Administrate Training Management Platform

Administrate is a Training Management Platform designed to help enterprises streamline learning and development through our cloud-based, configurable software solution.


  • Organize training resources
  • Deliver exceptional training
  • Plan your training
  • Automate training management
  • Analyze training effectiveness
  • Scale your training operations


  • Eliminate errors, centralise operations and information
  • Any delivery method, including our LMS or yours
  • Show ROI with your integrated systems. Conquer schedule complexity
  • Automate communications and tasks. Simplify your tech with our API.
  • Demonstrate training ROI with powerful reporting
  • Evergreen platform allowing efficiency and future flexibility


£50,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 2 6 7 4 7 7 4 9 2 8 3 4 5 3


Administrate Jesse Vernon
Telephone: +44 (0) 131 460 7350

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Administrate doesn't have planned maintenance arrangements. Our service does require and internet connection and an internet browser.
System requirements
  • Major internet browser (Chrome, Microsoft Edge, Firefox, Safari)
  • Stable internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard SLA for support is 4 hours for human response.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Level 1: ticketing desk, 24hr human response time, included
Level 2: ticketing desk, 4hr human response, £6,000/annum
Level 3: ticketing desk, 2hr human response, £6,000/annum
Level 4: ticketing desk w/ call back, 2 hr human response, 8hr non-business hour response, £12,000/annum
Level 5: ticketing desk and direct number to dedicated agent, 1hr human response, 8hr non-business hour response, £30,000/annum
Support available to third parties

Onboarding and offboarding

Getting started
Our implementation service normally consists of someone from our Administrate Pro team leading an implementation team remotely. Our implementations often included multiple days onsite and our mostly conducted virtually. Administrated and the Administrate API are documented and we will often times create additional customer-specific documentation for their workflows.
Service documentation
Documentation formats
End-of-contract data extraction
Users are able to extract data using the Administrate reporting engine or API.
End-of-contract process
We destroy all customer data 90 days after end of contract.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our platform is fully mobile responsive. There are differences in layout depending on screen size, but functionality remains the same.
Service interface
What users can and can't do using the API
Our API is fully documented via our publicly available developer portal. All aspects of our system can be managed through the API.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
We offer a variety of "off the shelf" integrations with popular business software systems. Administrate or our clients can use our API to do almost unlimited customisation.


Independence of resources
Our service is hosted by Amazon Web Services, the world’s leading provider of technical infrastructure. As demand for our service grows, capacity is automatically scaled.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using the Administrate reporting engine. They can export via .CSV or Microsoft Excel. Can also extract data using our API.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our goal for system uptime is 100% each month, outside of scheduled downtime. We normally try to keep scheduled downtime to less than an hour each month. If we fail to achieve 99.9% uptime, measured monthly, we will issue pro-rata credit for your monthly subscription fees. This equates to no more than 40 minutes of unscheduled downtime in any given month.
Approach to resilience
We operate a fully redundant mirror infrastructure in a separate AWS availability zone to which we can failover if necessary. The second AWS availability zone is geographically separate and receives a copy of transactions and data operations performed on our primary cluster in “real time”. In the unlikely event of a total failure at our primary provider, we can transition operations to the secondary location within minutes.
Outage reporting
We have several different levels of application monitoring to ensure that services are being rendered according to acceptable performance standards.

We provide a public operational service status page which documents our historical uptimes and provides information in the event of a service disruption.

Uptime monitoring by a third-party (Pingdom) which notifies us when external services slow down or fail.

Internal application instrumentation on server loads and performance, in case resources are consumed at unusual rates.

We provide the status of unusual or degraded operations via our operations Twitter account: @Adm1nistrateOPS

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
This is determined by user configurable roles and permissions within the Adminstrate control panel.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All ISO annex controls are in scope; nothing has been excluded.

The scope of the Information Security Management System (ISMS) applies to the Administrate Training Management solution and all protected customer data held within, including both the administrative and learning portal views. The policies and procedures are designed to protect sensitive customer data and to ensure stable and consistent software change management. The ISMS scope is limited to the Edinburgh, UK corporate headquarters.

The departments applicable to the scope of the ISMS are limited to the Product Delivery, Customer Support, Professional Services, and Account Management teams.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
It is Administrate’s goal to hold itself to a high standard of security for handling our customers’ confidential and personally identifiable information, and to a high level of organisational control over the changes to the software in order to garner a high degree of trust with our market.

Administrate's ISMS is certified to be compliant with the ISO27001:2013 standard.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to our service are managed according to our ISO27001 certified Change Management Policy. Code and configuration changes are tracked through version control and a ticketing system. All changes are subject to peer-review, and will undergo manual and automated testing. The security impact of every change is considered, and changes are exercised by automated testing tools.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We perform weekly security assessments of our application including looking for vulnerabilities and newly announced CVEs. Automated tooling performs continual analysis of 3rd party libraries. Patches and changes are assessed, managed and prioritized through our Change Management process; high priority vulnerabilities are patched as soon as automated testing completes.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Infrastructure is deployed with IDS and IPS installed. Alerts notify internal staff and incidents are addressed as the highest urgency work.
Incident management type
Supplier-defined controls
Incident management approach
We have a documented process for incident management and perform "fire drills" weekly to continually train staff. Process includes notification mechanisms to be used. Real incidents are logged in our ISMS and are addressed as the highest urgency work. Incidents are assessed against GDPR articles 33 and 34 to determine if user and ICO notification is necessary.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£50,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.