Virtual College Ltd

Ready-to-go Courseware

We deliver over 300 e-learning / elearning courses across numerous topics. All courses are CPD accredited and designed based on the latest learning and development thinking, using pedagogies to produce impactful training. We focus on delivering high quality interactive training to engage learners whilst offering a low-cost, rapid training solution.


  • Online, self-paced
  • Interactive challenges
  • SCORM compliant
  • Each course is fully narrated
  • Knowledge check assessment at the end of the course
  • Instant digital certificate awarded on completion
  • Course evaluation to capture learner feedback
  • Access to our learner support team
  • All ready -to-go courses reviewed annually
  • Select courses City & Guilds accredited


  • Designed to engage and inspire learners
  • Content ranges from introductory to more advanced levels
  • Catalogue covers a wide range of topic areas
  • Different interactive elements; catering to more learning styles
  • Opportunity to customise to client requirements
  • Regularly reviewed and updated with statutory and regulatory changes
  • Certificate awarded to evidence completion
  • Capable of being hosted in any SCORM compliant system
  • Can be completed any time, anywhere


£0.50 per licence

  • Education pricing available

Service documents

G-Cloud 11


Virtual College Ltd

Felicity Bagshaw

01943 605976

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to A SCORM compliant hosting platform is required.
Cloud deployment model Private cloud
Service constraints Content must be hosted in a platform such as a learning management system. The host system may also dictate the file format of the content (e.g. SCORM).
System requirements Access to a hosting platform

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Full email support is available to all our users, including system administrators and individual users. This service is available from 8.30am to 5.30pm, Monday to Friday, via our help and support team. In addition we have an out of hours service; where urgent e-mail enquiries are checked, allocated and responded to and calls are answered within out service level agreements. Our response standards are within two hours of receipt or next working day if received outside working hours. 80% of all support emails are answered within 2 hours and 95% of emails are resolved without the use of further correspondence.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels All users have access to our learner support team - accessible by phone or email. If the content is hosted in our learning management system help and support guides are also available.

If more extensive support is required (for example if purchasing a large selection of titles or support with roll-out) then Account Management support is also available.

Account Manager's offer communication and support including regular catch-ups and reviews. Account Managers are also responsible for coordinating responses to incidents and issues. Issues can be escalated to the Technical Team and dealt with in relation to their severity. Account Managers endeavour to acknowledge all email requests within 1 working day.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our content has been designed to be easy for new learners to pick up and use. For one-off purchases made online the user will be sent an email to their registered address confirming their login details and a link to the training. Should the purchaser being doing so on behalf of a group of learners they will have their own hosting domain setup and the purchasers be set as an administrator for that domain. They will then be able to set up users and allocate the courses as they require. They will have access to an array of support guides on the system's Help and Support page.

If a purchase has been made for the content to be hosted in another platform a link from which to download the files would be sent to a named administrator.

Further on-boarding support can be provided by the support team if required.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Platform help and support page
End-of-contract data extraction The course does not capture any client data however the client's learners will be able to download their certificates as evidence of completion prior to the contract's end.

Should our hosting platform be employed we ensure customers are able to fully extract the data they need. Initially we would inform them they have a certain amount of time to extract their data themselves should they wish. System administrators have access to all user data held in the system and can extract by their preferred method. They are also able to run any number of system reports and export these from the LMS as a comprehensive record of all system data. If the files are too large for them to extract we will offer to do this on their behalf. Upon extracting the data will send it to them via an encrypted memory pen. This data would usually be extracted in the form of a series of system reports that provide the customer with all the user data they require.
End-of-contract process If a customer requests to leave our service, we commit to providing a simple and efficient exit process to enable customers to end their service with us and where appropriate, move learners and their respective records to a different supplier and/or retrieve their data. On receipt of confirmation that a customer will be leaving us, we will send them Off-Boarding correspondence via email. This will confirm the products that the customer has chosen not to renew, the date that access will cease, the steps taken in Off-Boarding a customer, and the contact details of a named individual within Virtual College, should they have any questions. We do not charge customers for any costs associated with our standard off-boarding procedure.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All the content we produce can be used on mobile devices. In most instances the content will appear on the mobile device as it does on a desktop.
Accessibility standards WCAG 2.1 AAA
Accessibility testing We test all our content on Internet Explorer 11, Firefox, Android, Google Chrome, Safari and Edge as well as on our own learning management system.
Customisation available Yes
Description of customisation Our content team can customise our ready-to-content to meet a clients requirements. This includes rebranding, making amendments to particular pages, adding new interactive elements or resources or new pages entirely.

Customisation can only be provided by our content team with costs dependent the scope of the required amendments.


Independence of resources We load test our service using a number of software tools which emulate a large number of active clients on the system. We are aiming towards the system being able to host 10,000 concurrent users. Each customer using the LMS is set up on their own domain. These domains are separated, so no users in one domain may affect another domain. Multi-domain access is restricted to the admin panel, which only certain members of the Technical Team have access to.


Service usage metrics Yes
Metrics types System Administrators view service metrics by a variety of means. They can view user records which contain their system data and can further drill down in to individual pieces of data, such as courses, to view these in greater detail. The system also has a reporting suite which features customisable reports. These report on a number of elements such as system usage, course data, evaluation data etc. These are presented in a tabular format and provide a comprehensive view of all elements of service usage.

SCORM compliant systems will also be able to track SCORM files they host.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach TLS (Version 1.0 and above)
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users are able to export data system data, such as notes and reports by clicking the 'Export' button on-screen. They have the option to export them in a variety of different formats. In terms of exporting personal data this task would need to be performed by our Business Administration team.
Data export formats
  • CSV
  • Other
Other data export formats
  • .XLS
  • .JSON
  • .PDF
  • Rich text
Data import formats Other
Other data import formats Text input

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks For our own platform TLS (Version 1.0 and above)
Data protection within supplier network Other
Other protection within supplier network For our own platform IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Learner Support
• Calls answered within 3 rings
• Emails acknowledged within 2 hours
• Email replied to either resolving the issue or explaining next steps (due to bug etc.) 1 working day

Hosting Platform
We have an internal technical team that manages and solves any day to day technical issues with the systems we operate. They are also responsible for implementing technical developments and new features. The core of this team is available from 8.30am to 5.30pm, Monday to Friday. In addition we have an out-of-hours agreement with key technical staff members that provide out of hours technical support in the event of infrastructure issues. The monitoring software on our hosted systems alerts all key staff to any problems or issues. We also have 4-hour hardware service agreements with both DELL and Com-Com. Because we take our service and security responsibilities extremely seriously, our current system availability statistics show that we have achieved 99.9% system availability over the last year.
Approach to resilience This information is available on request.
Outage reporting Any potential outage would be reported by sending out a notification in the system to warn LMS users. These notifications would pop up on the user's dashboard and be stored among their notifications. Outages are also reported to key contacts via an Account Manager.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels If the content is hosted on our platform a user will be set up as an administrator. Only they are able to access the management interface. In terms of support channels, users can access the Learner Support team with any queries by phone or email. We also offer a full account management service, backed by a business support team, access to whom is restricted to an organisations administrators.

Where the content is to be hosted in a third party system we send a link to the content directly to an administrator, ensuring only they are able to access the files.
Access restriction testing frequency At least once a year
Management access authentication Other
Description of management access authentication Management access to our platform is authenticated via the manager's username and password.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Virtual College takes its data management responsibilities seriously. We encourage all colleagues to identify and report all potential risks so that we can take positive measures to eliminate or control these risks whilst working within the data management principles. We are proactive in providing information, training and supervision so that all those associated with the organisation can take reasonable care of their own and other people’s information and feel able to report any situations in line with our Data Protection and Confidentiality Policy. These high standards are applied to any staff member processing your data so you can be sure that whilst user data is being uploaded to the system, and throughout the ongoing support, it will remain strictly confidential at all times.

Virtual College complies with all aspects of data protection and we train all our staff on what this means in practice. We work with an independent consultant in the continuous improvement of our approach and undertake regular audits in order to ensure all staff work within our policies and procedures. Our registration number is Z7723545.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a strictly defined quality process which is managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.

For our code base, everything is under strict version control so nothing is lost and everything is backed up. For configuration and content within the LMS, there is also version control to allow administrators to revert any changes and have a history of changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security is paramount and rigid design protocols are utilised to reduce the threat of vulnerabilities. Using Entity Framework and MVC with extensive use of stored procedures to mitigate SQL injection attacks through comprehensive sanitization of input and stored procedure permissions. Using tools including Nexpose, ZAP and BurpSuite vulnerabilities are dealt with expediently and added to sprints where necessary to mitigate the risks of cross site scripting, cross site request forgery, click jacking etc.

We have a strictly defined quality process managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have monitoring services on the server to alert our IT staff of any potential issue. We then have extensive reporting in the system which logs any potential risk or attack. When a compromise is found, it is looked at according to our SLA. If the risk is high it will be solved within 2-3 hours.

We have a strictly defined quality process which is managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.
Incident management type Supplier-defined controls
Incident management approach All incidents are reported using Virtual Colleges own mechanism as part of our ISO process. An RCA (Root Cause Analysis) form is filled out and then a detailed report of the issue, how it has been rectified and measures to prevent in the future is created and distributed internally and externally when required. Minor requests will be completed within twenty-four hours. More in-depth requests are assessed on receipt.

We have a strictly defined quality process managed as part of our ISO9001 accredited quality management policy. A copy of this policy is available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.50 per licence
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑