OpenCampus EDU 7
OpenCampus EDU 7 is campus management from the cloud, providing SIS, LMS and ERP functions and a unique digitalisation engine to embed bespoke processes.
- Identity management
- Process modeling engine
- Genetic timetabling
- Ressource planning
- Digitalisation engine
- Query generator
- Fieldable entity model
- Themeable design
- API driven interoperability
- Entity server connectivity
- Embed bespoke processes
- Define own data structures
- Merge/substitute multiple different applications into one system
- Use prebuilt process templates
- Provide single point of contact for users
- Allocate data into a single storage
- Use AI driven business analytics
- Interconnect with different institutions
- Automate (legally required) reporting
- Allow access from any device (iOS/Android, web)
£10 to £120 per person per year
OpenCampus UK Limited
Dr. Kirsten Ingmar Heiss
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||OpenCampus can be connected to existing SIS, LMS or ERP systems.|
|Cloud deployment model||Private cloud|
Phone and online support are provided weekdays between 09.00 a.m. and 05.00 p.m.
Extended support hours are subject to separat service agreements.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support tickets are responded to within 1 business day (Saturday, Sunday excluded)|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The support levels include a BASIC and EXTENDED level. The BASIC support is part of the SaaS service, the EXTENDED support is based on the overall service volume defined in a separate service agreement, depending on the size of the institution.
Technical account managers and cloud support engineers are provided.
|Support available to third parties||Yes|
Onboarding and offboarding
OpenCampus provides a preconfigured installation based on the suitable installation template for the client. If the client requires additional support, an implementation project can be initiated.
Together with the client, the processes are customised and connected to existing IT and service infrastructure. This process is initiated by a kick-off event, on-site or as a video-telephone-conference and followed by pre-structured sprints for each of the service modules activated (application & admission, courses, grading etc.).
Online and on-site training are provided and user documentation is provided.
|End-of-contract data extraction||The site's administrator has access to the data management console through which the complete data can be exported.|
When the contract is terminated, the existing installation is removed from the cloud storage and data is deleted based on a GDPR compliant deletion method. The site's administrator can export/backup all data to a local source before termination of the contract, using the administrator's console.
Upon request, paid services can be provided to integrate exported data into other systems. Cost and effort may vary based on the targeted system.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile devices can access the service by using the responsive theme of the web access or using the mobile app for iOS and Android devices.|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||Interfaces are tested using https://tenon.io/ and automated WCAG compliance checks.|
|What users can and can't do using the API||APIs are provided for a number of functions in OpenCampus. They can be individually configured by the site's administrator to provide individual data that has been defined through the entity definition process. The administrator can also define the permissions for using the API. APIs can be use to read data from OpenCampus as well as write data to OpenCampus (connecting other systems like IDM, SIS, LMS, ERP etc.)|
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||All entities and workflows in the system can be customised allowing the users not only to modify existing process templates (application and admission, course scheduling and booking, finances, examinations, grading, progress monitoring etc.) but also to embed custom data and processes into the system. The site's administrator can grant permissions to users that shall be entitled to edit entities, processes or actions.|
|Independence of resources||OpenCampus provides an elastic cloud computing solution that increases the resources based on the real-time demand.|
|Service usage metrics||Yes|
|Metrics types||Full site monitor is available for every OpenCampus site using the Matomo web analytics system. Please refer to https://matomo.org/ for a complete list of features.|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
Using the "Views" module in the system, the site's administrator can configure individual exports for different data stored in the system.
Users can then use these view to export data as CSV, Excel, PDF or many other formats the site's administrator has activated for them.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
The system shall be available on a 24/7/365 basis excepting periods of Emergency Maintenance or Scheduled Maintenance. A traffic light approach will be adopted to track the System Availability. At any time during the Contract Period the SLA will be green, amber or red. The characteristics of the SLA will be measured over each Monitoring Period and will be determined as follows:
a. Green: 99.8% System Availability
b. Amber: 99.5% - 99.8% System Availability
c. Red: Less than 99.5% System Availability
When the SLA is at a status Amber or Red, the management team will meet and monitor progress weekly, or more frequently if requested by the Client, and upon request of the Client will present a verbal or written report to that meeting. Should a status of Red persist for more than a total of 30 days, which need not be consecutive, in any period of 90 days, this shall be deemed a failure of service and the Client can cancel the contract without further notice.
|Approach to resilience||OpenCampus uses elastic cloud computing and elastic database service, not limited to single physical devices to provide a scalable, high availability solution. Second site replications of the computing cloud can be provided upon request for an additional fee.|
|Outage reporting||Service status and outages are reported through the client dashboard and by email.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access to management interfaces is limited to the corporate network, registered client computers herein or registered systems through the VPN. Access to individual systems in the protected network is based on Public-Private-Key authentication. Access to terminals is limited based on keycard control, username/password authentication. Access terminal areas are monitored by video surveillance. Support channel and management interfaces access is controlled through a central permission management system.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||JISC Step-up|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
The chief security officer provides the security governance guidelines and report, which is reviewed and to be accepted by the board at least once a year. The guidelines include:
Risk tolerance parameters definition
Risk assumption framework and responsibilities
Funding and allocation of security resources
Definition of the System Security Guidelines
Definition of the Process Security Guidelines
Security update and information policy
|Information security policies and processes||
A regularly reviewed fully documented and board - approved Information Security policy
Policies are reviewed at least annually and changes are approved by appropriate governance committee
- Users must confirm their understanding and compliance with security policies at induction and this is refreshed at regular intervals thereafter, at least annually.
- Users have undergone Information Security and Data Protection Awareness training and are aware of the ramifications of breaching the law and information security policy.
- SOP define security relevant processes to be documented.
The Following areas are addressed in Documented Information security Policies.
- Business Continuity Management
- Change control
- Computer Network Security
- Access Control
- Email Security
- Incident Response and investigation
- Information asset classification and protection
- Internet/ Web security
- Password/ authentication management
- Personnel Security
- Physical Access control
- Remote access
- Security Awareness
- Development and application Security
- Systems development and maintenance
- Vendor/ Third Party Management
- Anti-virus and Anti Malware Management
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
A change management plan and configuration management are in place. Technical elements are:
- Risk assessment
- Version Control: using GitLab
- Baseline and release information
- Audits & Review
- Documented Process
- Build, Integrate and Deploy Scripts
Automated and manual penetration testing are performed for every release and change of IT infrastructure.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Threats are categorised (Intentional Threats, Accidental Threats, Natural Disasters, Internal Threats) and assessed by the OpenCampus security team, using a standardised process. Patches are deployed within 24 hours (weekends included) for security vulnerabilities.
The OpenCampus security team receives information from the suppliers of all software components, results are reviewed on a daily basis, as well as alerts from Heise security. An external provider conducts penetration tests on a regular basis and feeds the results back to the OpenCampus security team. Continuous intrusion detection analytics are performed.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
OpenCampus operates an security incident and event
management system that consumes information from automated intrusion detection and manually entered alerts. Alerts can be reported by OpenCampus employees as well as reported by OpenCampus users. An alert triggers a standard operating procedure to assess the potential compromise. In case a compromise was identified, the GDPR process to report the compromise is executed and action to limit the damage are performed. The response time for security alerts is 30 minutes.
|Incident management type||Supplier-defined controls|
|Incident management approach||
OpenCampus operates its incident management based on standard operating procedures following ITIL, controlled by its security incident and event management system.
Users can report incidents using this reporting system or by contacting the service hotline.
Incident reports can be accessed online through the reporting system, per client and as overall quality assurance report.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||UK Access Management Federation|
|Price||£10 to £120 per person per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Test versions of the software can be accessed through the company website with a predefined function set and installation template. Adaptive software functions are limited in the test version.
Test installation can be active for 2 months.
|Link to free trial||https://my.cloud.opencampus.net/user/register|