Think Learning

Totara Social

Totara Social is designed to engage and connect your people to the
knowledge and resources within your organisation. It is a powerful
enterprise social network (ESN) that enables people to collaborate on projects and capture expertise for faster, smarter working. A standalone system, or an extension to Totara Learn.


  • Staff engagement
  • Social networking
  • Blogs, forums and chats
  • Create, remix and share content
  • Share ideas, and work on them together
  • Build and share knowledge
  • Skills profiling
  • e-Portfolio
  • Integration with Totara Learn


  • Create content, add web pages
  • Break the silos with Connections and Groups
  • Create separate blogs for projects or groups
  • Propose ideas, add descriptions, tags and files
  • Create talent pools, a digital resumé or an extended profile
  • Add Comments to content, pages and feeds
  • Ask a question and define who it goes to


£5248 to £41940 per instance per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

8 6 9 5 5 7 5 3 4 5 1 4 3 2 6


Think Learning

Shaun Wilde

0117 407 0237

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Totara Learn LMS (Learning Management System), Totara Performance
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Planned downtime for scheduled updates/upgrades, pre-agreed with clients for maximum convenience/efficiency, and minimum disruption to end-users.
System requirements
  • PC or Mac: Windows 7+, Mac OS X 10.5+
  • Client-side Java Script required for administration pages
  • Tablet or Smartphone: Android, iOS, Windows

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard response time within UK business hours: - Critical: 1 hour - High: 4 hours - Medium: 8 hours - Low: 16 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Online support (2nd line) = within the support contract
Technical support (3rd line) and maintenance = within the support contract
Support (consultancy) = optional within the support contract
Support available to third parties

Onboarding and offboarding

Getting started
Prior to go live, system administrators are trained onsite and via webinars. After go live, system administrators have access to online training and certification, and an online user documentation portal. In addition, system administrators have ongoing support via the Think Learning Helpdesk, and via optional onsite support from the Client Services team.
Service documentation
Documentation formats
End-of-contract data extraction
If you move from a Totara service with us, to a service with another Totara partner, we will provide you with a copy of all user data so that your new partner can migrate your data to your new service. We will not provide copies of bespoke Totara code developments because each Totara partner is responsible for their own Totara code, and code created by our clients is for use by our client community only. We can provide additional help in migration, either using remaining support budget or for an additional support fee. We purge all client data from servers and all historic backups.
End-of-contract process
The off-boarding process is included in the price of the contract (provide client/new supplier with all data, purge client data at agreed timescale), any additional actions would be at additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Totara uses responsive theming and will therefore the user interface will adapt to suit a PC, tablet and smartphone screen size.
Service interface
What users can and can't do using the API
AMF, REST, SOAP and XML-RPC can be utilised within Totara and implemented on request by the technical team to integrate external systems such as payroll and HR systems.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Totara has high configurability built into the system administration menu and this includes the user interface colours, language, navigation and layout. Totara is a permissions-based system so anyone with the appropriate level of permission can make the customisations. Customisation is at the site level, when configuring/editing social processes such as RSS feeds, user permissions, page setup.


Independence of resources
Totara is hosted on scalable cloud servers that are monitored 24/7 using performance monitoring software


Service usage metrics
Metrics types
Totara Social provides service metrics using 'Site Logs' for site-wide user activity logging.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Totara provides a suite of reports that allows system administrators to create site-wide data reports that can be exported in CSV, ODS and PDF formats.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
External database

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We work to make your System available for use over the internet 24 hours per day, 7 days per week. We commit to no more than 0.1% of the year of unscheduled downtime (total inaccessibility to your Totara site), with service credits if we don’t meet this commitment (based on additional free weeks of hosting/maintenance service). Planned maintenance is excluded from the calculation. At least 5 working days of notice will be provided for any maintenance taking place between 5pm and 8am. At least 10 working days of notice will be provided, for any maintenance taking place between 8am and 5pm. Your Totara site will be monitored via health checks at the platform layer.
Approach to resilience
Our data centre partner provides a national network built with resilience in mind. The core and data centre networks benefit from 10Gbps of connectivity and are designed to transparently tolerate the failure of any link or piece of equipment. Our business continuity strategy also includes extra backups, utilising Amazon's UK-based datacentres.
Outage reporting
We report outages through Think Learning Helpdesk notifications, email alerts, and by phone, as relevant.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Totara utilises role-based access control for named system administrators and managers. The individuals, Totara system administration and management roles, and specific configuration access are specified and agreed as part of the implementation. The named system administrators also have access to technical support via the Think Learning Helpdesk. This is routinely audited, as part of ISO27001 accreditation.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO Quality Services Ltd.
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our data centre partners have separate ISO27001 certification for the UK data centre. Certificate available on request.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Information Security Management System policies and processes, certificated and audited bi-annually by ISO Quality Services Ltd. Audit reports available on request. The Information Security Manager is a board level Director. Our Cyber Security and Information Security policies are communicated to, and signed by, all Think Learning employees. Staff training around GDPR is a key element of our onboarding process. We have regular audits of the controls listed above in terms of ensuring that all devices used by staff are fully compliant. All staff are updated at internal company meetings about ongoing cyber and information security requirements of personal devices and internal systems. As consultants, they can also advise on the Infosec capabilities of Totara. Think Learning also has an ICO registered Data Protection Officer (DPO).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Code is managed by the Technical Services team utilising GitHub. System configuration and change management is managed initially by the System Implementation) team and then the Client Services team once live. System configuration and change management is documented in SharePoint using a versioned functional and non-functional requirements spreadsheet.

All changes and upgrades are tested within a client specific development environment to ensure functionality and security before moving to the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management is a control within our Information Security Management System (12.6.1). Where vulnerabilities are identified, system asset lists are examined to assess the impact of the vulnerabilities on the security of the system. Where a software update is deemed necessary, then the change control process is initiated.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Totara is monitored 24/7 at the application layer via health checks and performance monitoring. In the event of a compromise the technical team are alerted by text to resolve the issue within the stated SLA.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents via the Think Learning Helpdesk, which triggers the internal incident management process: - Classification and initial support; - Investigation and analysis; - Resolution recording, closure and reporting via the Helpdesk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£5248 to £41940 per instance per year
Discount for educational organisations
Free trial available
Description of free trial
The free trial site enables you to explore Totara functionality and try out features such as User Groups. User roles allow you to decide what level of access a user will have in the system. Site configuration and data is refreshed periodically.

Service documents

Return to top ↑