Instructure Global


Canvas is a flexible, easy-to-use, cloud-native Learning Management System. A software-as-a-service platform, Canvas offers powerful functionality while remaining easy-to-use. Canvas provides powerful tools to extend learning beyond the classroom. It bundles messaging, assessments, grading, learning analytics, a learning object repository and more, all in one easy-to-use package.


  • Flexible Assignments and Assessments
  • Easy, Efficient and Intuitive Evaluation and Feedback
  • Real-time Collaboration and Communication
  • Comprehensive Learning Analytics
  • Intuitive, Multimedia-rich Content Creation Tools
  • Easy-to-use Content Organisation Tools and Personalised Learning Paths
  • Native Mobile Apps
  • Open and Flexible API, Allowing for One-Click LTI Integrations
  • An Attractive and Customisable Marketplace through Catalog
  • Interactive Video Learning and Management Experiences through Arc


  • Collaborate on real-time documents and conferences with teachers and students
  • Give video and audio feedback without ever leaving the platform
  • Seamlessly utilise the most innovative LTI teaching and learning tools
  • Create rich content that incorporates multimedia and LTI tools
  • Implement various pedagogical styles, from blended learning to virtual classrooms
  • Assess assignments and deliver personalised feedback while on the go
  • Organise content and craft automated learning paths with ease
  • Use analytics that turn rich learner data into meaningful insights
  • Easily connect to proprietary applications via our flexible, standards-based architecture
  • Simple administration of users, accounts, permissions, branding, courses and templates


£10.20 to £14.20 per person per year

Service documents

G-Cloud 10


Instructure Global

G-Cloud Contact

020 3514 6223

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No.
System requirements
  • An internet connection
  • A browser-enabled computer or mobile device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Instructure employs an industry-standard, traditional three-tier technical support methodology for incident reporting, escalation, and resolution. We offer three support services packages: Basic, 24x7, and Tier 1. These cover phone, live chat, and webform/email tickets. As an SLA, we guarantee the following response times for webform/email tickets:

- Basic - 80% within 2 business days (exclusive of weekends)
- 24/7 - 80% within 8 hour (including weekends)
- Tier One - 80% within 1 hour (including weekends)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our web chat service provider, Salesforce, are committed to accessibility and have performed accessibility testing on the product. They have published a VPAT publicly, which outlines their level of conformance to the WCAG Level AA standards here:
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels Instructure offers three different levels of technical support; Standard, 24/7 and Tier 1 employing an industry-standard, traditional three-tier technical support methodology for incident reporting, escalation, and resolution. We don’t outsource our technical support and the support team member who will help you will be located in either our London or US office.

Standard Support: package is included in the Canvas subscription fee at no additional cost. Under this package, first-tier support is provided by the institution’s VLE Administrator and Instructure’s Support team provides second- and third-tier Support.

24/7 Support: package offers 24/7/365 support to up to three of the institutions’ local LMS administrators, via phone, web chat, or email.

Tier 1 Support: package provides 24/7/365 support, for all of the institutions’ students and teachers. Accessed via phone, web chat or email, we will answer calls within one minute, chats within two minutes, and emails within one hour.

In addition to technical support, institutions have a dedicated Customer Success Manager to ensure they get the most from their Canvas system. Based in our London office, they will be available via email or phone for adhoc queries, as well as regular Executive Business Reviews.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Depending on institutional need, we provide three levels of technical implementation; Standard, Enhanced, and Premium. With each of these packages institutions will get a dedicated Canvas Implementation Consultant and Customer Success Manager. The Enhanced and Premium packages also include a Canvas Trainer and onsite training and implementation planning days.

All of our technical implementations are highly supported and managed through a four stage project lifecycle and supported by a robust monitor and control process.

Our training is delivered through a combination of live webinars, which are recorded for wider institution distribution, and onsite sessions. These sessions can be tailored to institutions’ needs with options chosen from our extensive training menu.

An approach which proves successful is our Train the Trainer model. Delivered over three onsite days this package will equip your nominated ‘Super Users’ with the knowledge they need to support other users during a successful roll out.

We provide extensive Canvas guides which are regularly updated, and take users step by step through the process, with screenshots, and sometimes videos, attached. They are fully online, so you do not need to download documents to see and interact with them (
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction As per Instructure’s Terms and Conditions, customers may export content and data through the API or by using Canvas’ export features, which will provide IMS CC packages. They will be able to do this during the term of the agreement and for 3 months after expiration or termination.
End-of-contract process In the unlikely event that a user chooses to leave Canvas, we will support them throughout the process, giving them the assistance you need to successfully transition to their new provider. Canvas' inherently open nature makes it easy for the data and content to talk to other systems, and this includes all other major VLE providers.

A dedicated Customer Success Manager will continue to support the user throughout the phase-out process, providing advice on how data can be migrated from the Canvas system. Tasks and timescales will depend on the size of the organisation and the number of institutions. For example, teachers could be made responsible for exporting their own course/s. It would be feasible for every teacher to export their own course into a central folder in a few minutes, depending on the size of the Course.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Canvas Student and Canvas Teacher apps optimise the desktop version for mobile, delivering all the essential course features users need whilst on the go. For instance, students can submit assignments, view grades and even annotate on documents, but cannot, for example, create an ePortfolio, as this is generally done via desktop. Teachers can grade, update assignments, add announcements, communicate with students and more, but admin and analytic functionality is not included, since this would be done on desktop. Ultimately, rather than replicating the exact same experience, we have recognised that mobile devices are inherently different and planned accordingly.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing We officially support the following screen reader and browser combinations, having actively tested them against Canvas code:
- Macintosh: VoiceOver (latest version for Safari)
- PC: JAWS (latest version for Internet Explorer 11)
- PC: NVDA (latest version for Firefox).

Our Accessibility team has also established an Accessibility User Group in collaboration with Access Technology Higher Education Network (ATHEN).

Within the Canvas Community, we have an Accessibility user group, where over 230 Canvas users from all around the world discuss accessibility in the education landscape, and they help shape Canvas' accessibility goals.

Canvas also engages in testing with WebAIM, which has certified Canvas to be substantially conformant with Level A and Level AA of the WCAG 2.0 standards.
What users can and can't do using the API Canvas provides an extensive and open REST (JSON) API consisting of Create/Read/Update/Delete (CRUD) functionality for nearly every function within the Canvas VLE.

Users with appropriate permissions can set up multiple aspects of Canvas via the API including: SIS/CMS integrations, authentication, courses, users, enrollments, terms, departments, groups and even custom data fields. Within each Canvas course, the API can also be used to set up announcements, assignments, discussions, quizzes and several other elements.

Changes to Canvas via the API can be done using any standard method such as Javascript or cURL. Each user can generate an API token which is used to execute API commands.

Any user in Canvas can use the API; however, they can only make changes based on the permissions they have been granted. For example, a student could submit an assignment via the API; however, their permissions would not allow changes to the assignment itself.

Very few API endpoints do not have full CRUD capabilities which include ePortfolio, Attendance, Conferences, and Rubrics. Full documentation of the Canvas API can be found here:
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Admins can customise their Canvas instance with ease, while teachers and students both have scope to customise their own Canvas experience.

Admins can quickly and easily customise the Canvas interface to match the institution's unique brand. Admins can add the institution's colours and logo to the Canvas interface and login screen. Admins can also customise link buttons and the Help button to better match with the brand identity. To make branding even easier, Canvas has a Theme Editor with pre-set and customisable templates, and these can be applied at each level of the institution's hierarchy, including the full account or root accounts for departments, programmes, and other organisational units.

Teachers and students are also able to customise their Canvas environment to their own needs. Both types of users are able to customise their homepage, for example, editing the Dashboard to include course nicknames, course card colours, and even the way in which the Dashboard provides information. Users are also able to edit Notification Settings, allowing for a truly personalised and customised experience. This means that one student can activate instant push notifications on their phone, while another only receives weekly emails.


Independence of resources We are so confident of our uptime and availability that we provide all users with a 99.9% uptime guarantee as an SLA. We can provide this because we use auto-scaling mechanisms that ensure Canvas automatically adapts to peaks in usage. In essence, this means that no matter how many users an institution has online, Canvas will not slow down.

Over the past 12 months, we have achieved an uptime average of 99.98%. That figure equates to a yearly downtime of just under an hour and six minutes, only six minutes a month!


Service usage metrics Yes
Metrics types Canvas has a range of metrics that help teachers and admins monitor service usage.

Administrators have access to the analytics that will help them make smart decisions in running their organisation. These analytics include 7 graph and table analytics, 18 downloadable reports, and Canvas Data, which allows admins to extract customised data in a .txt and API format.

Teachers are also able to monitor system usage and performance, via Course Analytics tools and Student Context Cards. These analytics show how students are performing and engaging, on a granular individual scale, and on a more general class-based scale.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Canvas’ "Export Course Content" tool will make it easy to export content from the Canvas, as Canvas will enable staff to archive and export courses on an individual and batch basis. Content can be exported based on LMS industry standard formats, including IMS QTI and Common Cartridge.
Data export formats
  • CSV
  • Other
Other data export formats
  • IMS Common Cartridge
  • QTI
  • .txt
Data import formats
  • CSV
  • Other
Other data import formats
  • IMS Common Cartridge
  • QTI
  • .csv
  • .zip
  • .doc
  • .ppt
  • .pdf
  • .mp4
  • .jpeg

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Instructure will use commercially reasonable efforts to make the Service available with an Annual Uptime Percentage of at least 99.9% (“Service Commitment”). In the event Instructure does not meet the Service Commitment, Customer will be eligible to receive a service credit as described below. The maximum amount of the credit is 1/12 of the annual subscription fee for a twelve (12) month period. The service credit is calculated by taking the number of hours the Service was unavailable below the Service Commitment, and multiplying it by 3% of 1/12 the annual subscription fee. If the Customer has been using the Service for less than 365 days, the preceding 365 days will be used, but any days prior to Customer’s use of the Service will be deemed to have had 100% availability. Any unavailability occurring prior to a credit cannot be used for any future claims. The Service Commitment does not apply to any scheduled outages, standard maintenance windows, force majeure, and outages that result from any technology issue originating from Customer or a User.
Approach to resilience Canvas’ cloud hosted datacentre services are provided by Amazon Web Services, the most established and trusted cloud hosting provider in the world. Resiliency is ensured by Canvas’ self-healing architecture and automatic scaling allowing Canvas to accommodate tens of millions of users at once. Canvas maintains a comprehensive architecture document which details our resilient design. It is available to anyone upon request.

Canvas guarantees a 99.9% uptime guarantee (SLA). Across all of our contracts, we have met this guarantee and more. Over the past 12 months, we have achieved an uptime average of 99.98% which equates to a yearly downtime of just under an hour and six minutes; only six minutes a month. That’s the highest guaranteed uptime in the industry.

We also stand out in our transparency and access to historical data: we publish our availability status and updates at, meaning you will always be able to keep tabs on Canvas’ availability, any known problems, and expectations on problem resolution. You will never experience this with Canvas, and no one else in the industry will provide you with this level of transparency.
Outage reporting We are incredibly transparent when it comes to reporting outages: everything is accessible via a public dashboard online, allowing users to keep tabs on Canvas' availability.

We publish our availability status and updates at, meaning you will always be able to keep tabs on Canvas’ availability. We have all been in the situation where our favourite website goes down, and we have no way of knowing if the website is experiencing problems or when they are planning on getting back up. You will never experience this with Canvas, and no one else in the industry will provide you with this level of transparency.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Restricting access in management interfaces and support channels is easy, as access to the system can follow role-based protocols or be based on privileges established at account setup.

Administrators have over 70 permissions to choose from for these roles. Options include read-only, granulated options for creating content, and management over a site. To elicit shared site ownership, institutions can create the role and duplicate. Canvas comes with five default roles: Student, TA, Teacher, Course Designer, and Observer. These can all be modified to fit an institution's unique requirements.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications SOC2 Type 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards AICPA's Trust Services Principles, as opined by our third party assessors via our SOC2 Type 2 report.
Information security policies and processes Instructure has internally documented security policies covering a wide range of topics such as Information Classification, Encryption, Fraud, Maintenance, Privacy, Change Management, Media Protection, Risk Management, Mobile Computing, Awareness Training, and several other topics.

Our security policies are maintained and regularly reviewed by Canvas’ VP of Security, Matt Hillary. Ensuring policies are followed is a team effort made up of Instructure's IT, DevOps, Engineering, and other technology teams. For example, our engineering team ensures compliance by way of a formal developer peer review process based on the Open Web Application Security Project (OWASP) secure coding and code review documents and other community sources on best security practices.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Canvas follows AICPA's Trust Services Principles and Criteria, as opined on by our external auditors via our SOC2 report.

Change management is critical to any software. All changes, whether new feature enhancements, defect fixes, or data changes, must be reviewed, tested, and planned for deployment. A critical change may require multiple levels of authorisation.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Regular vulnerability scans of the Canvas application and infrastructure are conducted using third-party tools (for example, Nexpose), custom scripts, and open source tools. If any vulnerabilities are detected, Instructure’s security and engineering teams work together to analyse, design, and develop the required patch which is applied as soon as commercially reasonable. In most cases, the vulnerability can be fixed using a hot patch without incurring any downtime.

Canvas developers are trained to identify and analyse security issues when writing and reviewing code. Members of the core security and engineering teams subscribe to security-focused lists, blogs, and other resources.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Canvas uses Amazon’s existing network and security monitoring to protect against MITM Attacks, IP Spoofing, Port Scanning, VPC’s, and DDoS attacks.

Additionally, Instructure leverages AWS's GuardDuty service to continuously monitor for malicious or unauthorised behavior such as unusual API calls or potentially unauthorised deployments that indicate a possible compromise.

In the event of a compromise, the information security officer will work with the incident response team to draft and execute a notification plan. In the case of high severity security issues, affected parties will be alerted immediately while indirectly affected parties will be alerted within 48 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Instructure employs an industry-standard, traditional three-tier technical support methodology for incident management. It covers reporting, escalation, and resolution, and we deliver it within 3 packages: basic, 24/7 and Tier One. Users can report incidents differently, depending on the package the customer opts for. There are various methods available, with Chat, Webform/Email and Phone all potential options for the user. Significant security events that directly affect a client's data are reported to administrators automatically via email, with regular updates during and after the event, as the incident is diagnosed and resolved.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10.20 to £14.20 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Users can take Canvas for a spin with a free, two-week trial account, preloaded with course content to help them hit the ground running.
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑