Catalyst IT Europe Ltd

Moodle / Totara Learning Management System (LMS)

Catalyst's Moodle/Totara service is based upon the most widely distributed open source platforms for learning and development. Catalyst Moodle/Totara LMS offer secure, customisable and cost effective eLearning functionality with extensive value adding features included as standard to support content creation, webinars/virtual classrooms, student engagement and extended reporting.


  • Full hosting of eLearning including a range of assessment tools.
  • Attractive theme, course catalogue and mobile responsive as standard
  • Content creation using the outstanding H5P toolkit, included as standard.
  • Supports most learning content including documents, audio, video, SCORM, forums.
  • Wide range of administrative functions including course scheduling and management.
  • Distance and blended learning facilitated with the BigBlueButton feature set.
  • Powerful reporting functionality including manager and customisable dashboards.
  • Compatible with all modern platforms, browsers, devices and even offline.
  • User creation and authentication options including LDAP, AD and Shibboleth.
  • Open source code offers core functionality and bespoke development options.


  • Develop, approve and monitor learning plans by individual or role.
  • Define, manage and monitor compliance certification and re-certification paths.
  • Construct learner-centric courses with a variety of resources/activities available
  • Offer content and track engagement for internal and external audiences.
  • Report on progress by individual, role, business unit or organisation.
  • Engage with learning anywhere and on multiple devices.
  • Build in competency based learning and development frameworks.
  • Support team management with scheduled, role based and graphical reporting.
  • Customise themes to your organisation's requirements to support learner engagement.
  • Integrate learning and development with existing systems for seamless experience.


£7500 per instance per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 6 2 6 7 0 0 1 3 1 5 3 7 8 2


Catalyst IT Europe Ltd

Joey Murison

01273 929450

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
The service maintenance window is 7am - 9am on Wednesday of each week. There will not be a deploy every week, however when standard maintenance tasks are required, they will occur within this window by notice only!
System requirements
Devices (laptop / desktop / mobile ) with internet connection.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
See attached service description document. Responses to tickets are variable according to severity.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Catalyst offer level 2-4 technical support of cloud hosted Moodle/Totara LMS. Pricing is subject to negotiation relative to requirements including how mission critical systems are, scale of support need, support hours and geographic location. Catalyst are able to offer dedicated technical account management or onsite support subject to scale of requirements.
Support available to third parties

Onboarding and offboarding

Getting started
Both Moodle and Totara LMS have extensive on-line user documentation and a support community. Included with the service is 1 - 2 days (depending on scale of implementation) of foundation administrator / configuration support. Further training by Catalyst (particularly for parties with no prior in-house experience of the platform) is available if required and on request.
Service documentation
Documentation formats
End-of-contract data extraction
Catalyst will provide copies of all data to clients upon request at the end of a service contract. Backups will be deleted after a period of six weeks from the contract end date.
End-of-contract process
At the end of a contract the Moodle / Totara LMS site will be closed, removed from service and all data purged. Costs for this are included in the base contract. If a client requires copies of data this can be extract at an additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Full functionality on desktop and mobile devices are supported by fully responsive design.

Administration features of the application may be harder to utilise on a mobile device and for this reason we recommend a desktop/laptop is utilised for application administration.
Service interface
Description of service interface
Application dashboard
Service Management dashboard
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
None at this time
What users can and can't do using the API
Moodle/Totara LMS web services allow you to connect your Moodle/Totara LMS site with other applications that have web services / APIs. In order to use web services, your site must use a SSL certificate.

You can enable web services globally in the administration user interface and then configure protocols individually to suit your needs. Once a protocol is enabled, it can be used for all functions, users and tokens. Protocols available as of version 16.10 are: SOAP; XML-RPC; REST; and OAuth.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The service may be customised as follows:
- adapt the look and feel of the application through custom theme.
- add specific features to meet bespoke requirements.
- apply 3rd party plug-ins to support specific requirements.
- levels of hosting (user numbers and storage) and support.
Customisations are generally delivered by Catalyst, but can also be configured to be managed by the customer.


Independence of resources
The underlying cloud infrastructure is architected with elastic auto-scaling characteristics to minimise performance impacts resulting from other users of the service.


Service usage metrics
Metrics types
Catalyst are able to provide web analytics on the usage of the Moodle / Totara LMS service on request. User logs are accessible by default to administrative users of the system.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
User data can be exported from Moodle / Totara LMS sites by CSV file. On request and at additional cost, course content can be migrated the clients nominated storage location.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Data is encrypted at rest and in transit. Strong security principles and governance ensure proper role separation, minimal privileges granted to each role, and strong defensive security posture.

Availability and resilience

Guaranteed availability
The Moodle / Totara LMS service will use commercially reasonable efforts to ensure a Monthly Uptime Percentage of at least 99.95%, in each case during any monthly billing cycle. Service credits for failure to meet guaranteed availability targets can be agreed as part of individual contract negotiations.
Approach to resilience
Full redundancy is built into the system architecture with no single point of failure. Additional details are available on request.
Outage reporting
Email alerts via ticketing system. Private dashboard showing monthly availability metrics.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Configurable permissions within each user group restrict access to site functions as appropriate.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security governance approach
Closely aligned with ISO/IEC 27001:2013, but not formally certified.
Information security policies and processes
Catalyst has formal, documented policies and procedures that provide guidance for operations and information security management within the organisation. The policies clearly define scope, roles, responsibilities and management commitment. Staff maintain the policies in a centralised and accessible location, subject to review by the Security Manager. Senior management provides visible support for security initiatives, and ensures appropriate prioritisation and resource allocation in order to maintain good security posture. Policies are reviewed at least annually.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to Catalyst services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is limited.

Teams set bespoke change management standards per service, underpinned by standard practices.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Exceptions to change management processes are documented and subject management review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Catalyst monitors potential threats from a variety of sources including CERT and upstream project channels such as the Debian Security Advisories (DSA). Supplier notifications and industry updates are assessed by technical team and Critical patches are deployed as soon as possible.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Catalyst use a combination of intrusion detection methods to identify potential security incidents. IDS alarms alert the infrastructure support team immediately. Upon detection, the affected systems are isolated and analysed, followed by service restoration using fresh cloud infrastructure
Incident management type
Supplier-defined controls
Incident management approach
Yes, standard incident response processes are defined for Catalyst staff. Users may report incidents using telephone or the online ticketing system. Incident reports and root cause analysis are published to the customer as PDF documents upon completion.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)


£7500 per instance per year
Discount for educational organisations
Free trial available
Description of free trial
Limited access (user) to a demo instance. Extended access to a sandbox environment with admin privileges can be negotiated on request.

Service documents

Return to top ↑