Idox Software Limited

Customised Compliance and e-Learning

Customised compliance training on GDPR, Anti-Corruption, Information Security and other regulatory topics. Enhanced to reflect an organisation specific environment and corporate identity, hosted or delivered for onsite hosting, including campaign management and reporting.

Features

  • Prevent Compliance breaches from happening
  • Inform and train staff on Compliance related topice
  • UKBA Compliance training
  • GDPR Compliance training
  • ISO37001
  • E-learning
  • Online courses

Benefits

  • Regular training and awareness campaigns, documented and tracked
  • Mandatory part of an effective Compliance Management System
  • Standard web-based trainings provide easy access

Pricing

£15000 per licence

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

8 7 5 1 9 7 9 2 6 0 6 3 3 9 4

Contact

Idox Software Limited

Lucy Holland

0333 011 1200

frameworks@idoxgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No constraints when hosted, SCORM compatibility of the learning management system required when locally hosted.
System requirements
Standard web browser for access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Level 1 Blocker - within 2 hours; Level 2 Major - within 4 hours; Level 3 Normal - less than 12 hours; Level 4 Minor - less than 3 working days; Level 5 Suggestion/Request - more than 3 working days.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Idox provides Level 2&3 support, supporting designated administrators within the client organisation.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Idox supports clients when identifying their additional requirements and respective content. We guide organisations through the process from kick-off and requirements, through to beta version and master version of their content. We also assist in devising compliance training plans for the client organisation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data extracts in portable formats such as *.csv or *.XML
End-of-contract process
Upon the end of the contract, the learner data is either transferred as per instruction from the client in a standard format, included in the cost, then deleted from the Idox central system. As per individual agreement and if desired by the client, the content is provided to the client in a mutually agreed format, charged at extra cost

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Certain mobile operating systems will render the content differently on screen.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Idox customises the standard content and learning management interface based on corporate/organisational ID (logo, colour scheme), existing content can be changed and additional content provided, based on a mix&match approach of individual lessons and chapters. New material can be added based on the clients needs.

Scaling

Independence of resources
Delivery infrastructure and user levels are monitored and sufficient headroom is kept on infrastructure.

Analytics

Service usage metrics
Yes
Metrics types
Uptime,
Completion reports
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Reports in portable formats such as *.csv or *.pdf.
Data export formats
  • CSV
  • Other
Other data export formats
Pdf
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
98% availability per 30 day period
Approach to resilience
Available on request.
Outage reporting
Public dashboard and e-mail alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Roles distribution determines authentication.
Access restriction testing frequency
Less than once a year
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Idox Software Ltd has an ISO 27001-certified information security management system. Idox Compliance adopts those policies specifically relating to information, information systems, networks, physical environments and people. Internal audit and information security awareness training is conducted review to review progress towards policy compliance. Risks raised through internal are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.
Information security policies and processes
Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative. We can provide copies of our information security policy and process documentation on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
System configuration is monitored and centrally managed by defined processes. Changes are controlled by a rigorous change management process, including documentation.
Vulnerability management type
Undisclosed
Vulnerability management approach
Regular vulnerability scanning for all services, servers, etc. Patches are deployed as available and tested, in accordance with severity of the threat.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Managed vulnerability scanning on a regular basis. Potential compromises and threats are evaluated and measures deployed in accordance with severity of the threat.
Incident management type
Undisclosed
Incident management approach
Process followed for common incidents, reports taken through various channels, incident reports confidential.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£15000 per licence
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑