Simitive Ltd


Simitive Compliance solution provides the functionality and flexibility to deliver significant improvements in completion and reporting organisation wide compliance. The solution has the capability to securely house all eLearning for compliance.


  • Organisation, individual or group compliance with progress tracking
  • Produced by experts in the law to ensure legal compliance
  • Ensures compliance training is completed on time through automated prompts
  • Automatically generates Certificates on successful completion
  • Shows progress and completion levels in real-time
  • Real-time reporting on completion and compliance
  • Assigns modules and training for each job role
  • Clarity on compliance responsibility for individuals
  • Includes Data Protection, Anti-bribery, Money Laundering, Information Security
  • Delivers updated content to ensure compliance is maintained


  • Saves cost and time in managing compliance
  • Provides easy identification of departments not compliant
  • Pictorial approach enhances engagement in compliance
  • Updated content insures compliance is relevant and not out-dated
  • Automated prompts remind users of deadlines to ensure compliance
  • Training completed inside the module allowing automatic reporting on completion
  • Users have a unified experience of compliance training within system
  • Compliance easily assigned by job role or function
  • Clarity around compliance enhances employee engagement
  • Real-time reports show up to date compliance data


£1 to £10 per user per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

7 9 7 3 7 4 2 7 9 4 7 8 8 7 8


Simitive Ltd

Devinder Whelan

0117 9117950

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The Simitive suite includes online review, learning management, activity based costing and workload planning solutions. Each product can be implemented as a stand-alone system, or integrated to provide employee dashboards.
Cloud deployment model
Private cloud
Service constraints
Simitive systems are ‘locked’ for 15 minutes during the night for monthly code releases. There are no requirements for other downtime as the system is architected to provide 24 x 7 availability.
System requirements
  • Web browser access, all current web browsers are supported
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support calls are handled in line with the below standard SLAs.

Severity 1: Critical system problem or issue. 15 minutes form receipt of notification.

Severity 2: Time critical problem or issue. 60 minutes from receipt of notification.

Severity 3 & 4: Non critical system problem or issue. Acknowledgement within 24 business hours from receipt of notification. A process will be agreed with the customer.

The above are for standard UK business hours (Monday to Friday 0900 to 1700 excluding bank and public holidays). Additional support hours including weekend support is available on request.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support is available Monday to Friday (0900 to 1700) excluding Bank and Public Holidays. Support calls are handled in line with standard SLA.

Standard support is provided as part of the annual license fee, and no additional costs are payable by client.

Extended support service, up to and including 24x7 support and managed services are available on request. Costs for extended services are based on the number of client licenses and the scope of the service.

Simitive have a Support Manager who is responsible for ensuring SLA are met and to conduct regular service reviews.
Support available to third parties

Onboarding and offboarding

Getting started
All projects follow Prince2 methodology, which defines the scope of the project and the required work-streams are established, for example SSO, data imports and framework alignment.

During the design and implementation, Simitive project managers work closely with the client.

Simitive provide the following types of training:
On-site for system administrator on a train the trainer approach.
On-line training for system administrator using remote technology.
User guides and training guides.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction
At the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems.

Any systems used in the provision of the services are cleansed to industry best practice standards.
End-of-contract process
At the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems.

Any systems used in the provision of the services are cleansed to industry best practice standards.

There are no additional costs at the end of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
By necessity the responsive design of the system alters the look of screens to facilitate clarity on smaller devices.
Service interface
What users can and can't do using the API
The system is capable of integrating with any system via its APIs. It is currently integrated with most major HR and Student systems as well as Proprietary systems. Simitive runs version 1.0 live REST API web service; secured with HTTPS and oAuth using a JSON format (other formats can be supported). This API allows a client to programmatically create/read/update user records and associated information.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The system can be customised to allow individual organisation branding, terminology and import of any data including job description, grade and any other relevant information to support policies such as equality and diversity. Individual displays can be customised to different types of users and roles to ensure the content is relevant and engaging for all staff types. Within the system, there is customisation the client can configure. For system changes, Simitive support staff or consultants will be required to perform an impact analysis and make the required changes.

Most Simitive modules allow extensive configuration by the client without recourse to Simitive.


Independence of resources
Simitive systems are delivered via a massively scale-able architecture based on Amazon EC2. Each client's instance is isolated from all others to ensure that there can be no effects across clients.


Service usage metrics
Metrics types
Service metrics are provided both within the system, through standard reports and through the use of google analytics.

In addition, Simitive Support Manager carries out service reviews with clients on a regular basis.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The system has a standard export function that allows users with appropriate permissions to export all data from the system.

Students and supervisors can export pdf of progress reviews.

The reporting tools, for individuals with the right security permissions, allow users to export data into excel spreadsheets. The data held within the system can also be exported to a data warehouse.

The API is a bi-directional API and will allow data to be written back to key systems as required.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Simitive systems are guaranteed to deliver 99.5% availability with service credits should this level not be achieved.

Over the last 4 years Simitive has delivered 100% availability.
Approach to resilience
Available on request.
Outage reporting
Simitive Sysops monitor all systems continuously for any potential outages.

The systems architecture automatically replaces failing items before an actual outage occurs.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Users do not have access to management interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The ISO27001 certification doesn't not cover outside of the data centre environments (which covers the hosting environment and its associated data centres, machine, storage, software and security environment).
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus (UK)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Simitive have formal information security policies which are owned by the Managing Director and form an integral part of the company's standard operations. The policies are processes cover internal as well as service delivery security.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to the Simitive cloud require approval by a Director and Head of Technical Services. Any changes are subject to impact assessment prior to any action.

As a user of Amazon EC2 Simitive are subject to and controlled by the certified standards and regulations that form part of Amazon service.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Simitive carry out continuous threat analysis and all patches are applied inline with industry best practice and providers recommendations.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Simitive systems are monitored constantly for any potential compromises through a suite of monitoring tools. As soon as a potential compromise is identified the instance or instances potentially affected are locked whilst detailed examination is carried out. Depending on the outcome of the investigation remedial actions are carried out and any changes made before the instance is reactivated.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Simitive has standard tested proceses for incident management. In the unlikely event that an end user is aware of an incident before it can be reported by email, phone or client portal 24x7. For any incident a report is produced following appropriate investigation and resolution whihc will be shared with any affected clients.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£1 to £10 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑