Simitive Ltd

Learning Management System

Learning Management System provides a platform to deliver organisation wide skills, behaviour and competency training and framework. Succession planning and talent nurturing features ensure an improved and cost effective filling of key vacant positions. The module supports induction, compliance training and personal development activities.


  • Organisation, individual or group learning plans with progress tracking
  • Includes talent nurturing and succession planning
  • Integrates with course booking system and existing learning resources
  • Supports personal skills acquisition
  • Supports skill, behaviour and competency frameworks
  • Real-time learning management platform
  • Reminders for upcoming training and prompts for feedback
  • Clarity on compliance responsibility for individuals
  • Individuals can see how training requirements link to their roles
  • Real-time reporting on skills


  • Saves cost and time in managing competencies and skills pool
  • Provides easy identification of issues where departments are not engaged
  • Pictorial approach enhances engagement in skills and behaviour mapping
  • Compliance management in essential areas, for example health and safety
  • Visibility skills required allows individuals to plan career progression
  • Real-time reporting tracks completion at individual/department/organisation level
  • Succession planning tools define shortlist of internal candidates saving costs
  • Skill gaps within organisation can be easily identified and rectified
  • Cloud based allows access for employees at any location
  • Saves time by automatically managing completion of induction activities


£12 to £12 per user per year

  • Education pricing available

Service documents

G-Cloud 10


Simitive Ltd

Devinder Whelan

0117 9117950

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The Simitive suite includes online review, compliance and workload planning solutions. Each product can be implemented as a stand-alone system, or integrated to provide employee dashboards.
Cloud deployment model Public cloud
Service constraints Simitive systems are ‘locked’ for 15 minutes during the night for monthly code releases. There are no requirements for other downtime as the system is architected to provide 24 x 7 availability.
System requirements
  • Web browser access, all current web browsers are supported
  • Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support calls are handled in line with standard SLA.
• Severity 1 – Critical System Problem is 15 minutes from receiving notification.
• Severity 2 – Time critical problem is 60 minutes from receiving notification.
• Severity 3 – Non-time critical problem (within production environment) is acknowledgement within 24 business hours. An agreed process will be put into place.
• Severity 4 – Non-time critical problem (low priority request) is acknowledgement within 24 business hours. An agreed process will be put in place.
During the weekend, for customers on standard contracts, severity 1 calls are routed through to a mobile.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is available Monday to Friday (0900 to 1730) excluding Bank and Public Holidays. Support calls are handled in line with standard SLA.

Standard support is provided as part of the annual license fee, and no additional costs are payable by client.

Extended support service, up to and including 24x7 support and managed services are available on request. Costs for extended services are based on the number of client licenses and the scope of the service.

Simitive have client services account managers who have access to the technical teams.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All projects follow Prince2 methodology, which defines the scope of the project and the required work-streams are established, for example SSO, data imports and framework alignment.

During the design and implementation, Simitive project managers work closely with the client.

Simitive provide the following types of training:
On-site for system administrator on a train the trainer approach.
On-line training for system administrator using remote technology.
User guides and training guides.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems.

Any systems used in the provision of the services are cleansed to industry best practice standards.
End-of-contract process At the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems.

Any systems used in the provision of the services are cleansed to industry best practice standards.

There are no additional costs at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service By necessity the responsive design of the system alters the look of screens to facilitate clarity on smaller devices.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The software is tested with main screen readers, magnifiers and other assisted technology.
What users can and can't do using the API The system is capable of integrating with any system via its APIs. It is currently integrated with most major HR and Student systems as well as Proprietary systems. Simitive runs version 1.0 live REST API web service; secured with HTTPS and oAuth using a JSON format (other formats can be supported). This API allows a client to programmatically create/read/update user records and associated information.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The system can be customised to allow individual organisation branding, terminology and import of any data including job description, grade and any other relevant information to support policies such as equality and diversity. Individual displays can be customised to different types of users and roles to ensure the content is relevant and engaging for all staff types. Within the system, there is customisation the client can configure. For system changes, Simitive support staff or consultants will be required to perform an impact analysis and make the required changes.


Independence of resources Simitive systems are delivered via a massively scale-able architecture based on Amazon EC2. Each client's instance is isolated from all others to ensure that there can be no effects across clients.


Service usage metrics Yes
Metrics types Service metrics are provided both within the system, through standard reports and through the use of google analytics.

In addition, Simitive Account Managers carry out service reviews with Clients on a regular basis.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Individual skill summaries can be saved as pdf. The reporting tools, for individuals with the right security permissions, allow users to export data into excel spreadsheets.

The data held within the system can also be exported to a data warehouse.

The API is a bi-directional and will allow data to be written back to key systems as required.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Simitive systems are guaranteed to deliver 99.5% availability with service credits should this level not be achieved.

Over the last 4 years Simitive has delivered 100% availability.
Approach to resilience Available on request.
Outage reporting Simitive Devops monitor all systems continuously for any potential outages.

The systems architecture automatically replaces failing items before an actual outage occurs.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Users do not have access to management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 11/11/2016
What the ISO/IEC 27001 doesn’t cover The ISO27001 certification doesn't not cover outside of the data centre environments (which covers the hosting environment and its associated data centres, machine, storage, software and security environment).
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus (UK)
  • FIPS
  • ISO9001
  • ISO27017
  • ISO27018
  • SOC 1
  • SOC 2
  • SOC 3
  • DoD SRG
  • FedRAMP

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Simitive have formal information security policies which are owned by the COO and form an integral part of the company's standard operations. The policies and processes cover internal as well as service delivery security.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to the Simitive cloud require approval by a Director and a head of Devops. Any changes are subject to impact assessment prior to any action.

As a user of Amazon EC2 Simitive are subject to and controlled by the certified standards and regulations that form part of Amazon service.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Simitive carry out continuous threat analysis and all patches are applied inline with industry best practice and providers recommendations.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Simitive systems are monitored constantly for any potential compromises through a suite of monitoring tools. As soon as a potential compromise is identified the instance or instances potentially affected are locked whilst detailed examination is carried out. Depending on the outcome of the investigation remedial actions are carried out and any changes made before the instance is reactivated.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Server architecture provides resilience against component, power or other failures. In case of failure, automated processes move data traffic away from affected areas. Core applications are deployed in N+1 configurations ensuring sufficient capacity to enable load-balancing.
For software issues, issues can be logged over via telephone/email or support portal. Should an incident occur Simitive communicates via email and/or phone in line with response times.
During any incident communications are maintained until normal service levels are resumed. After the event a report is provided covering the reasons, actions taken, and any remedial actions in place to avoid repetition.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £12 to £12 per user per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑