OpenCampus UK Limited

OpenCampus EDU 7

OpenCampus EDU 7 is campus management from the cloud, providing SIS, LMS and ERP functions and a unique digitalisation engine to embed bespoke processes.


  • Identity management
  • Process modeling engine
  • Genetic timetabling
  • Ressource planning
  • Digitalisation engine
  • Query generator
  • Fieldable entity model
  • Themeable design
  • API driven interoperability
  • Entity server connectivity


  • Embed bespoke processes
  • Define own data structures
  • Merge/substitute multiple different applications into one system
  • Use prebuilt process templates
  • Provide single point of contact for users
  • Allocate data into a single storage
  • Use AI driven business analytics
  • Interconnect with different institutions
  • Automate (legally required) reporting
  • Allow access from any device (iOS/Android, web)


£10 to £120 per person per year

Service documents

G-Cloud 11


OpenCampus UK Limited

Dr. Kirsten Ingmar Heiss

020-3432 3271

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to OpenCampus can be connected to existing SIS, LMS or ERP systems.
Cloud deployment model Private cloud
Service constraints Phone and online support are provided weekdays between 09.00 a.m. and 05.00 p.m.
Extended support hours are subject to separat service agreements.
System requirements
  • Current web browser
  • IOS or Android device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support tickets are responded to within 1 business day (Saturday, Sunday excluded)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The support levels include a BASIC and EXTENDED level. The BASIC support is part of the SaaS service, the EXTENDED support is based on the overall service volume defined in a separate service agreement, depending on the size of the institution.
Technical account managers and cloud support engineers are provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started OpenCampus provides a preconfigured installation based on the suitable installation template for the client. If the client requires additional support, an implementation project can be initiated.
Together with the client, the processes are customised and connected to existing IT and service infrastructure. This process is initiated by a kick-off event, on-site or as a video-telephone-conference and followed by pre-structured sprints for each of the service modules activated (application & admission, courses, grading etc.).
Online and on-site training are provided and user documentation is provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The site's administrator has access to the data management console through which the complete data can be exported.
End-of-contract process When the contract is terminated, the existing installation is removed from the cloud storage and data is deleted based on a GDPR compliant deletion method. The site's administrator can export/backup all data to a local source before termination of the contract, using the administrator's console.
Upon request, paid services can be provided to integrate exported data into other systems. Cost and effort may vary based on the targeted system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile devices can access the service by using the responsive theme of the web access or using the mobile app for iOS and Android devices.
Accessibility standards WCAG 2.1 A
Accessibility testing Interfaces are tested using and automated WCAG compliance checks.
What users can and can't do using the API APIs are provided for a number of functions in OpenCampus. They can be individually configured by the site's administrator to provide individual data that has been defined through the entity definition process. The administrator can also define the permissions for using the API. APIs can be use to read data from OpenCampus as well as write data to OpenCampus (connecting other systems like IDM, SIS, LMS, ERP etc.)
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation All entities and workflows in the system can be customised allowing the users not only to modify existing process templates (application and admission, course scheduling and booking, finances, examinations, grading, progress monitoring etc.) but also to embed custom data and processes into the system. The site's administrator can grant permissions to users that shall be entitled to edit entities, processes or actions.


Independence of resources OpenCampus provides an elastic cloud computing solution that increases the resources based on the real-time demand.


Service usage metrics Yes
Metrics types Full site monitor is available for every OpenCampus site using the Matomo web analytics system. Please refer to for a complete list of features.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Using the "Views" module in the system, the site's administrator can configure individual exports for different data stored in the system.
Users can then use these view to export data as CSV, Excel, PDF or many other formats the site's administrator has activated for them.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • MS Word
  • MS Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The system shall be available on a 24/7/365 basis excepting periods of Emergency Maintenance or Scheduled Maintenance. A traffic light approach will be adopted to track the System Availability. At any time during the Contract Period the SLA will be green, amber or red. The characteristics of the SLA will be measured over each Monitoring Period and will be determined as follows:
a. Green: 99.8% System Availability
b. Amber: 99.5% - 99.8% System Availability
c. Red: Less than 99.5% System Availability

When the SLA is at a status Amber or Red, the management team will meet and monitor progress weekly, or more frequently if requested by the Client, and upon request of the Client will present a verbal or written report to that meeting. Should a status of Red persist for more than a total of 30 days, which need not be consecutive, in any period of 90 days, this shall be deemed a failure of service and the Client can cancel the contract without further notice.
Approach to resilience OpenCampus uses elastic cloud computing and elastic database service, not limited to single physical devices to provide a scalable, high availability solution. Second site replications of the computing cloud can be provided upon request for an additional fee.
Outage reporting Service status and outages are reported through the client dashboard and by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces is limited to the corporate network, registered client computers herein or registered systems through the VPN. Access to individual systems in the protected network is based on Public-Private-Key authentication. Access to terminals is limited based on keycard control, username/password authentication. Access terminal areas are monitored by video surveillance. Support channel and management interfaces access is controlled through a central permission management system.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications JISC Step-up

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The chief security officer provides the security governance guidelines and report, which is reviewed and to be accepted by the board at least once a year. The guidelines include:

Risk tolerance parameters definition
Risk assumption framework and responsibilities
Funding and allocation of security resources
Definition of the System Security Guidelines
Definition of the Process Security Guidelines
Security update and information policy
Information security policies and processes A regularly reviewed fully documented and board - approved Information Security policy
Policies are reviewed at least annually and changes are approved by appropriate governance committee
A Data Protection and Privacy policy is reviewed and approved by a qualified legal counsel.

- Users must confirm their understanding and compliance with security policies at induction and this is refreshed at regular intervals thereafter, at least annually.
- Users have undergone Information Security and Data Protection Awareness training and are aware of the ramifications of breaching the law and information security policy.
- SOP define security relevant processes to be documented.

The Following areas are addressed in Documented Information security Policies.

- Business Continuity Management
- Change control
- Compliance
- Computer Network Security
- Access Control
- Email Security
- Encryption
- Incident Response and investigation
- Information asset classification and protection
- Internet/ Web security
- Password/ authentication management
- Personnel Security
- Physical Access control
- Remote access
- Security Awareness
- Development and application Security
- Systems development and maintenance
- Vendor/ Third Party Management
- Anti-virus and Anti Malware Management

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A change management plan and configuration management are in place. Technical elements are:
- Risk assessment
- Version Control: using GitLab
- Baseline and release information
- Audits & Review
- Documented Process
- Build, Integrate and Deploy Scripts

Automated and manual penetration testing are performed for every release and change of IT infrastructure.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Threats are categorised (Intentional Threats, Accidental Threats, Natural Disasters, Internal Threats) and assessed by the OpenCampus security team, using a standardised process. Patches are deployed within 24 hours (weekends included) for security vulnerabilities.
The OpenCampus security team receives information from the suppliers of all software components, results are reviewed on a daily basis, as well as alerts from Heise security. An external provider conducts penetration tests on a regular basis and feeds the results back to the OpenCampus security team. Continuous intrusion detection analytics are performed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach OpenCampus operates an security incident and event
management system that consumes information from automated intrusion detection and manually entered alerts. Alerts can be reported by OpenCampus employees as well as reported by OpenCampus users. An alert triggers a standard operating procedure to assess the potential compromise. In case a compromise was identified, the GDPR process to report the compromise is executed and action to limit the damage are performed. The response time for security alerts is 30 minutes.
Incident management type Supplier-defined controls
Incident management approach OpenCampus operates its incident management based on standard operating procedures following ITIL, controlled by its security incident and event management system.
Users can report incidents using this reporting system or by contacting the service hotline.
Incident reports can be accessed online through the reporting system, per client and as overall quality assurance report.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks UK Access Management Federation


Price £10 to £120 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Test versions of the software can be accessed through the company website with a predefined function set and installation template. Adaptive software functions are limited in the test version.
Test installation can be active for 2 months.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑