CDSM Interactive Solutions Ltd

Thinqi Learning Management System

A modern Learning Management System (LMS) that provides easy-to-use content curation and authoring tools to bring your organisation's knowledge and learning into one place. With a truly modern user experience, Thinqi can deliver seamless informal, formal, social and workshop learning journeys coupled with powerful assessment, reporting and tracking tools.


  • Digital content repository with powerful search and retrieval tools
  • Events booking and management system
  • E-learning authoring tool – Playlists
  • Assessment and real-time reporting
  • Forums and discussions for communities of practice
  • User profile and e-portfolio
  • Website and Content Management System (CMS
  • 3rd Party Interoperation with productivity tools (Google & Office 365
  • Fully cloud based
  • Badges/Gamification


  • Reduction in administration overhead
  • Reduced cost of producing high quality e-learning
  • Slim Learner Management System (LMS) more streamlined and effective
  • Promotes social constructivist learning approach in organisation
  • Can support formal, informal, blended and flipped modalties
  • Publish to and access from anywhere via any device
  • Excellent engagement rate
  • Improve Learning self-efficacy through reward and recognition
  • Insightful learner engagement analytics
  • Access different cloud providers and subsidiary services


£1.80 to £20 per user per year

Service documents

G-Cloud 11


CDSM Interactive Solutions Ltd

Nick Davies

01792 463865

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements
  • Customer can bring their own LRS license (optional)
  • Access to Modern Browser versions (Chrome, IE, Edge, Safari, Firefox)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 09:00 to 17:30 hours UK Time Monday to Friday (excluding
UK public holidays

Priority one tickets are responded to within -1 working hour

Priority two tickets are responded to within - 2 working hours

Priority three tickets are responded to within - 4 working hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We have provided representative assistive technology groups with test and feedback opportunities to ensure that our service is accessible with modern assistive technology.
Onsite support Yes, at extra cost
Support levels Standard - Inclusive of license cost
Silver - £4,500 (+VAT) Per Annum
Gold - £5,995 (+VAT) Per Annum
Platinum - £6,995 (+VAT) Per Annum

A technical support engineer will respond to tickets that can not be resolved by the user, or our customer support team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The system has been designed to be highly intuitive and accessible to maximise uptake and engagement.

For all customers, user documentation and online help videos are provided to assist orientation and provide something to refer to in the user's own time.

We provide both on-site and online training sessions tailored to the needs of the customer. Often we will provide 'train the trainer' sessions to devolve onboarding in the larger organisations we work with.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction Users can contact the Thinqi helpdesk and request a copy of their data. The data will then be extracted from the system and provided in a common machine readable format.

In addition, CDSM can provide AWS Machine Images (AMIs) of the Learner Record Store (LRS)* and transfer these to an account of the buyers choice.

The collection of all other data (non-assessment data) will be taken from the Learning Management System’s database(s) and will be transferred and stored on an encrypted hard drive that will be securely couriered to the buyer. Unless CDSM is instructed by the buyer to destroy the data in accordance with data protection good practice guidelines and CDSM data security policy.

All latest versions of content objects* will be packaged and delivered as ZIP files and transferred to the buyer in line with exit agreements.
End-of-contract process At the end of the initial contract, we are naturally left with two options; to extend, or to exit the contract.

CDSM will make a commitment as part of the project terms to provide the purchasing organisation with easy access to relevant learning data.

If applicable, we can export the purchasers “Learning Record Store” that contains every learning statement generated by their users.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The system has been designed using HTML5 and open web standards. This means that the it is optimised for cross-device usage, including tablets and mobile.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing The interface has been tested with a range of assistive technology devices and representative stakeholders. Feedback has been iterated in to the system at regular intervals. CDSM is fully committed to regular testing and updates, and will continue to do so.
What users can and can't do using the API High-trust API can be made available to customers to read LMS data such as event or assignment data or to write data such as updating user properties. This is useful for integration with HR systems.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Thinqi can be customised by the purchaser to show only the features that are relevant to their users, and the required workflow. Branding and system language can also be customised to meet the specific requirements of the purchaser. The system provides features for the purchaser to easily control and manage this through an administration panel.

Users have the option in Thinqi to personalise their experience to be unique to their learning requirements. A user can set their preferences through their user profile, which will automatically push relevant learning resources, communities, courses and events that match their needs.


Independence of resources The Thinqi architecture scales horizontally across multiple servers/containers and across multiple data centres in a geographic region. The application code is iterated regularly to ensure that it is performant and optimised. AWS Cloudfront is utilised enabling Thinqi to scale massively. Files are served from S3 via cloudfront which allows regional caching for fast user download time and large burst capacity. All servers site behind elastic load balancers (ELBs) that scale for traffic load. Microservice design – the application is built as distinct dedicated services, allowing scaling of individual parts and resilience against failure of a single piece of the application


Service usage metrics Yes
Metrics types Metrics we provide include (but are not limited to) user logins, resource views and breakdowns, tag usage and breakdowns, search metrics, tool usage.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach For full data exports, user can request export of their data via the Thinqi helpdesk.
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Any document format can be uploaded

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability CDSM prides itself on an excellent level of uptime for its hosted systems. We can confirm that the system will be available 24/7/365 except for planned maintenance that has been previously agreed.

For similar size applications over the last 12 months, CDSM have achieved >99.99% uptime.

We understand that a failure of service can have a fundamentally detrimental effect on customers’ and end users’ perception of the provision. Because of our engagement with national providers CDSM
will ensure that availability and continuity of service is be a primary focus for CDSM.
Approach to resilience Microservice design – the application is built as distinct dedicated services, allowing scaling of individual parts and resilience against failure of a single piece of the application

This includes all traffic being routed through load balancers with a minimum of two servers, scaling up as necessary to handle the traffic load.

The servers used include Windows 2012 R2, Windows 2016 and Ubuntu Linux.

The application itself consists of ASP .NET 4.5.2 and NodeJS REST APIs with a Backbone JavaScript application layer for the website. A high availability Varnish reverse proxy layer ensures high performance website speeds.

The data layer for the application is a high availability MongoDB sharded database. It also uses a high availability Elasticsearch cluster to provide fast search capability.

Specific AWS services are leveraged to increase system scalability, resilience and reduce network latency for users. These include:
S3 – highly redundant and available storage
CloudFront – highly scalable content website caching
SQS – highly redundant and available queues to insure against single points of failure and ensure integrity of internal system procedures
Outage reporting Uptime monitored in real time through online monitoring services. The application automatically switches to an offline page providing information to end users in case of an outage. In case of outage customers are contacted directly via phone or email as per company incident management processes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels All actions in Thinqi are managed through a granular permissions system aggregated into clear pre-defined user roles. Users are provided access to management interfaces through these roles and can be managed by the Thinqi support team or a customer administrator.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Security Metrics
PCI DSS accreditation date 08/02/2018
What the PCI DSS doesn’t cover No electronic cardholder data held.
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Infosec policies and processes set out in company security, data processing and BCDR policies. Head of Technology responsible for managing and implementing policies and processes and reports directly to board of directors. Security team reports to Head of Technology and provides guidance, auditing and training to the wider company.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All components are managed through semantic versioning. Components versions included in the application are tracked via source control and tightly versioned in immutable packages. Configuration managed through "Infrastructure as Code" tools. Change to live application follows ITIL change management process and involves pre and post change reviews.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Rolling schedule of patching in place for all systems. New threats assessed through communication from Internet sources such as security mailing lists and podcasts (including CVE and CSA). Any emerging threats are assessed for severity and risk. Depending on the outcome of this risk, exceptional patching is scheduled and validated by the security team.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Logs from different elements from the application are scanned in realtime and the security team has threats flagged immediately. Threats are reviewed and response assigned based on severity.
Incident management type Supplier-defined controls
Incident management approach Incident responses for common events set out in company security policy and training conducted with security team and other company staff members. Users report any incidents to the helpdesk. If incident is security or safeguarding related then support staff are trained to escalate directly to security team. All incidents are assessed in an objective post-mortem report conducted by senior staff members post incident.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.80 to £20 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial As part of the free trial period, CDSM will provide a facilitated demonstration to provide an overview of the product.

A 14 day trial can then be commissioned which will include all of the main system features.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑