EssentialSkillz

Course Authoring and Online Policy Sign Off and Compliance

eLearning course authoring and Online Policy and Document sign off system. The system ensures employees have read, agreed and have understood by passing a test, all policies/procedures and documents added to the system. eLearning courses can be created and maintained using the integrated authoring tool. Includes use of WorkWize LMS.

Features

  • Online Policy Sign Off
  • Dynamic Reporting
  • Electronic Signature to confirm acceptance
  • Upload documents or link to existing documents
  • Fully version controlled
  • Deploy and track training and documents using WorkWize LMS
  • Comprehensive reporting suite
  • Accessible from PC, Laptop or mobile devices
  • Automated enrolment and re-enrolment
  • eLearning course authoring

Benefits

  • Automatically enrol staff on relevant Policies and Documents
  • Test employees understanding of documents
  • Comprehensive Compliance Dashboard provides an overview of compliance
  • Unlimited number of policies/documents
  • Compliance certificate with unique reference number
  • Roll out policies in minutes
  • Author eLearning courses on any subject
  • Maintain a full audit trail of changes to courses
  • Deploy training quickly and effectively with the included WorkWize LMS

Pricing

£3.61 per person per year

  • Free trial available

Service documents

G-Cloud 10

808738701540776

EssentialSkillz

Julian Roberts

01244 911677

julian.roberts@essentialskillz.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Planned maintenance is quarterly and is carried out outside working hours
System requirements Browser and internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond same business day, or next business day at the latest. Support issues raised over a weekend will be answered next business day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Users can type questions which are answered by one of our Support staff in real time.
Web chat accessibility testing None
Onsite support No
Support levels Support is included in our subscription pricing and all clients receive the same level of support. All clients have a dedicated Business Development Manager and Support person.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online training sessions to on board clients. We run the training over a series of sessions to ensure the user has time to absorb the training and pull together any questions ready for the next training session. We also provide comprehensive user documentation and online support videos.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The users can either run reports and export the data from there, or we provide an account shut down service to extract all data and provide it to the client.
End-of-contract process At the end of the contract the client is able to extract their data and the account is closed. Data is then removed from our servers.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None, the software is optimised for use on mobile or desktop.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our system works with screen readers such as Read Aloud.
API Yes
What users can and can't do using the API We use RestAPI. The service can accept user data from third party software to populate WorkWize (our LMS) and also send training course completion data to a third party web application. Each API request must contain a 'token' parameter which represents the unique key per client. Upon request receipt our server validates the token against incoming IP address and permits or refuses client access.
Important: Client must provide a fixed IP which will be used to communicate with the API.
WorkWize API uses a token to authenticate all API requests.
We require that all requests are done over SSL.
Every string passed to and from the API needs to be UTF-8 encoded.
We can also use an API to launch the Policy Sign Off system directly from another LMS. All courses developed using the authoring tool are SCORM compliant and can be used in another LMS.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Buyers can create their own document sign off within the system. This allows them to add some pages of content describing the policy/document prior to the employee signing off. The buyer can also create and edit their own question sets to test user understanding. Both of these can be edited ongoing with full version control.
eLearning courses can be created in the system and edited on an ongoing basis. All changes are tracked in a full audit trail.

Scaling

Scaling
Independence of resources We regularly review our network usage statistics of our production environment to make sure bandwidth and traffic allowances are provided to guarantee network capacity. We employ server monitoring software to notify us of any issues.

Analytics

Analytics
Service usage metrics Yes
Metrics types Reports are available within the system to review usage in real time. Usage of the system is training and risk assessments completions by end users and risk issue resolution by administrators.

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers can download various reports in CSV format from within the O-LAS LMS. User and course completion data can also be accessed through our REST API.
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% assured by contractual commitment
Approach to resilience Our core production infrastructure is managed by Rackspace. The Rackspace Data Centre is ISAE 3402 Type II SOC 1 Audited. Further details are available on request.
Outage reporting We use third-party software to monitor the health of our servers and to notify us of any disruption in service. In addition, we have deployed various e-mail alerts to notify engineers if any critical WorkWize services fail. WorkWize also provides extensive logging of all user activity within the system.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication We also support SAML-enabled SSO types including Shibboleth, ADFS, AAD and PingIdentity. In addition we also provide LDAP SSO integration.
Access restrictions in management interfaces and support channels Access is restricted by IP address as well as username/password.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our Information Security (IS) standards and procedures are based on the ISO 27000-series.
Information security policies and processes Our security policies have been developed in-house and are based on the ISO 27000-series. The IS policies and standards are reviewed continuously and updated, with COO approval, as required. There is a formal review and approval by the COO at least annually.

Staff must acknowledge the Information Security policy before being granted access to systems.

Employees also undertake comprehensive workplace, IT and HR training courses - compliance is monitored on an on-going basis.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We employ appropriate software version control systems which ensure that every change to our system is fully recorded and documented. Furthermore every change or feature request is documented in our project management software so it can be traced.

We always carefully assess any impact of operating platforms on our products.

As per our managed services contract with Rackspace patching and security updates to our core infrastructure are managed by Rackspace with exclusions where applicable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We regularly undertake penetration tests using industry standard tools e.g. Qualys. We have also engaged an independent third-party (Espion) to conduct more comprehensive penetration tests and security assessments. We perform an annual penetration test using Espion and act on their recommendations.

Security patches etc. relating to our core infrastructure is managed by Rackspace who react immediately to any vulnerabilities as per our managed services agreement.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We continuously monitor system logs and receive alerts should any issues arise. All significant changes to customer data is logged including the identity of whoever made the change. These logs are stored remotely with access restricted to authorised staff.

All suspected incidents are reported to the COO.

Training on managing security incidents is included in staff security training.
Incident management type Supplier-defined controls
Incident management approach Incident management is the responsibility of our COO who nominates relevant employees with IS duties. All suspected incidents are reported to the COO and the COO is responsible for further action taken, including external reporting to clients and appropriate authorities, when incidents are confirmed.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3.61 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial EssentialSkillz offer the service to upload test documents to the system and trial the sign off procedure. This does not give access to the full Learning Management System.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑