Cognexo

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: We can integrate with existing LMS (Learning Management Systems) and HR/Payroll Systems but can be used as a standalone solution
Cloud deployment model: Public cloud
Service constraints: No known constraints. Internet access being the only requirement.
System requirements: Internet Access

User support

Email or online ticketing support: Email or online ticketing
Support response times: P1 SLA - First response within 1 hour, and a planned resolution or workaround within 4 business Hours.

P2 SLA - First response within 4 hours, and a planned resolution or workaround within 8 business Hours.

P3 SLA - First response within 12 hours, and a planned resolution or workaround within 24 business Hours.

P4 SLA - First response within 24 hours, and a planned resolution or workaround within 48 business Hours.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: P1 - Critical issues that halt operations, pose security risks, or severely impact the user experience.
P1 SLA - First response within 1 hour, and a planned resolution or workaround within 4 business Hours.
P2 - Issues that significantly impact the user experience or affect a large portion of the user base.
P2 SLA - First response within 4 hours, and a planned resolution or workaround within 8 business Hours.
P3 - Issues that affect a small number of users or result in minor inconveniences that don't significantly impact core functions.
P3 SLA - First response within 12 hours, and a planned resolution or workaround within 24 business Hours.
P4 - Issues that have minimal impact on operations or user experience and do not impede any functionality.
P4 SLA - First response within 24 hours, and a planned resolution or workaround within 48 business Hours.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We provide remote onboarding and training as well as documentation. We can also provide onsite training if required. Monthly support meetings and quarterly business reviews are also part of the service to ensure new staff are identified and trained and any potential gaps are filled.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: All data can be exported by the administrator and we can assist in this regard as well if custom formats are required.
End-of-contract process: All data is deleted once the contract comes to an end and data requested has been shared. The data retention policy can be configured to match the buyer's requirements. There is no additional cost for this end of contract process.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Administration is performed on the web application via desktop service. Delivery to end users (broadcasts, assessments, questions and surveys) does not differ whether via desktop or mobile device.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The service interface is accessed through a web browser and is used for administrative tasks as well as being a learner portal with access to daily questions, broadcasts with abilities to see leaderboards and holidays. Accessible through multiple devices and channels (Desktop, Mobile, Tablet) Email, Teams and Slack.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: We have run automated accessibility tooling, we have tested against screenreaders, and consulted with visually impaired customers for contrast.
API: Yes
What users can and can't do using the API: API is used for integration in to other solutions from a user population perspective as well as automated workflow enablement. There are no limitations apart from users requiring a license to administer API services.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Buyers can customise their own content within our service (administrators only) as well as being able to customise the branding to match that of the buyer's requirement.

Scaling

Independence of resources: We have the ability to monitor and scale on demand.

Analytics

Service usage metrics: Yes
Metrics types: We can provide service uptime, user numbers (active/inactive), user engagement, feature usage and history.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Data can be exported on demand or on a schedule.
Data export formats: CSV

Other
Other data export formats: Json
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: There is no refund for service downtime. We guarantee a 99% uptime SLA.
Approach to resilience: We utilise cloud-based resilience services including multiple availability zones.
Outage reporting: We provide e-mail alerts around outages.

Identity and authentication

User authentication needed: Yes
User authentication: Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Role based access security following the principle of least privilege.
Access restriction testing frequency: At least once a year
Management access authentication: Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users receive audit information on a regular basis
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: We are Cyber Essentials certified and follow the ISO27001 framework.
Information security policies and processes: Our information security policies are based on the ISO27001 framework and Cyber Essentials.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Changes to our platform are managed through Infrastructure As Code. All changes have a full audit process as it is all source controlled. Changes must be approved and tested before being applied to production environments.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Automated static analysis and container scanning. Servers follow AWS standards for hardening and update schedules. Other services are managed and patched on at least a weekly basis.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Monitoring solutions are in place, including WAF and AWS CloudTrail which generate alerts which are then investigated.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Our Incident Management process is based on the ISO27001 framework.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity
Wellbeing

Equal opportunity

As a provider of solutions that have a focus on knowledge provision and retention, one of our key themes is DEI, around which we have several topic areas. Ensuring employees and employers are knowledgable around such key themes contributes to equal opportunities for all. Education is key to eradicating bias, conscious or otherwise.

Wellbeing

Within our solution, we have the ability to distribute wellbeing surveys and pulse surveys to ensure a realtime view on the wellbeing of the employees. With embedded, real-time workflows, immediate action can be taken where wellbeing related issues are identified following survey completion. With the knowledge retention part of our solution, we have a plethora of topics around wellbeing that ensure an acceptable level of knowledge is adhered to in order to identify wellbeing issues as they relate to individuals or groups as well as assisting individuals directly in addressing their own wellbeing.

Pricing

Price: £20 to £144 a user a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: There is a time-limited, user-limited version available for proof of concepts and/or pilots. This will be deployed in an enterprise-manner with customer success involved to ensure a smooth deployment and successful trial.

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Cognexo

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents