Xpand Ability is an organisation level customisable self-service skills assessment and eLearning tool.
Organisations can update assessment requirement questions, eLearning materials and distribute to end users.
Track responses, requirements and engagement through Xpand dashboards.
Each end user builds a learning path, receiving signposting information.
- Customisable Assessments for Candidates and Staff
- Track Metrics of those Completing Assessments
- Self-Service Content Management Tools (Videos, Quizes, Text)
- eLearning Materials and Courses to Help Grow Businesses
- Visualisations, Charts and Graphs to track performance of users
- eLearning Materials to Support Business Growth Programmes
- Access and Provide Multiple eLearning Courses in Minutes
- Self-Service tool used to support wider communities of users
- Track the effectiveness of training programmes on an ongoing basis
- Advanced User Management Functionality Available
- Assess user and business capabilities in minutes
- Low-cost self-service tools to support business growth initiatives
- Tools to support and re-inforce learning from courses and workshops
- Signposting and assessment tools which reduce the administration
- Cost Effective Tools providing every business with tailored support
- Track enquiries and provided support for signposting support
- Live usage metrics within the linked applications and dashboard
- Adaptable for any assessment and eLearning requirement
- GDPR compliant on-boarding and measuring tools
- Screening tools for business support programmes
£4000 per licence per year
- Education pricing available
Xpand Group Ltd.
+44(0)20 323 97263
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Xpand Insights (www.xpandinsights.com)
Xpand Insights provides functionality to update content of questions and assessments.
Xpand Access (www.xpandaccess.com)
Xpand Access provides functionality to on-board those completing assessments and eLearning courses.
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Call Acknowledgement within 2 working hours
Call Grading within 5 working hours
Call Response as per targeted customer support SLA
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.0 A|
|Web chat accessibility testing||
Technical support chat is provided through a Slack channel which customers are invited to once they have subscribed to their annual packages.
Slack has accessibility guidelines which can be provided on demand.
Slack has features to allow Accessibility to be increased to a higher standard through the removal of animations and Emoji's which are currently set as default settings for those creating accounts.
Working with an Accessibility consultant on an ongoing basis - Xpand has provided a page specifically about it's accessibility guidelines for each of these supper options and it's commitment to accessibility testing : - www.xpandaccess.com/accessibility
|Onsite support||Yes, at extra cost|
Organisations who are on the free version of Xpand applications can submit calls via the community GitLab / Jira Service account,
No dedicated manager provided.
Basic Support - £4,000 p/a
No dedicated manager - access to call raising and change request functionality. Ability to request and track support issues against SLA.
Standard Support - £10,000 p/a
Calls can be raised through the Jira Service desk and responded to between Monday - Friday (9am - 5pm)
Dedicated account manager provided.
Premium Support - £25,000 p/a
Customers can raise calls on a 24 / 7 basis with out of hours support available. Calls raised will receive expedited support targeted against SLA's.
Dedicated account manager provided.
On-Site Support & Training £1,000 / £1,500 per visit
Optional on-boarding, training and induction packages start from £1,000 per visit with in-person training and on-site support provided.
|Support available to third parties||Yes|
Onboarding and offboarding
Onsite on-boarding services are available.
Documentation is available as to how to use the application.
Walkthrough Videos are also available to guide users how to use Xpand Access.
A support messaging platform is available.
Webinars are scheduled once a month to answer questions on request.
On-Site Training is available at £1,000 - £1,500 per day to train as many users as wished with as many sessions as requested throughout that day.
|End-of-contract data extraction||
Xpand Ability business users can extract their data by : -
1) Logging onto the Xpand Ability Application
2) Visit My Profile Page
3) Click Download My Data
4) CSV with data will download
Organisations can request an extract of the data of their users and team through the Self-Service Xpand Insights application on the My Profile Page.
The designated data controller for the organisation will receive a link to download the file via secure transfer on the email address when the file is available.
The data controller will need to re-enter their password or have 2 factor authentication setup to confirm that they will be able to download the file.
Where annual pricing has been agreed : 60 / 30 days before the end of the contract customers will receive a notification of automatic renewal in order to ensure continuation of service (Quotations will be automatically issued).
Where monthly pricing has been selected : Notification of automatic monthly payment will be provided. Payments must be paid up to the end of the agreed monthly period.
60 days notice is required for requests for cancellation of service.
If the contract is renewed the information will be retained on the Application.
If the contract is discontinued - access to existing data will remain for 60 days with all access to additional data requests suspended until the contract resumes.
All buyer reports and custom data will be made available to extract according to individual data licensing.
Included in Cost: -
Access to current data
Analysis and usage statistics
Additional cost : -
Additional Support / Hosting of data
Additional analysis and reporting
On-Site SLA / Contract Meetings outside of Support Package
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The mobile application is optional and the application will work as a web based application via the website through mentioned browsers.
All functionality is available via the mobile application
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Working with Accessibility specialist groups in Northern Ireland we have carried out testing of the web and mobile based Xpand applications.|
|Description of customisation||
GDPR related content, messaging and questions can be customised using Xpand Insights application to set up the customisation.
Key messaging and signposting content can also be customised through the Xpand Insights partner application.
Buyers can set who within their organisation can carry out the customisations.
|Independence of resources||The application has been designed on a scalable infrastructure incorporating containerisation to support independent resource management for each customer.|
|Service usage metrics||Yes|
Usage Report : User Activity reports
Credit Reports : Usage of Credits
Client Usage Reports : How many clients have used the service and how they have used the service
Organisations can request full historic metrics via the Xpand Insights control panel and service requests via Service desk.
These will be provided in CSV / Dashboard
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Xpand Ability users can individually export their data via the following steps.
1) Log onto application
2) Visit My Profile page
3) Select 'Download my details'
Xpand Ability organisation users can make a request through the following options.
1) Log onto application
2) Visit My Profile Page
3) Select request data download file as CSV file
4) When available the data-controller will receive an email with a link to download organisation file which will require 2 factor authentication to be set up in order to download
1) Raise service call via the provided support panel
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
95% service availability SLA between 9am - 5pm Monday - Friday excluding bank holidays and agreed service notifications.
Users will receive a credit note for the next year to the value of 1% of their contract for each additional 1% of service unavailability.
|Approach to resilience||
Full Information available upon request - firstname.lastname@example.org
Multi data centre setup with manual failover procedures
Outage details are visible on the Xpand Access website via a publicly accessible dashboard. (www.xpandaccess.com/servicestatus)
Outage alerts are sent to organisations when a significant outage is predicted or has occurred for longer than 3 hours.
Information on outages are available via the Xpand Service twitter handle.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Username and Password for each person using support and management interfaces authenticated by Xpand Support team or 2 Factor Authentication.
Support data is only available to allocated, identified and trained members of the Xpand Group teams. Users must have Xpand domain level email address to access support data.
Data Controllers and those requiring access to additional user data are requested to have 2-factor authentication set up in order to access or export any user data.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Xpand works with external security governance advisors.
Security details are documented and recurring checks are in place with each code release.
|Information security policies and processes||
Security and governance policies are in place; Xpand are implementing information security policies to the standards of ISO/IEC 27001 and are seeking certification in 2018.
Recurring internal and external audits are conducted.
Training surrounding security policies are part of the induction process.
Procedures surrounding release are agreed by directors ensuring that adequate security processes are in place.
Policies are reviewed on a quarterly basis.
Documents are available via intranet and each member of staff who must sign their agreement to the latest procedures to continue contract / employment with the company.
Incident Management policies are in place surrounding information breaches.
ICO registration has been completed and complies with all relevant data control measures.
Privacy By Design has been implemented on this solution.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Each detail of the service solution is documented through a central repository - including changes per release. Change logs are tracked and each release has associated documentation and checks.
All major changes require an information security sign off - upcoming change requests are impact assessed.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
As part of an ongoing monthly review Xpand has a sprint planning session including governance, vulnerability and security,
Critical patches are implemented within 7 days
Change logs are reviewed as well as upcoming activities to identify required activities to resolve vulnerabilities.
Threat information coming from supplier forums and are handled as a SEV 2 service calls.
Incident management processes are followed where there is a confirmed impact to users.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Access logging has been implemented into the hosting for the application and API services, meaning all access is tracked.
Potential compromises can be raised by staff at any time and will be handled through service desk SLA's (Acknowledge / Response / Resolve times)
Incident response policy follows industry standards.
Daily scripts check for unusual activity.
Where unusual activity is tied to a specific account - a notification will be sent to affected users and data controllers to recommend actions.
Where unusual activity has been detected on an application level, further investigation will be conducted.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident Management process documents have been generated and are stored on our local intranet and securely stored in physical format.
These documents form part of the induction programme and must be signed by each team member.
Users can report serious incidents through email@example.com, +44(0)20 3239 7263 or SMS to dedicated account manager.
Incidents are logged via support channels and summary reports of each incident are provided via email, and meetings upon request for premium support customers.
Processes have been established to allow for out of hours response to serious incidents.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£4000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|