Traineasy LMS

Secure by design, purpose-built training compliance and learning management system, clean and contemporary, supports SCORM and AICC e-learning, classroom bookings, certifications, email reminders and live training compliance statistics. Available with fully integrated performance and appraisal module for customers looking for a talent management component. Growing in popularity year on year.


  • Fully integrated learning management and training compliance system
  • SCORM 1.2, SCORM 2004 and AICC compliant for e-learning
  • Available with integrated classroom booking and online appraisal modules
  • Nested rules allow different methods for obtaining training compliance
  • Real-time reporting on compliance, classroom attendance and e-learning attempts
  • User dashboards provide instant access to courses and essential information
  • Competency frameworks, development plans and personal objectives
  • Appraisal compliance, performance and talent reporting
  • Training due and overdue email reminders
  • Classroom booking, reminder and cancellation emails


  • Use the push-pull design features to rapidly improve training compliance
  • Save costs and time with instant and real-time compliance reporting
  • Ensure staff classroom bookings are in their outlook calendars
  • Reduce admin costs with self service classroom bookings
  • Drive down DNA rates with a combination of automatic measures
  • Give staff the user experience they want with an LMS
  • Develop an extensive, searchable catalogue of blended learning
  • Produce any imaginable report instantly and in real time
  • Upload prior learning records so full training histories are available
  • Add the fully integrated appraisal module for absolute efficiency


£1 per person per year

Service documents

G-Cloud 11

812654413191803 Limited

Sarah Lambie

01908 508777

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints IE 10 and below is not supported.
System requirements
  • A stable internet connection
  • A modern browser
  • Popups must be enabled

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Maximum response time is within 4 business hours. More often than not response times are immediate or within one hour.

(Business hours are Monday to Friday 9 to 5.30pm excluding UK bank holidays).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All customers are entitled to Level 1 and 2 support. For example, when a technical issue prevents normal use of the system to a greater or lesser degree, this will be prioritised and resolved as soon as possible at no additional cost to the customer.

Level 3 support is also available where customers can receive assistance with trouble shooting settings, or with setting up something new, for example.

Customers choose how many hours of Level 3 support time a year they require and pay for this annually in advance @ £56.25 per hour.

Customers without a Level 3 support arrangement may access this service on an adhoc bais when required @ £85.00 per hour.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboading starts during the presales process with an examination of the customer's unique circumstances and set of requirements. Detailed discussions are held, questions are answered and the onboading training schedule is agreed. Training for the admin users starts as early as possible in the implementation project, and is delivered via short WebEx sessions with time in between for the admin user to practise their skills. The content of the training sessions is always tailored and as many sessions as needed are held to ensure admin users' knowledge is sufficient and they are ready for go live.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All data including training records and user profiles can be extracted by simple CSV download.
End-of-contract process At 5pm* on the day of contract expiry, the affected client site is made inaccessible and users’ browsers display a ‘domain not found’ or similar message. Clients may extract any data they require from the front end of the affected system while the contract is still effective until 5pm* on the day of contract expiry. Within two calendar months from the day of contract expiry, the live client data is deleted. The LMS software remains the IP of Traineasy and the customer’s copy may therefore at Traineasy’s discretion either be deleted or kept for future use. A securely stored archive copy of the client data remains for a maximum of 12 months after which time it is permanently overwritten. Ad hoc requests for the retrieval or deletion of data from the archive can be made during this period and are chargeable.

*Client sites are made inaccessible as close to 5pm on the day of contract expiry as operationally possible taking into account weekends and UK bank holidays

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Traineasy LMS is fully mobile responsive. The information on the screens flows around and adjusts position in response to the device in use.
Customisation available Yes
Description of customisation The solution is graphically customisable so customers can expect it to look and feel very similar to their own websites for example.


Independence of resources Larger instances of Traineasy LMS are hosted on a dedicated server. They therefore have dedicated resources in terms of memory and processors allocated to them. Smaller instances can still be hosted on dedicated servers if required.


Service usage metrics Yes
Metrics types Session per day (last 30 days). Top 15 browsers used by user (last 30 days). Top operating systems used by user (last 30 days).
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach CSV download
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% availability is guaranteed in any rolling 12 month period.
Approach to resilience Node 4's Disaster Recovery Policy confirms resilience of services. Resilience and capacity management is also covered under their ISO 27001 certification.
Outage reporting Any outages at the Data Centre are reported via the Node4 NOC and communicated via email to Traineasy.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We provide access privileges to our technology (including networks, systems, applications, computers and mobile devices) based on the following principles: (1) Need to know – users or resources are granted access to systems that are necessary to fulfil their roles and responsibilities. (2) Least privilege – users or resources are provided with the minimum privileges necessary to fulfil their roles and responsibilities.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date 12/12/2017
What the ISO/IEC 27001 doesn’t cover Security operations, unified communications, open source eco-systems support and development with associated management and support activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Traineasy's Information Security Policy supports the 7 Caldicott principles and 10 data security standards and is supported by specific technical security, operational security and security management policies. Information Security and the appropriate protection of information assets is the responsibility of everyone. All staff remain accountable for their actions in relation to confidential information and information systems. Employees are responsible for ensuring they understand their roles and responsibilities, and this is reinforced by yearly mandatory training. Failure to comply with IS policies may result in disciplinary action. The Senior Information Risk Owner (SIRO) is accountable for information risk within Traineasy and advises the Board on the effectiveness of information risk management across the organisation. Within Traineasy the SIRO is also Chief Information Security Officer and is responsible for the day-to-day operational effectiveness of the IS policy, and its associated policies and processes. Traineasy's Data Protection Officer is responsible for ensuring that the company and its constituent business areas remain compliant at all times with Data Protection, Privacy & Electronic Communications Regulations, Freedom of Information Act and the Environmental Information Regulations. The Information Asset Owners (IAOs) are the responsible individuals involved in running the business area.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As a general principle, Traineasy systems are locked down as much as possible without inhibiting business requirements. This includes "Least Privilege" as well as a "Secure Configuration Approach" where Traineasy controlled systems and are assessed to determine exactly what business functionality is required; all unnecessary functionality is removed and default configurations updated. The configuration management database is kept up-to-date and always represents the live environment. The process we use is to record and review all requests for change, If accepted, requests for change are categorised and assessed, before being authorised, implemented, evaluated and closed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability management program is a continuous process that helps us better manage our vulnerabilities in the long run. It comprises the following components which are continually repeated: Asset Inventory, Information Management, Risk Assessment, Vulnerability Assessment, Reporting & Remediation, Response Planning.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our protective monitoring approach provides visibility and understanding of who is accessing data. All of our systems capture logs with accurate time stamps together with the ID and IP address of the individual and the actions they are performing, such as logging in, deleting data, and so on. System statistics about data access are collated and represented graphically on our systems' dashboards.
Incident management type Supplier-defined controls
Incident management approach Our Information Security Incident Policy is used to produce, implement, test and manage our information security incident management processes. The Policy covers both IT incidents and suspected data loss/breaches whether electronic or physical.

Our information security incident management processes are fully documented and enable us to handle different types of information security incident, including managing incidents affecting confidential information assets, from identification and analysis, through to response, resolution and recovery. We use a simple reporting form for incident reporting. The reporting form is easily available via the Traineasy intranet/IT system and it is designed to capture the required information,

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1 per person per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑