Capture, monitor and report individual staff / volunteer / subcontractor information that will enable them to be compliant within your organisation. Capture essential information including training records and documents (e.g. DBS / Driving Licence), which will be flagged either red (expired), amber (due to expire), green (compliant) or blue (in-complete).
- Real-time reporting
- Secure web-based access
- Unlimited audit and training items
- Automated email notifications
- Secure file storage
- Infographic reports
- Tiered user access
- Full audit trail
- Add and amend live records
- Archive legacy files
- Ensure the continued compliance of staff within you organisation.
- Front page infographs show audit/ training items that are expiring.
- Manage and monitor access for different staff levels in system.
- Easily change audit/ training items without impacting existing records.
- Remind staff of expiring items with no intervention required.
- Generate compliance reports in just a few clicks.
- Access from any device using any web browser.
- Secure and reliable solution without the need for spreadsheets.
- Upload multiple attachments to evidence each audit/ training item.
£249.00 to £5000.00 per instance per year
- Education pricing available
CPD Cloud Ltd
0161 408 1917
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Web browser access required - web-based solution.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We respond to all support tickets within 24 hours including weekends and bank holidays. Our average response time to support tickets is 6 hours.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Access to support is included within the solution cost. This includes our online support desk and telephone support. We also offer a customer webinar to provide initial support and to walk through the system.
On-site support is at an additional cost of £500 per day (or £50 per hour including travel).
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide user documentation as well as offer dedicated webinars to run through the system and answer any questions.|
|End-of-contract data extraction||Upon request, we will extract the data from our SQL servers and put this into a CSV file for them to access.|
|End-of-contract process||We will handover all data at the end of contract into a CSV file. Any additional services will be at a cost.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Compressed screen size in comparison to desktop version depending on screen size.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The website will be a https site and will require a username and password to access. Users will be able to request a password reset if they are unable to access and can also contact our support team.|
|Accessibility testing||Screen share to resolve access issues.|
|Description of customisation||Buyers can customise the login screen to use their branding, so it has their look and feel. Buyers will be required to provide a background image to complete this.|
|Independence of resources||We monitor our response times to support tickets to ensure all of our customers receive the same level of service.|
|Service usage metrics||Yes|
|Metrics types||Full audit trail of who has accessed and amendments made including time/date. Current status of organisation compliance measuring in red (expired), amber (expiring), green (compliant) or grey (not-complete). Generate reports on compliance per staff group or location (depending on how the company sets this up).|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||This is currently not possible. A support request from the administrator will allow us to extract any necessary information.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||IPsec or TLS VPN gateway|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
|Guaranteed availability||The uptime of our solutions is currently 99.5%. We will undertake general maintenance and upgrades to our solution on a quarterly basis.|
|Approach to resilience||Available upon request.|
|Outage reporting||We will notify key contacts within the organisation via email and telephone. We will also notify organisations when full service has resumed.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Passwords are required to be complex when setting up access to the solution.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||No|
|Security governance approach||Proactively, security is fully audited and access to information is restricted to only those the require it. The company continually assesses the business impact(s) that could result from the compromise, loss of, or disruption of access to information. The assessment include the risk posed by data that has been aggregated. Any data breach is reported to the ICO and added to our security incident log.|
|Information security policies and processes||
We follow the principles of ISO27001.
The company board continually review policies to remain compliant with the latest legislation.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We complete a full change request note, which includes an assessment of downtime, roll-back process and risk assessment. This is to be accepted prior to changes being implemented. Required organisations are given advance notice of the change and impact on service. The risk assessment will consider the potential security impact with the IT team.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Potential threats that are identified through external forces as well as by our third party providers are assessed. We determine the impact and level of change required. The necessary changes are made to servers and front end solutions to reduce or eliminate a threat.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||A compromise is identified through a variety of means, either through repeat login attempts or an attempted breach of our security. Upon identification of a threat, we notify the buyer and isolate the individual system or component until this is resolved. We respond to potential compromises within a 6 hour duration.|
|Incident management type||Supplier-defined controls|
|Incident management approach||A director is notified in writing of an incident, this can be via email or via our support desk. This is formally documented in our incident log with associated actions identified to address this. If the incident relates to a user, we will keep them informed of progress. Incident reports will be available to the buyer as part of regular customer meetings.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£249.00 to £5000.00 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|