Andy Black Associates Ltd

ComSkills

ComSkills is a cloud-based software as a service platform offering a template for government departments to easily create customised video e-learning and online training services for their office-based and remote working employees. The platform gives access to online training videos, training support materials, access to live webinars & online exams

Features

  • Train office based and remote workers
  • Create customised video e-learning lessons, tests & exams
  • Hosted cloud service with 24/7 support
  • Weekly technical backup of full service
  • Accessible on PC, laptop and mobile
  • Reports on progress - lessons completed, tests passed
  • Flexible rights and permissions - Sys Admin to content editor
  • Service security
  • Easy to use and highly intuitive
  • See an example Comskills service at https://comskills-ukraine.co.uk/

Benefits

  • Rapidly upskill your workforce with video e-learning
  • Create customised learning and development based on best practice
  • Allow 24/7 accessibility - your workforce can learn at home
  • Improve productivity
  • Reduce training costs
  • ComSkills is low cost to create and maintain
  • Easy to update
  • Scalable cloud service
  • Embedded webinar software also allows live training
  • ComSkills is a resource that can be continually accessed

Pricing

£20,000 to £40,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy@comskills.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 0 5 8 3 0 2 1 4 7 6 3 7 5 9

Contact

Andy Black Associates Ltd Andy Black
Telephone: 07881 314570
Email: andy@comskills.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No
System requirements
N/A

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday to Friday - 09.00 to 17.00 - 4 hour response to questions

Other times 8 hour response to questions
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Facebook Messenger
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Support and maintenance is included in the ComSkills service

All client sites are monitored 24/7 x 365
Specific support calls are handled by a technical account manager from 09.00 to 17.00 UK time, outside of these hours support is provided by cloud support engineer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
ComSkills is an online training platform. At registration, users access an online User Guide to assist them and have a contact form to send questions.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Each individual user has the ability to delete all their data from the service.
End-of-contract process
As a real world example, look at https://comskills-ukraine.co.uk/
The build included creating:
40 x 20-minute online training videos on strategic communication
Lesson support materials – PDF’s & links to relevant information
Access to video conferencing for live training via webinars
Online quizzes & online certified exams
One off cost £25k, plus £5k annual support and maintenance
Any additional work after launch charged at £800 per day or for an agreed fixed fee

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Editor rights and permissions can be given to key selected client users. This allows them to edit, add content. Modify menus.

Editor rights and permissions do not allow access or modifications to the technical elements of the service.

Scaling

Independence of resources
The cloud service is fully scalable and also uses a CDN to improve performance

Analytics

Service usage metrics
Yes
Metrics types
Progress of each registered user as they complete lessons, take exams
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Service has button for each individual user to export or delete their data
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99% guaranteed service availability

Failure to meet 99% service levels may result in proportinate refund from annual support and maintenance fee
Approach to resilience
ComSkills uses a tier 1 UK hosting service that provides SSL certificates, malware scanning, PCI-DSS compliance and includes 1 Tbps+ DDoS protection as well as brute force login protection and email scans.
Outage reporting
Email alert

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to the ComSkills technical backend, reporting, user profiles and hosting Control Panel with the support ticket system is only available to ComSkills system administrators.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
ComSkills only has 2 system administrators who have access to our service control panel held by our hosting provider. A VPN and https connection are always used by the system administrators when accessing our hosted servers. In addition strong passwords are used and regularly on all services.
Information security policies and processes
ComSkills only has 2 system administrators and both are directors of ComSkills. Our security policies and processes have evolved during our 30 year experience in tech. We always use VPN's, we have malware and virus scans on our email servers, we always use tier 1 hosting services, we have up to date anti-virus software on PC's , we use strong passwords that are regularly changed on all services, we also use code obfuscation on all web services we manage and encrypt content as standard operating processes

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The ComSkills service is run on WordPress and uses the LearnDash learning application with 18 additional plugins.
WordPress security updates are automatically installed by our hosting provider. Other WordPress updates, updates to LearnDash and the 18 plugins are controlled by our system administrators. We only use plugins that are well reviewed and have a large install base - as these plugins are updated we normally wait a few days and monitor community forums to assess potential security issues before we update.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
ComSkills uses WordPress hosted at specialist WordPress tier 1 hosting service provider who provides SSL certificates, malware scanning, PCI-DSS compliance, 1 Tbps+ DDoS protection as well as brute force login protection and email scans. WordPress security updates are automatically done by the hosting service provider. In addition ComSkills uses htaccess, Akismet, blocks access to readme.html, license.txt, and wp-config-sample.php files, disables directory browsing of all folders and subdirectories and remove WordPress generator meta tag showing its version and sensitive information. We monitor WordPress hacker forums to gather info on potential threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Malware, spam, hackers and security breaches are a 24/7 security concern. By default our hosting provides security to keep us safe against harmful web attacks. Our hosting includes SSL certificates, malware scanning, PCI-DSS compliance, 1 Tbps+ DDoS protection as well as brute force login protection and email scans. In addition, WAF examines each HTTP request for SQL injection, Trojans, cross-site scripts, routing, and many other types of attacks. Our hosting provider operates this 24/7 and performs each inspection in less than one millisecond.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents or problems via email or Facebook Messenger. If we have an issue to do with hosting we have 24/7 UK in-house support from our hosting provider using our Account Control Panel with support ticket system. The support ticket system allows us to contact our hosting service provider with any queries and get a faster resolution to any hosting related queries.
If the incident does not involve hosting, we will contact the user by email to clarify the incident and examine the service to identify and test solutions to the incident and then send a report

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20,000 to £40,000 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Up to 5 individuals from a potential buyer can access a current live Comskills service for one month
Link to free trial
https://comskills-ukraine.co.uk/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy@comskills.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.