Leo Learning Ltd

LEO platform services

Moodle is an off-the-shelf, open source learning management system which we can provide a fully managed service for.


  • A fully responsive, multi-device experience
  • A seamless learner experience
  • An LMS uniquely tailored to your organisation
  • Easy and automated course enrolment
  • Digital badges to incentivise learners
  • Social learning


  • Cost effective - no licence or subscription fees
  • Robust and secure
  • Scalable: used by organisations with hundreds of thousands of users
  • Configurable: Core features can be enabled/disabled as required
  • SCORM 1.2 certified
  • Rapid innovation - new releases every 6months
  • Open source - Moodle is constantly being reviewed and updated


£31500 per unit

Service documents

G-Cloud 10


Leo Learning Ltd

James Greenwood



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements
  • Disk space - 160MB free (minimum)
  • Supports 50 logged-in users for every 1GB of RAM
  • Minimum Supported Database: MySQL 5.5.31+
  • Scripting: Minimum PHP 7.0+
  • Web Server: Apache or IIS
  • OS; Linux or Windows Server

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard support hours are 9am – 5.30pm Monday to Friday
Extended support hours of 8am – 8pm are also available.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels No matter the size or scale of your project, we can offer our very own technical support and maintenance team – the LEO Service Desk. The Service Desk provides expert technical assistance across a wide range of technologies, from e-learning and portals to intranets and e-commerce sites.

The Service Desk offers the following high quality support:

1st line support for end users
2nd line support for site administrators
3rd line support for site maintenance

We can tailor support packages to your individual needs. If you require support for your users and administrators, or need the reassurance of a site maintenance plan, the Service Desk is on hand to help.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of every LMS implementation we deliver a one day training package, split into two sessions. These can be online or face-to-face sessions, or a blend of both.
Our preferred method is for an initial half day training session prior to site launch that focuses on course creator training. This enables your administrators and core team to understand how to manage courses and content within the portal.

We then conduct a second administrator training workshop in order to ensure that you are as autonomous as possible following site launch.

In addition, we can provide an FAQ area for users, and we offer first line and second line support.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We would provide a full site copy for data to be extracted.
End-of-contract process Should you wish to transfer your site to another provider for hosting/maintenance/future updates, we will provide all documentation relating to the site and assist in the transfer process. Should we need to provide additional training to the new supplier or the client, this would incur an additional charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Moodle provides a consistent experience across all device types. Course layout changes between screen sizes - any top level navigation becomes available by clicking on the menu button. All blocks automatically move beneath the main content so that the most important information is available on-screen, rather than forcing users to scroll down in search of the information they need.
Moodle seamlessly creates a multi-device environment for online learning.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing LEO's QA department has extensive experience testing using assistive technologies, including confirming to AA standards and using screen readers such as JAWS. We regularly engage with our clients who have assistive technology requirements to test our systems and products.
What users can and can't do using the API Moodle contains a full set of web service functions that can be called using either REST or SOAP. These web service functions are secured by encryption as well as being able to assign access to specific functions at user level. If a web service function that meets your requirements does not already exist, a new one can easily be created.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation LEO can customise the service on your behalf. There are a wide range of possible customisations including branding/look and feel, implementation of plugins, gamification, custom reports and enhanced functionality and features.


Independence of resources The hosting team receive alerts in periods of demand and will monitor and adjust the service as required.


Service usage metrics Yes
Metrics types Should we provide hosting and support for your platform, we provide reports on performance, support tickets and site availability.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach User data can be exported in CSV format.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The Hosting Services under this agreement will provide 24/7 uptime, with a minimum of 99.5% availability per calendar year (excluding reasonable and scheduled maintenance periods). Uptime is defined as the Website being accessible and fully usable from a site that is physically different to the one that hosts the Website.

If the Website is unavailable beyond this 0.5 percent period by the cause or fault of LEO (or its suppliers) then, by means of the Client’s sole remedy, LEO shall provide a service credit of four (4) hours free Hosting Services at the end of the term of this agreement for each subsequent 30 minutes that the Website is not accessible.
The maximum service credit in respect of any single 24-hour period of non-availability is 48 hours of free Hosting Services at the end of the term of this agreement. The maximum service credit arising under this contract shall not exceed 12 weeks.
A standard server design will not cater for large User Surges. LEO has designed the Client’s specific server configurations such that User Surges should not have an impact on user experience, but any foreseeable Website User Surges should be communicated to LEO in advance.
Approach to resilience Our hosted platforms have a 99.5% availability target as a standard part of our service level agreement.
Outage reporting Outages are reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication Whitelisted self-registration - e.g. using a specific email domain, such as @leolearning.com
Access restrictions in management interfaces and support channels Moodle has an extensive and extendable roles and permission system including providing access to specific reports to specific individuals or roles.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Hosting service provided by AWS who are certified to ISO-27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Our Information Security policy is the responsibility of the IT management team and is carefully monitored on an ongoing basis to ensure compliance with regulations (e.g. GDPR and the Data Protection Act). Key points from the policy and procedures include:
• Staff must undertake mandatory training annually to ensure they are aware of potential security threats and concerns and are able to support the security policy in the course of their work
• Any member of staff suspecting an incident involving LEO's IT/IS Security must immediately report their concerns to the Systems Manager who will assess any immediate action required to protect both LEO/Client data and reputations, and inform the Head of Information Security
•In order to identify potential Information Security breaches, LEO reserves the right to monitor all external and internal communications and access to the LEO network, intranet and the internet, where the property of LEO is used in the communication or is accessed remotely from outside LEO
• All systems have security products installed to protect against unauthorised entry
• All systems are protected by passwords, especially those permitting updates to data
• All servers use encryption technology

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to systems within the development lifecycle are controlled by:
* Ensuring changes are submitted by authorised users.
* Ensuring authorised users accept changes prior to implementation;
* History of all events is maintained and old versions retained for reference purposes.

Most systems are also configured using Puppet, and Continuous Deployment services (Jenkins) which provide a standard way of delivering and operating software, no matter where it runs. This automated solution provides visibility and reporting when we need to make decisions and prove compliance.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Most systems are configured for Automatic Security Updates and patch deployment. LEO periodically carries out a vulnerability assessment of our corporate offices as part of the Cyber Essential PLUS certification process.
We use an automated patch management system. Patching is done 3 times per week. This includes operating system and application support.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Depending upon need, we can set up web application firewalls and enhanced protective monitoring tools to block potential attacks to a site.

We also regularly apply released security patches to keep the platform up to date against known vulnerabilities.

In the event of a compromise our estimated maximum time to restore is 1 day.
Incident management type Supplier-defined controls
Incident management approach We have monitoring tools that pick up whether a site is likely to become or has become unavailable. We then investigate this after we receive an alert.

Users can also report incidents by phone, ticketing system, or email depending upon the support services supplied.

Communications are sent via our support service desk to the confirmed client contact(s), including incident reports to an agreed SLA.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £31500 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑