People Alchemy Ltd

Alchemy Learning Pathway

The Alchemy Learning Pathway provides a structured and scalable SaaS approach to leveraging informal learning. It can be used for induction, developing managers at supervisor and line level, enabling learning transfer from classroom to workplace, training event pre-work, managing mentoring and coaching activities, and many other learning outcomes.


  • Build your own pathway, or buy off the shelf
  • Gather business metrics for ROI calculations
  • Use the pathway for effective induction
  • Create a portfolio for NVQs
  • Simple to use admin tools and reporting features
  • Granular user roles
  • Scaleable from a few users to thousands
  • Mobile device access for primary user roles
  • Multilingual user interface
  • Time zone aware


  • Reinforce learning transfer from training room to workplace
  • Manage experiential learning (the 70%)
  • Involve line managers with their team development
  • Create a coaching/mentoring mindset
  • Embed learning right into the workflow
  • Accelerates time to proficiency
  • Embeds and reinforces desired behaviours
  • Encouragres self-directed learning


£10 per unit

Service documents

G-Cloud 9


People Alchemy Ltd

Paul Matthews

0190 832 5167

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements Some Google CDNs whitelisted in firewall

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support availability 8am to 5pm on standard working days.
Standard support response times normally within 1 hour.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Support availability 8am to 5pm on standard UK working days.
Standard support response times normally within 1 hour.
Incident escalation process available.
Reasonable support costs included in contract.
We do not supply a specific technical account manager or cloud support engineer for each account.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Implementation: set up can be done onsite or online.
Training onsite or online is offered for customer admin users where requested, to help with implementation, user administration and reporting.
User training not required but support is available as necessary.
Service documentation No
End-of-contract data extraction Completed pathways can be kept as PDFs.
Logs and usage reports can be extracted as Excel spreadsheets.
End-of-contract process User access becomes unavailable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All screens are mobile and resolution responsive for the main user roles. Admin screens are not responsive.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing Minimal testing was done with NVDA and most navigation and content was accessible. Plans are in place to improve on this in order to meet one of the standards.
Customisation available Yes
Description of customisation Customised branding (supplier)
Custom reports by selecting parameters (user admin)
Extensive configuration to manage system behaviour.
Build custom learning pathways


Independence of resources The service is hosted on a dedicated server which is significantly over specified for the average usage levels.


Service usage metrics Yes
Metrics types User access data and logs reported in different ways against different filters.
Also user progress through their assigned pathways.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach User details and usage reports can be exported.
Individual users can export their notes and generated data as PDFs.
Larger exports for groups of users can be provided on request and for a fee depending on complexity and quantity of data required.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service availability 99.9%
Approach to resilience Available on request
Outage reporting Customers are informed by email if their access is significantly affected by an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Username and password for web access to administration screens.
People contacting support via phone or email are assessed for being genuine based on what they know about the account, and previous contact with us. Any requests for significant system changes are verified at another level within the customer account.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes The Managing Director is responsible for security and the relevant polices.
He maintains the security policy, with the assistance of an external security consultant, and ensures the risk assessment is kept up to date. In addition, an annual audit is done to maintain compliance with Cyber Essentials certification.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to the software are tested in the development environment, then on a staging server, and then immediately after installation on the production server.
A ticketing system tracks all code and configuration modifications through this process.
All changes are assessed for security implications, and then further tested by an external penetration tester on the regular pen test cycle.
Vulnerability management type Supplier-defined controls
Vulnerability management approach In addition to our in house testing, we engage an external pen tester on a regular cycle of testing.
We monitor appropriate security publications and also rely on our external security consultants for up-to-date information on potential threats.
Patches to our own software to mitigate security risks are deployed immediately, and patches to operating systems and other libraries in use by the system are updated when required based on the level of threat.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We engage an external security consultant to do regular penetration testing, and immediately fix any vulnerabilities that he identifies.
Incident management type Supplier-defined controls
Incident management approach Users would report incidents or outages by phone or email to our support desk.
Should there be an incident, managing director would report directly to any affected customers.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑