Cognisco Ltd.

People Analytics, Assessment, Compliance and Business Intelligence

Cognisco’s robust assessment methodologies to calibrate people capability and risk across hard-to-quantify sectors.
Identify talent; demonstrate competency; develop decision-making.
Off-the-shelf assessments; industry benchmarks.
Highest quality, low cost. Mobile friendly, bite-size formats.
Competency compliance for regulated industries. Biometric ID validation/certification.
Bespoke assessments reflect real application of understanding, behaviour and culture.


  • Scenario-based Competency and Confidence correlating assessments
  • 360 Degree Assessments, Feedback, Apprenticeships Quality of Evidence
  • Personalised learning needs analysis to identify most effective L&D spend
  • Assessment of application of knowledge and judgement in specific situations
  • Identify potential People Risk & Reputational Risk at multiple levels
  • Biometric invigilation and identification management
  • Track evidence-based ROI impact of learning and development investment
  • Bespoke assessment development for any skills, capabilities & competencies
  • CMI approved scenario-based Leadership & Management assessments
  • Assessments and reporting delivered via web-based and mobile applications


  • Understanding personal impact on colleagues and stakeholders
  • Evidence of competency and identify specific learning gaps
  • Direct learner to most effective and efficient interventions
  • Identification the unconscious incompetent and associated risk
  • Mitigation of People Risk, Reputational Risk and change capability.
  • Eliminate identiity fraud and cheating during assessments
  • Return on Investment analysis of learning and risk mitigation
  • Tailored, service-specific assessments to meet unique business needs
  • Universally acknowledged standard for Leadership & Management development
  • Real-time access, data-analysis and reporting


£1.00 per transaction

Service documents

G-Cloud 11


Cognisco Ltd.

Alex Poppleton

07834 315044

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Civil Service Learning and other Learning Management Systems.
HR/Workforce Management and Employee Engagement processes.
Risk and Regulatory Compliance systems and processes.
Certification and examination systems.
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints No.
System requirements
  • IE 11 or newer browser access.
  • Chrome 62 and above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Office hours only, Monday to Friday 9-5:30. SLA levels to be agreed individually in contract.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Can be delivered if required.
Onsite support Onsite support
Support levels This is a web-based application with Technical/User support is provided by phone and email most of the time very effectively.
For new clients face to face training of Super Users as part of induction is often provided onsite, or via webinars, videoconferencing and phone as required.
We build strong relationships with clients and have frequent meetings to develop projects at inception, with quarterly meetings to maintain continuous improvement.
Relationship management is vital to the bespoke nature of our business and we work hard to make it highly effective and retain clients.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For new clients face to face training of Super Users as part of induction is often provided on-site, or via webinars, videoconferencing and phone as required. Users are supported both via their own Super Users and directly by Cognisco via our Support Team as needed.
We focus on building strong relationships with clients and have frequent meetings to develop projects at inception with key users, with quarterly meetings to maintain continuous improvement.
We provide on-going support and training through our highly expert team to current and new users which is included as part of the overall service. We use a helpdesk ticketing system to ensure we tag every request, and then support with email, on-line, phone, videoconferencing, webinar or face-to-face support as required.
Relationship management is vital to the bespoke nature of our business and we work hard to make it highly effective and retain clients.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Microsoft Office Formats
End-of-contract data extraction Clients have multiple options for extracting data including:
Data can be retrieved from the system via the administration function;
Data can be downloaded as extracts which can be standard format or customised;
System and data can be maintained for live access if required;
Archive database and system to be accessible for audit purposes;
Remove personal data and retain anonymised results;
Securely destroy data and back-ups as requested.
We are GDPR compliant and all our data is stored within the UK.
End-of-contract process End-of-contract process can include to retain system and/or data, or to provide documentation. We can provide whatever handover service is requested. We support clients to ensure that all user access is managed effectively and shut down client applications appropriately.
If the client does not wish for the data to be stored, the data will be securely destroyed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Application and User Interface has been optimised for mobile devices and tablets. E.g assessments broken into bite-sized learning.
What users can and can't do using the API APIs are configurable to allow clients to provide and receive notifications from the system . These are REST based Web APIs that use JSON payloads and are authenticated using OAUTH
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation System is highly customisable which is a key feature and benefit to create and support bespoke applications for each client, and multiple applications within clients. The following can all be customised:
Subject and content of all assessments to include application of knowledge, behaviour, and culture to client;
Customisation of off-the-shelf assessments for specific client environments and contexts

Benchmarks, standards, competencies, regulations and compliance applications

Approved Authors can write, edit and customise assessment content

Client Super Users /Managers can customise user-access, reset assessments, manage and approve competencies

Team Leaders can approve evidence for competency, approve competency and allocate assessments.


Independence of resources The system benefits from the use of elastic IP addressing to enable fail over in the case of data centre failure. Data is geo-replicated across datacentres and each web service supports seamless scaling up and out of the number of application servers starting with a minimum of 2 servers at all times that are deployed across separate fault tolerant zones with the same datacentre. All data is held in the UK.


Service usage metrics Yes
Metrics types System usage can be reviewed at multiple levels by Super Users and Team Leader roles.
Super Users can have access to metrics for all users, whilst Team Leaders only have access to their team's metrics. Multiple levels of team can be set up.
Metrics include current usage, last access, changes made and new data added etc.
Metrics are a primary feature of the system to enable current, past and future status of users to be managed and monitored, and whether they are compliant, competent and up-to-date with qualifications.
Additional service metrics can be provided on request.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Standard reports can be downloaded and/or printed as required on any device.
A full reporting and data extract service can be provided by Cognisco on an on-going basis or when requested.
Data can be delivered in multiple formats.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Microsoft Office formats
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% Up time guaranteed over the course of a year to exclude planned maintenance.
Service Credits will be provided where SLA not met.
Approach to resilience System is designed to be highly resilient to government standards. Available on request.
Outage reporting We use a monitoring service to provide email and App alerts to internal support staff 24/7.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Biometric recognition and identification validation if required.
2-factor authentication can be provided if required.
Access restrictions in management interfaces and support channels The service defines a complete set of roles that control and restrict access to the various parts of the system.
Access to Internal Management Systems which set access are controlled using corporate identities and roles at multiple levels. This enables degrees of access for different personnel within each client application.
Users can access via a login or access directly via one-time-use url link without login access.
Access requiring biometric validation can be enabled to ensure identification validation as required.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication Management access can be restricted to specific IP addresses if required.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International Ltd
ISO/IEC 27001 accreditation date 27/06/2018
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • ISO 9001:2015

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards ISO 9001:2015
Cyber Essentials
Information security policies and processes ISO 27001 standard processes and policies are followed.
ISO 9001 2015 standard processes and policies are followed.
Cyber Essentials standard processes and policies are followed.
We have a dedicated QA who reports to Head of Operations, reporting to the CEO and Board.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All components of our service are maintained within a software development lifecycle management tool including a software versioning control system. Changes identified from various parts of the business are documented and lodged within this tool and allocated to developers to implement. All changes are considered from a security impact and tested via our dedicated testing team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our service benefits from advanced auto threat detection on our SQL servers and databases including SQL injection. The auto threat detection service maintains details of all current and new potential threats and applies these to our service automatically. All system operating systems are auto-patched by our provider.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our service runs a number of monitoring services that automatically notify us of any potential issues. Any issue requiring manual intervention will be assigned a priority ticket, triaged and remediated as soon as possible. All such tickets are responded too within 24 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Users report problems either by phone or via our support desk email. Issues are triaged and responded too within our standard SLA. Incidents are logged in our support management system and responses provided to the User.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.00 per transaction
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Trial options depend on the type of service of interest to the user.
We can provide demo versions of off-the-shelf assessments, access to demo apps, trail periods, indicative reports and user experience and other options.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑