Totara LMS Cloud Hosting
Hosting of Totara LMS including back-ups, security patching and system design. Hosting is provided by cloud partners such as AWS and Rackspace.
Features
- Managed Service
- Regular Back-ups included
- Security Patching
- ELB Load balancing
- Content Delivery Network (CDN)
- Cloud Storage S3
- Cloud Hosting EC2/VPC
- Database Hosting RDS
Benefits
- 24/7, 365 days a year monitoring and support
- Fully Managed Service
- Auto scaling for resilience
- System Architecture Design
Pricing
£2,475 a unit a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 6 7 0 4 6 9 8 0 8 2 3 1 8 3
Contact
Webanywhere Ltd
Sean Gilligan
Telephone: 01133200750
Email: finance@webanywhere.co.uk
Service scope
- Service constraints
- None
- System requirements
- Totara Licence
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- It depends on the agreed SLAs per customer.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We provide 1st, 2nd and 3rd line support including access to senior technical staff as required. Support is purchased in bundles of hours from £1,560 for 10 hours. We provide Technical Consultants as required.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Webanywhere provides on-line training for customers to start using the Totara system on the hosting provided. User documentation is also available from Totara.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Data can be extracted from within the platform or bulk extracted and provided to the customer at the end of the contract.
- End-of-contract process
- A final copy of data is provided to the customer at the end of contract at no extra charge if requested.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Each of clients have their own separate cloud hosted environment.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- No
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Totara LMS, Amazon AWS
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Databases
- Courses
- Backup controls
- It is a scheduled nightly back-up. Courses are backed up adhoc.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
99.5% uptime
Urgent Support request
A widespread outage of the system. Any problem where more than 5 users are unable to complete learning modules due to widespread outages.
Response within 1 hour
Resolution in 4 hours
High Support Request
A situation which affects 1 to 5 users, no workaround available. For example, site outage due to technical issue within the LMS which means 1 to 5 users cannot access the learning module.
Response within 1 business day
Resolution by 2 business days
Normal Support Request
A situation which affects fewer than 5 people where a workaround is available. For example, site is still functioning but for fewer than 5 people there are issues which prevent learners accessing their individual progress reports.
Response time 2 business days
Resolution by 5 business days
Low Support Request
No effect on learners accessing the system. For example, request to add an LMS plugin such as the quiz module.
Response by 2 business days
Resolution by 2 weeks
Refunds are on request and additional support hours are added as service credits. - Approach to resilience
- We use Amazon cloud hosting which has built in resilience for storage and compute capacity. Additionally services can be load balanced and auto scaled.
- Outage reporting
- Our monitoring service sends SMS alerts, email and chat messages to on call staff for critical alerts. We also provide Root Cause Analysis (RCA) documents if requested by the customer.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Only required users have access to management interfaces and support channels. Management interface access required 2FA.
- Access restriction testing frequency
- Less than once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Devices users manage the service through
-
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Servers are deployed with the least amount of software required to support the service, using a 'golden image' which is replaced regularly during scale operations.
Data is encrypted at rest transparently by the cloud vendor.
External access to services is only available over encrypted channels, e.g. TLS, SSH.
OS level access is restricted to required users only. - Information security policies and processes
- All policies are contained in the Staff Handbook and are part of the Induction process. Staff are required to carry out annual GDPR training. We have a nominated DPO and an external Data Protection organisation.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Services are built to known-working configurations using various config management tools (packer, terraform, ansible) to build consistent environments, these changes are tracked over time using source code management software (git)
Changes are discussed during weekly meetings between technical staff. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
We subscribe to security notifications from both the application vendor (totara) and apply automated security updates to OS packages supplied by the OS vendor.
Totara is assessed against the OWASP ASVS. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
-
We have monitoring in place for certain operating system level changes, e.g. changes to users on the system. Alerting for heavy load etc. which may indicate something untoward.
Upon discovering a compromise, we would immediately take a system snapshot for later investigation and restore last known good configuration, then perform a root cause analysis on the copy to work out how to patch the hole. - Incident management type
- Supplier-defined controls
- Incident management approach
- Incidents are reported by JIRA service portal, email or telephone. Dependant on severity a Root Cause Analysis is performed and documented based on an existing template. These are then sent to the customer within a reasonable timeframe.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- Amazon Web Services
- How shared infrastructure is kept separate
- Each organisation is allocated dedicated resources to virtual machines. Additionally we implement a VPC per client environment to segregate network traffic.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- AWS infrastructure is up to 5 times more energy efficient than typical European data centres. In 2022, 90% of the electricity consumed by Amazon was attributable to renewable energy sources.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
E-learning replaces the need for people to travel to face to face courses thus reducing fossil fuel usage and emissions. We also use datacentres that are fully powered by renewable energy sources. E-learning also provides a paperless environment.Tackling economic inequality
E-learning provides cost effective learning which is more accessible and generally far cheaper then face to face learning. Also the cost of travel is not required and the learning is available to suit the learners availability.Equal opportunity
E-learning provides cost effective learning which is more accessible and generally far cheaper then face to face learning. Also the cost of travel is not required and the learning is available to suit the learners availability. Accessibility is therefore open to all and as the scoring/marking is automated any bias is eliminated. Visually impaired users may also be able to alter font sizes, colours etc.Wellbeing
Learning Management Systems can be used by organisations to keep employees engaged and motivated by helping them with their training and learning needs.
Pricing
- Price
- £2,475 a unit a year
- Discount for educational organisations
- Yes
- Free trial available
- No