Skip to main content

Help us improve the Digital Marketplace - send your feedback

Webanywhere Ltd

Totara LMS Cloud Hosting

Hosting of Totara LMS including back-ups, security patching and system design. Hosting is provided by cloud partners such as AWS and Rackspace.

Features

  • Managed Service
  • Regular Back-ups included
  • Security Patching
  • ELB Load balancing
  • Content Delivery Network (CDN)
  • Cloud Storage S3
  • Cloud Hosting EC2/VPC
  • Database Hosting RDS

Benefits

  • 24/7, 365 days a year monitoring and support
  • Fully Managed Service
  • Auto scaling for resilience
  • System Architecture Design

Pricing

£2,475 a unit a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@webanywhere.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 6 7 0 4 6 9 8 0 8 2 3 1 8 3

Contact

Webanywhere Ltd Sean Gilligan
Telephone: 01133200750
Email: finance@webanywhere.co.uk

Service scope

Service constraints
None
System requirements
Totara Licence

User support

Email or online ticketing support
Yes, at extra cost
Support response times
It depends on the agreed SLAs per customer.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide 1st, 2nd and 3rd line support including access to senior technical staff as required. Support is purchased in bundles of hours from £1,560 for 10 hours. We provide Technical Consultants as required.
Support available to third parties
No

Onboarding and offboarding

Getting started
Webanywhere provides on-line training for customers to start using the Totara system on the hosting provided. User documentation is also available from Totara.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can be extracted from within the platform or bulk extracted and provided to the customer at the end of the contract.
End-of-contract process
A final copy of data is provided to the customer at the end of contract at no extra charge if requested.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Each of clients have their own separate cloud hosted environment.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Totara LMS, Amazon AWS

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Databases
  • Courses
Backup controls
It is a scheduled nightly back-up. Courses are backed up adhoc.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.5% uptime

Urgent Support request
A widespread outage of the system. Any problem where more than 5 users are unable to complete learning modules due to widespread outages.

Response within 1 hour
Resolution in 4 hours

High Support Request
A situation which affects 1 to 5 users, no workaround available. For example, site outage due to technical issue within the LMS which means 1 to 5 users cannot access the learning module.

Response within 1 business day
Resolution by 2 business days

Normal Support Request
A situation which affects fewer than 5 people where a workaround is available. For example, site is still functioning but for fewer than 5 people there are issues which prevent learners accessing their individual progress reports.

Response time 2 business days
Resolution by 5 business days

Low Support Request
No effect on learners accessing the system. For example, request to add an LMS plugin such as the quiz module.

Response by 2 business days
Resolution by 2 weeks

Refunds are on request and additional support hours are added as service credits.
Approach to resilience
We use Amazon cloud hosting which has built in resilience for storage and compute capacity. Additionally services can be load balanced and auto scaled.
Outage reporting
Our monitoring service sends SMS alerts, email and chat messages to on call staff for critical alerts. We also provide Root Cause Analysis (RCA) documents if requested by the customer.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only required users have access to management interfaces and support channels. Management interface access required 2FA.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
ISO 9001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Servers are deployed with the least amount of software required to support the service, using a 'golden image' which is replaced regularly during scale operations.

Data is encrypted at rest transparently by the cloud vendor.

External access to services is only available over encrypted channels, e.g. TLS, SSH.

OS level access is restricted to required users only.
Information security policies and processes
All policies are contained in the Staff Handbook and are part of the Induction process. Staff are required to carry out annual GDPR training. We have a nominated DPO and an external Data Protection organisation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Services are built to known-working configurations using various config management tools (packer, terraform, ansible) to build consistent environments, these changes are tracked over time using source code management software (git)

Changes are discussed during weekly meetings between technical staff.
Vulnerability management type
Undisclosed
Vulnerability management approach
We subscribe to security notifications from both the application vendor (totara) and apply automated security updates to OS packages supplied by the OS vendor.
Totara is assessed against the OWASP ASVS.
Protective monitoring type
Undisclosed
Protective monitoring approach
We have monitoring in place for certain operating system level changes, e.g. changes to users on the system. Alerting for heavy load etc. which may indicate something untoward.

Upon discovering a compromise, we would immediately take a system snapshot for later investigation and restore last known good configuration, then perform a root cause analysis on the copy to work out how to patch the hole.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported by JIRA service portal, email or telephone. Dependant on severity a Root Cause Analysis is performed and documented based on an existing template. These are then sent to the customer within a reasonable timeframe.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Amazon Web Services
How shared infrastructure is kept separate
Each organisation is allocated dedicated resources to virtual machines. Additionally we implement a VPC per client environment to segregate network traffic.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
AWS infrastructure is up to 5 times more energy efficient than typical European data centres. In 2022, 90% of the electricity consumed by Amazon was attributable to renewable energy sources.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

E-learning replaces the need for people to travel to face to face courses thus reducing fossil fuel usage and emissions. We also use datacentres that are fully powered by renewable energy sources. E-learning also provides a paperless environment.

Tackling economic inequality

E-learning provides cost effective learning which is more accessible and generally far cheaper then face to face learning. Also the cost of travel is not required and the learning is available to suit the learners availability.

Equal opportunity

E-learning provides cost effective learning which is more accessible and generally far cheaper then face to face learning. Also the cost of travel is not required and the learning is available to suit the learners availability. Accessibility is therefore open to all and as the scoring/marking is automated any bias is eliminated. Visually impaired users may also be able to alter font sizes, colours etc.

Wellbeing

Learning Management Systems can be used by organisations to keep employees engaged and motivated by helping them with their training and learning needs.

Pricing

Price
£2,475 a unit a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@webanywhere.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.