Macleod Associates


Workpepper is a cloud-based platform to monitor, track and deliver on-line and classroom learning for training providers, L&D departments and Colleges, with a discrete "out of the box" module for online Booking & Payment. Ofsted recognition for improving delivery for 5-20,000+ learners. Totally customisable for multiple services & event scheduling/optimisation/attendance.


  • Schedules learning programmes, tracks attendance and measures assessment outcomes
  • Every training intervention recorded & accessible - permission controlled
  • ALL communications recorded - SMS, Email, Phone, Mail
  • Intuitive navigation - no training required
  • Auto-communication - new templates instantly created
  • Customised look and feel to match your brand
  • Highest level of Data Security and Back-Up: ISO 27001
  • Real time reporting for all data required
  • Optimised for Laptop, Tablet & Smartphone
  • 'O' Data interface to link existing/legacy system data


  • Access all data 24/7/365 from any internet-connected device
  • Every learner has a personalised account viewable by relevant stakeholders
  • Substantially reduce administrative time with automated but personalised communication
  • Real time data to aid immediate management interventions
  • Create wait lists & future courses based on demand data
  • Researched design to maximise user journey experience & uptake
  • Cloud based, open source software to minimise build/update costs
  • SCORM compliant to facilitate blended or e-learning delivery
  • Customisable dashboards for key metrics/reports
  • FREE, easy to use Intranet to enhance organisation-wide communications


£1950 per instance

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Macleod Associates

Adrian Slater


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Modern Browser (Chrome, IE10+)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response Times can be as fast as 1 hour during the working day for urgent issues. Each client will be able to select appropriate response times via a Service Level Agreement covering degrees of urgency and importance. Out of business hours support is offered at additional cost.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat is accessible via 'best in breed' 3rd party providers to Workpepper. Clients can select from a range of web chat accessibility options according to need & budget.
Web chat accessibility testing None required to date.
Onsite support Yes, at extra cost
Support levels • Email
• Phone
• Live chat
• Onsite
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Service onboarding process forms part of the overall package.
However, as Workpepper is invariably co-designed by all stakeholders and adopts 'Agile' build and deployment, with 2 weekly sprints followed by UAT, training is very rarely required. The system is intuitive and deliberately designed to facilitate simple navigation for all stakeholders, who only need to see and access fields relevant to them.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Key feature video clip tutorials
End-of-contract data extraction A service offboarding process will be agreed, as appropriate, with every customer and is included as part of the overall package.
End-of-contract process At the conclusion of a contract, all data will be available to review or archive in a format in an agreed format for the outgoing customer

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All platforms are optimised for desk/laptops, tablets and mobile devices
What users can and can't do using the API 'O' Data API access is available and supported.
Connect via secure oData interface and query the datamodel. It is not possible to change security credentials of accounts via the interface or do SSO.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The entire look and feel of the Workpepper platform can be customised according to customer preferences. Workflows are also created in consultation with the customer to ensure the platform supports and optimises business processes, rather than business process having to fit the platform. Once the platform design has been co-designed and deployed, the customer can create, amend and delete many features to facilitate everyday changes and requirements, without having to wait or pay for expensive developer time.
Additionally, a new, simpler, Booking & Payment System can now be procured, without the more complex learner management capabilities of a fully customised Workpepper. This Booking System enables users or clients to order or book individual or multiple services & events and pay online or use vouchers etc. The Booking System can still be tailored to suit individual organisational requirements, business workflows and processes.


Independence of resources The systems are totally siloed with scalable resources per system to exceed anticipated client demand.


Service usage metrics Yes
Metrics types Real-time management information is provided in a suite of pre-agreed reports.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Consumers can access the data via the oData interface
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% uptime. Refund on a per hour basis (1/730 of monthly fee)
Approach to resilience Servers are setup in a redundant failover configuration, with multiple backups throughout the day.
The server equipment is located in individual Cabinets.
Equipment is maintained and monitored in climate-controlled environments with SLAs for temperature and humidity.
The data centre is designed with five layers of physical security, 24/7 security staff and access control systems.
Outage reporting Text and email notification as an option

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Though a role based approach
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As per ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are managed in a continuous deployment process. Releases are packaged and tested in a staging environment before deployment to production
Vulnerability management type Undisclosed
Vulnerability management approach Systems are monitored though different vectors.
Hotfixes can be deployed within hours.
Protective monitoring type Undisclosed
Protective monitoring approach Servers are reviewed weekly for threats.
Breaches will be communicated within hours and impact coordinated with the customer for full transparency.
Incident management type Undisclosed
Incident management approach Whether you have pre-defined processes for common events? Yes
How users report incidents? Phone or email.
How you provide incident reports? Written Reports

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1950 per instance
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A sandbox enviroment can be provided for testing purposes

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑