University of London

Bloom

Bloom is a SaaS implementation of UoL’s Bloom Software. The Bloom Software is based on a recent, stable release of the open-source virtual learning environment software known as Moodle. UoL have extended the core Moodle product with additional tools to improve teaching, learning and administration.

Features

  • Built on Moodle's established VLE / LMS platform
  • Unlimited Storage
  • Responsive UI
  • Customisation (via plugins) supported
  • Integration with popular student record systems
  • User and authentication with AD, LDAP, Shibboleth and more
  • Options for integration with BI systems

Benefits

  • Combine open-source flexibility with enterprise level assurances
  • Tailor the VLE / LMS to suit your institutional priorities
  • Access a thriving community of users and practitioners
  • A service that will grow as your institutional usage grows

Pricing

£11495 per instance per year

Service documents

G-Cloud 10

816499588574503

University of London

Danny Bramman

02078631346

danny.bramman@london.ac.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints We operate a weekly maintenance window (Tues 07:00-09:00) where service maintenance may involve downtime. All such planned maintenance will be notified with at least five (5) business days' notice.
System requirements Browser: IE9+, Opera, Safari, Firefox

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times typically 1 hour to 1 business day depending on assigned priority.
Standard Service hours are: 08:30 to 17:30 Monday to Friday excluding UK public holidays, any questions received over the weekends will be dealt with on Monday morning
There is an optional OOH service available at extra cost for P1 incidents
P1 Maximum 1 hour (target 15 minutes) Highest priority multiple users
P2 1 hour affecting multiple users
P3 2 hours affecting a small number of users
P4 1 business day lowest priority (one user not service affecting)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels In addition to support for incidents our support covers requests, advice, consultancy and development. This additional support is bounded by time. Our standard base service includes 3 x 8-hour days of such support. We offer four levels of additional 'Support+' packages which increase this allowance by 2, 5, 10 or 20 days.

All customers will have at least annual meetings with a technical account manager,
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The Moodle platform that underpins the Bloom service has a significant amount of documentation online at docs.moodle.org.

We offer customers an introductory webinar upon commencement of the service.

We are able to offer onsite training (at additional cost)
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We will provide, to the Customer:
• The entire source code of the Bloom software at the time of termination
• All Customer content stored within the Bloom Service
• A Redacted Database dump where “Redacted” means the removal of any confidential Supplier data such as passwords.

These items will be provided to the Customer on up to two (2) dates of their choosing with the last being no later than the Termination Date. These items will be provided via an sFTP location which the Customer will be able to access for ten (10) days after the content being added to the location. After this period, the sFTP location and access to it shall be removed and the data shall no longer be available.

If further assistance with termination is required, this can be requested and any effort invested by we will be subtracted from the remaining Support Allowance or invoiced separately as appropriate.
End-of-contract process We will provide, to the Customer:
• The entire source code of the Bloom software at the time of termination
• All Customer content stored within the Bloom Service
• A Redacted Database dump where “Redacted” means the removal of any confidential Supplier data such as passwords.

These items will be provided to the Customer on up to two (2) dates of his choosing with the last being no later than the Termination Date. These items will be provided via an sFTP location which the Customer will be able to access for ten (10) days after the content being added to the location. After this period, the sFTP location and access to it shall be removed and the data shall no longer be available.

If further assistance with termination is required, this can be requested and any effort invested by we will be subtracted from the remaining Support Allowance or invoiced separately as appropriate.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is provided with a fully responsive UI so that all functionality is available via mobile devices
Accessibility standards WCAG 2.0 A
Accessibility testing Moodle, the open-source technology underlying Bloom is used by over 78,000,000 users worldwide and feedback from users of assistive technology is incorporated into the Moodle development roadmap.
API Yes
What users can and can't do using the API All functions of the Bloom platform are accesible via the API (AMF, REST, SOAP, XML-RPC)
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation The Bloom platform is a plugin-based framework and there are thousands of plugins available to extend its capabilities. Our Bloom service is unique in the Moodle sector as it combines the ability to extend the platform via plugins whilst still providing enterprise-class service levels. Our Tailored service option enables Customers to install any plugins of their choosing without first requiring approval from us. The responsibilities for managing the effects of the resulting customized system is appropriately shared between us and the Customer.

Scaling

Scaling
Independence of resources Customers service instances have dedicated virtualised resources across multiple physical hosts which can dynamically migrate instances to alternative physical hosts where necessary to maintain performance.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can extract data via industry standard APIs, built-in functions for content export and using our support services to perform custom extracts of low-level data.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our base Bloom service guarantees 99.9% availability (measured during Business Hours).
Our OOH optional add-on service maintains the 99.9% guarantess but this is measured 24/7/365.
In any calendar month where availability levels are not met, 5% of the following month's fee is credited.
Approach to resilience Available upon request
Outage reporting We have e-mail, SMS and Voice alerts which are also available to customers, upon request.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Support channels are restricted to specific named customer contacts. Access to support via our service portal is via credentials issued by us.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Responsibility for the production, maintenance and communication of this top-level policy document and all sub-policy documents lies with the University’s IT Security Manager.
This top-level policy document has been approved by the Information Technology Governance Group. Substantive changes may only be made with the further approval of this group.
Responsibilities for the approval of all sub-policy documents is delegated to the Information Security Group. Where necessary.
each of the documents constituting the Information Security Policy will be reviewed annually. It is the responsibility of the IT Security Manager to ensure that these reviews take place. I
Information security policies and processes The University has a defined Information Security policy based upon industry best practice, it employs a full-time security manager whose primary function is to ensure that policies and process are followed. They are backed up by an information security board, that regularly review the policies and procedures as well as any potential breaches. There is mandatory staff training for information security which takes place during induction (over the past year all members of staff have been required to take the training and pass the exam at the end).
The information Security policy is one of a group of interlinked policies that are regularly reviewed they are :
Acceptable Use
Business Continuity
Disaster Recovery
Incident Management
User Account Management
Mobile Device
Network Configuration
Physical Security
Application Security
System configuration and maintenance
Penetration testing
Any individual suspecting that the security of a computer system has been, or is likely to be, breached should inform the IT Service Desk immediately.
In the event of a suspected or actual breach of information security, IT Security, with or without consultation with the relevant department, may require that any systems suspected of being compromised are made inaccessible.
Full policies & processes available on request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change Management is by way of a change board Requests for change (RFC) are first reviewed by a technical expert (depending on speciality) before submission to the Change Board for approval. All non-standard changes must be approved before they are implemented all changes are reviewed by the security team for any potential security impacts before implementation. All RFCs are reviewed upon completion of the change
The University maintains a Configuration Management database (CMDB) where all configuration items (CI) are maintained and tracked through their lifetime
Vulnerability management type Supplier-defined controls
Vulnerability management approach The University uses advanced technologies to identify and address security weaknesses in web-orientated servers, applications and activities. The systems are also actively monitored for any potential security events and other vulnerabilities. In particular, all system access events are monitored and mailed on a daily basis to the sys-admin lists for assessment and action. The University service platform is based on hardened, Linux and Microsoft systems which are automatically and non-destructively monitored daily by ULCC for susceptibility to known attacks. Operating System patches and updates are continuously monitored for security vulnerabilities. They are tested and installed as appropriate to ensure protection.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We run a Network Intrusion Detection System - SNORT at the entry point to our network.
We have full Unified Threat Management capability on our main firewall equipment.
Our Linux systems use a range of Host Intrusion Detection Systems such as tripwire
All new web facing systems are put through our standard Penetration testing process.
Response is measured against the issue identified and whether it is a confirmed compromise or not. We secure the system if an attack is currently underway. To do this we isolate the system from the internet to prevent further damaged/data loss.
15 minutes initial response
Incident management type Supplier-defined controls
Incident management approach ITIL v3 is the common standard for incident management used by the University.
The reporting of an incident can be either by portal, email or telephone to the service desk, any of these methods will generate a unique incident identifier, initial triage will categorise and prioritise the incident, trigerring the appropriate SLA. The initial diagnosis will identify the appropriate team to respond and resolve the incident in line with the SLA. Typically resolution reports are provided within the incident record by the resolving engineer.
P1 incidents are followed up by a formal report through the senior management team.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Joint Academic Network (JANET)

Pricing

Pricing
Price £11495 per instance per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑