safety patches required are immediately deployed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Kokm deploys management software to identify potential compromises
kokm also deploys its servers and other elements of its architecture to provide maximum prevention of exposure.
A potential compromise will be addressed immediately using the ticketing and controls system.
Incident management type
Supplier-defined controls
Incident management approach
Kokm has a pre-defined process for reporting and management of issues.
Incidents will be detected by kokm and immediately ticketing into its incident control.
A user identifying an issue has direct contact into a Client Services Manager and will report direct either through phone, email or chat.
Incident reports are documented and manged through to conclusion.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3500 to £100000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
A free trial includes all aspects of kokm apart from enabled eCommerce.
There is a time limit of 1 month unless otherwise agreed.
Link to free trial

Service documents

Return to top ↑