CPD Cloud Ltd

Audit and Training Tracker

Capture, monitor and report individual staff / volunteer / subcontractor information that will enable them to be compliant within your organisation. Capture essential information including training records and documents (e.g. DBS / Driving Licence), which will be flagged either red (expired), amber (due to expire), green (compliant) or blue (in-complete).


  • Real-time reporting
  • Secure web-based access
  • Unlimited audit and training items
  • Automated email notifications
  • Secure file storage
  • Infographic reports
  • Tiered user access
  • Full audit trail
  • Add and amend live records
  • Archive legacy files


  • Ensure the continued compliance of staff within you organisation.
  • Front page infographs show audit/ training items that are expiring.
  • Manage and monitor access for different staff levels in system.
  • Easily change audit/ training items without impacting existing records.
  • Remind staff of expiring items with no intervention required.
  • Generate compliance reports in just a few clicks.
  • Access from any device using any web browser.
  • Secure and reliable solution without the need for spreadsheets.
  • Upload multiple attachments to evidence each audit/ training item.


£249.00 to £5000.00 per instance per year

  • Education pricing available

Service documents

G-Cloud 10


CPD Cloud Ltd

Andrew Ormerod

0161 408 1917


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Web browser access required - web-based solution.
System requirements
  • The latest anti-virus software installed on machines.
  • Full access to solution via the web.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to all support tickets within 24 hours including weekends and bank holidays. Our average response time to support tickets is 6 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Access to support is included within the solution cost. This includes our online support desk and telephone support. We also offer a customer webinar to provide initial support and to walk through the system.

On-site support is at an additional cost of £500 per day (or £50 per hour including travel).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide user documentation as well as offer dedicated webinars to run through the system and answer any questions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Upon request, we will extract the data from our SQL servers and put this into a CSV file for them to access.
End-of-contract process We will handover all data at the end of contract into a CSV file. Any additional services will be at a cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Compressed screen size in comparison to desktop version depending on screen size.
Accessibility standards None or don’t know
Description of accessibility The website will be a https site and will require a username and password to access. Users will be able to request a password reset if they are unable to access and can also contact our support team.
Accessibility testing Screen share to resolve access issues.
Customisation available Yes
Description of customisation Buyers can customise the login screen to use their branding, so it has their look and feel. Buyers will be required to provide a background image to complete this.


Independence of resources We monitor our response times to support tickets to ensure all of our customers receive the same level of service.


Service usage metrics Yes
Metrics types Full audit trail of who has accessed and amendments made including time/date. Current status of organisation compliance measuring in red (expired), amber (expiring), green (compliant) or grey (not-complete). Generate reports on compliance per staff group or location (depending on how the company sets this up).
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach This is currently not possible. A support request from the administrator will allow us to extract any necessary information.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The uptime of our solutions is currently 99.5%. We will undertake general maintenance and upgrades to our solution on a quarterly basis.
Approach to resilience Available upon request.
Outage reporting We will notify key contacts within the organisation via email and telephone. We will also notify organisations when full service has resumed.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Passwords are required to be complex when setting up access to the solution.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach Proactively, security is fully audited and access to information is restricted to only those the require it. The company continually assesses the business impact(s) that could result from the compromise, loss of, or disruption of access to information. The assessment include the risk posed by data that has been aggregated. Any data breach is reported to the ICO and added to our security incident log.
Information security policies and processes We follow the principles of ISO27001.

The company board continually review policies to remain compliant with the latest legislation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We complete a full change request note, which includes an assessment of downtime, roll-back process and risk assessment. This is to be accepted prior to changes being implemented. Required organisations are given advance notice of the change and impact on service. The risk assessment will consider the potential security impact with the IT team.
Vulnerability management type Undisclosed
Vulnerability management approach Potential threats that are identified through external forces as well as by our third party providers are assessed. We determine the impact and level of change required. The necessary changes are made to servers and front end solutions to reduce or eliminate a threat.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A compromise is identified through a variety of means, either through repeat login attempts or an attempted breach of our security. Upon identification of a threat, we notify the buyer and isolate the individual system or component until this is resolved. We respond to potential compromises within a 6 hour duration.
Incident management type Supplier-defined controls
Incident management approach A director is notified in writing of an incident, this can be via email or via our support desk. This is formally documented in our incident log with associated actions identified to address this. If the incident relates to a user, we will keep them informed of progress. Incident reports will be available to the buyer as part of regular customer meetings.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £249.00 to £5000.00 per instance per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑