This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Shield Safety Group are still valid.
Shield Safety Group

Compliance Centre Training

Compliance Centre Training module allows training records to be managed and stored in one online location, with alerts that automatically notify when training is required. Training courses are applied by job role specific training plans or individuals across a business. Through logging of training, certification can be uploaded and stored.

Features

  • Fully responsive, accessible remotely via any modern browser
  • Configure training courses indicated frequency of completion
  • Build training plans by job role detailing course requirements
  • View historical record of by training course or person
  • Colleague records allow individual training needs to be viewed
  • Businesses can store, manage and track training needs across locations
  • Real-time status to show level of training carried out
  • Generates real-time reports with analysis of an organisation’s training
  • Complemented by risk status Dashboard, To-Dos and Alerts
  • Additional cloud-based policy and documents storage modules included

Benefits

  • Clear visibility of a whole organisation’s training status
  • Log a completed training session within minutes
  • Automated alerts when training is required ensure training is up-to-date
  • Job role based training plans provide logical and consistent approach
  • Due diligence incident data stored in secure, cloud-based system
  • Eradicates the need for cumbersome paper-based records
  • Instant access to training history
  • Due diligence if businesses need to take disciplinary action
  • Reduces any risk of claims and civil claims
  • Brings storage of colleague records in line with Data Protection

Pricing

£7,500 an instance a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@46b0f3f5-b826-4c60-9807-d4d3a847cdf0.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

7 2 2 3 4 5 5 3 7 2 7 3 5 4 1

Contact

Shield Safety Group <removed>
Telephone: <removed>
Email: <removed>@46b0f3f5-b826-4c60-9807-d4d3a847cdf0.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Training is part of a suite of Risk Management modules available in Compliance Centre. Other modules include Audit, Accidents & Incident Management, Checklists, Fire Risk Assessment, Policy, Registry, Documents and Risk Assessment. All include access to our risk indicating Dashboard, to-dos, alerts and announcements functionality.
Cloud deployment model
Public cloud
Service constraints
Shield Safety reserves the right to perform updates, enhancements and maintenance releases in continuous delivery style. Full release notes will be provided following the release. If any interruption to service is anticipated, notice by email will be provided 7 days prior to the release.
System requirements
  • Accessible via browser with Internet connectivity
  • Latest versions of Chrome, Firefox, Internet explorer (currently 11), Edge
  • Program to read downloadable reports in .csv and PDF files
  • Browser must have Javascript enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our Support Team classify response time according to priorities. On working days, for general questions our target response time is 8 hours and target resolution time (P4). For a minor no. of users/functions affected with potential minor disruption, we will aim to respond within 5 days (P3). For many users and functions affected that prevents business function, the target time is 4 hours (P2). For critical issues relating to the inability to access the service the team will aim to respond within 1 hour.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
We currently offer instant, self-service support options, in the form of contextual FAQ content, available to every Compliance Centre user via the system interface.

Should you not be able to find the information you need, or need to report an issue, our Compliance Centre support team currently operate email and telephone support during office hours. Every enquiry logged will be evaluated and prioritised, meaning efficient processing, quick response and resolution times.

Our dedicated Support Team are available for nominated contacts via the following email or telephone during office hours.

Email: support@compliancecentre.co.uk
Telephone: 020 3740 3744

Shield Safety requires a maximum number of contacts (as indicated on your contract) to be nominated to request support, who will also be deemed to have authority to request defect resolution. To report an issue, please contact our Support Team using one of the channels detailed above.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We find the key to successful adoption and usage of software is an outstanding on-boarding and setup service, focussed on Customer Success at every stage.

Our first stage is that of discovery, typically involving a call or meeting between your key stakeholders and our Implementation Team. Our goals are to understand your current processes and requirements, and how they can be facilitated (and if possible improved) using Compliance Centre. Our team will offer you demonstration of the service and coaching to enable you to make configuration decisions of your module and base system, such as organisational structure, users, roles and permissions. Our team will also demonstrate all self-management functions available to you, so you are aware of what you can configure.

During the second stage, we will setup and configure your service as required and work with you to iterate to meet your needs. At the end of the process, you will approve the configuration and the system will be ready to use.

We offer user training, delivered via webinar in a ‘Train the Trainer’ style. Additional training sessions (via webinar or classroom based) can be provided subject to your requirements.
Service documentation
No
End-of-contract data extraction
Shield Safety can provide an extract of data in a specific format in CSV at the end of the contract.
End-of-contract process
In the event of a requirement to leave the Compliance Centre service in the future, we commit to a full handover and support in migration to the new environment. There may be an additional charge for this service, which will depend upon the effort required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our application is completely responsive. When the browser scales down to the size of a mobile device, our navigation changes and content is re-prioritised.
Accessibility standards
None or don’t know
Description of accessibility
All non-text content that is presented to the user has a text alternative. Information, structure, and relationships conveyed through presentation can be programmatically determined or are available in text. Colour is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element. Our contrast ration of text also meets guidelines.
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
Shield Safety can offer bespoke development of additional reports as required by the organisation. We can also offer bespoke software development to further customise our modules, or create new functionality, subject to requirements and consideration of our development roadmap. Please discuss your requirements in the first instance with your sales representative or Implementation Manager.

Scaling

Independence of resources
We have automatic scaling of the application servers and at the database level, based on resource availability.

Analytics

Service usage metrics
Yes
Metrics types
A user with permission may access a 'User Activity' report, which details last log in by user.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users with permission can export data as generated by pre-defined reports, in CSV (or PDF where available) format via the user interface.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Compliance Centre is a hosted application and database in the Microsoft Azure Cloud. Microsoft are responsible for managing our datacentre and provide a 99.95% SLA. We provide a 99.5% SLA for availability of the system (including scheduled downtime).
Approach to resilience
Our web applications are hosted in using Cloud Services which run as clustered instances, providing the necessary failover and resilience.

Cloud hosted SQL Server is used for data storage, and is also clustered with automatic failover.

All Files are geo-replicated and are bound by Microsoft's SLA.
Outage reporting
We report outages and system status via an external website.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Currently users are authenticated by Username and Password.

We also support Identity federation, and can make provisions for 2 Factor Auth.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our Information Security Framework and subsequent implementation of policies, procedures and standards has been designed in accordance with best practice and ISO 27001 Standard, with a view to the company becoming accredited towards the end of 2017.
Information security policies and processes
We have an overarching Information Security Policy, which comprises a subset of policies for the control and governance of areas such as Data Handling & Classification, Data Retention, Incident Response, Network Management, Access Management, Back-up, Third Party Compliance, Mobile device management etc. We have various roles and responsibilities attributed to the management and enforcement of the various policies, but our Information Security Committee maintains overall accountability.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes follow a source management model, whereby code is changed in a branch and reviewed by a senior developer. Once code is approved, it is merged and then built by our continuous integration environment. The produced package is then ready for deployment by automated deployment software. This software provides a centralised point of configuration for all environments.
All code is reviewed by a senior member of staff for security implications.
All code is peer reviewed, tested and subject to the deployment management process.
Insights and application errors are collected and monitored.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Any system/infrastructure vulnerabilities are managed by Microsoft as part of the Azure platform.

Application Vulnerabilities are managed through 'hot-fixes' as part of our source management process described above.

We use a third party Check and Crest approved supplier to assess and security test the Compliance Centre application, on at least an annual basis.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use a third party Check and Crest approved supplier to perform an annual application assessment and security scan.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to our support team via email or telephone. Shield Safety operate an established incident management process, handling any incident relating to information security inline with our Information Security Policy, and other common events in line with our documented business procedures. All reported incidents are logged on our internal software, and processed inline with our procedures; typically involving different roles & responsibilities, triage and investigation, escalation procedures, mitigation, corrective action and communications.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7,500 an instance a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@46b0f3f5-b826-4c60-9807-d4d3a847cdf0.com. Tell them what format you need. It will help if you say what assistive technology you use.