Advanced Business Solutions

Learner Management System (formerly “PICS”)

Learner Management System (formerly PICS) is a complete end-to-end solution for all ESFA, ESF and commercial training programmes, including apprenticeships.

Learner Management System offers an entire paper-free learner and journey including digital signup, the industries leading ILR management suite, fully integrated ePortfolio & more, all backed by unbeatable support.

Features

• Your entire learner & employer journey in a single system.
• Paper free enrolments and contracting with digital signatures.
• Full, robust ILR management for all programmes.
• Funding reports and projections which reconcile with the ESFA hub.
• Management of employer co-investments with finance team portal.
• Comprehensive reporting covers achievement rates, finance, E&D and more.
• Digital registers and real-time attendance tracking.
• Excellent and responsive customer support with over 25 years' experience.
• Integrated survey functions.

Benefits

• End-to-end solution significantly reduces data admin burden.
• Paper-free system reduces turnaround times and increases efficiency.
• Robust ILR features reduce the headache of compliance and audit.
• Manage all ESFA or commercial programmes in a single system.
• Real-time funding calculations demystify funding regimes.
• Flexible reporting provides insights into all aspects of your business.

£360.00 to £720.00 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

193022146862689

Contact

Bid Support
0330 343 8000
bidmanagementteam@oneadvanced.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: OneAdvanced perform scheduled software updates and infrastructure maintenance outside of core business hours. Customers are notified of any upcoming maintenance via the Status Page, or via email if a customer subscribes to our maintenance alerts.
• System requirements:
  • Windows 10
  • Mac OS
  • Any up-to-date modern web browser
  • Broadband internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We operate an email help desk Monday-Friday 9-5:30. We aim to provide an informed response to enquiries within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Support queries can be raised through the chat bubble integrated in the software
• Web chat accessibility testing: Not conducted.
• Onsite support: No
• Support levels: Standard availability service levels of a minimum of 99.5% will apply, dependent on contracted services. Support is provided around a priority and escalation system. When an incident is reported, a priority level is established based upon the information provided, understanding business impact is essential. Target service levels and response times are assigned based on an initial appraisal of the problem but can be revisited at any time by the client. The escalation procedure is designed to progress each call as efficiently as possible. OLA's are in place for escalations beyond support into the development and professional service teams.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Most Learner Management System implementations will begin with a data conversion of existing ILR data and the preparation of the hosting platform. We then begin a schedule of training. Typically, the initial programme of training consists of three two-hour webinars, delivered over a couple of days.; ; We then arrange follow-up training 4-6 weeks after the initial training. this training can be onsite or online depending on client requirements and current social distancing policies. This core structure of training is supplemented by a range of online video training courses and additional online training sessions dependent on the level of SaaS offering chosen and your training needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted through the comprehensive reporting suite, or we can provide read only licenses with access to the full report suite, to suit the customer.
• End-of-contract process: If a customer chooses not to renew their contract, we will provide facilities for extracting Learner Management System data through its integrated reporting suite, additional costs are applicable if a customer wishes for us to do this on their behalf. Alternatively, we can provide read-only licenses and long term data storage, at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We limit access to ILR edit due to sensitivities of this data but cover read and write of most other data entities.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Integrated branding allows public-facing aspects of the software to be branded. Extensive customisation options for fields, workflows, forms etc are integrated into the product.

Scaling

• Independence of resources: Performance and capacity metrics are continuously logged using Azure Insights and monitored daily by support and devops teams. Azure AppServices can scale out without interrupting service by increasing the number of VM instances running PICSWeb. Additional database servers can be deployed via PowerShell scripts as demand requires.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If a OneAdvanced customer ceases to use the Learner Management System, the customer's data is returned to them. The customer's data is archived and retained by OneAdvanced for a period of 6 months.; ; OneAdvanced provide the data in a compressed format to the customer using our secure File Drop site.
• Data export formats:
  • CSV
  • Other
• Other data export formats: ZIP (file attachment)
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Azure Application Gateway with Web Application Firewall provides inbound layer 7 traffic inspection. Providing distributed denial of service (DDoS) protection, Geographical filtering, malicious bot protection and protection against Open Web Application Security Project (OWASP) top 10 common web vulnerabilities.; https://owasp.org/www-project-top-ten/
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability during core business hours (Mon..Fri 8am - 8pm); RTO = 1 working day, RPO = 24 hours
• Approach to resilience: Customer’s live data is held at Azure UK South data centres (London), backups and DR held at Azure UK West data centre (Cardiff).; Customer documents are immediately replicated to the DR site. Each PICS dataset is automatically backed up between midnight and 6am every day and replicated to DR. In addition, all virtual machines, databases and customer documents are backed up using Azure backup and replicated to the DR site. ; The backup storage is immutable which provides robust protection against ransomware attacks. ; https://learn.microsoft.com/en-us/azure/backup/backup-azure-immutable-vault-concept?tabs=recovery-services-vault; OneAdvanced have a documented DR restore process detailing the technical steps required to fully recover the PICS environment and customer data if an event was to occur that would result in a UK region being compromised and/or unavailable. This technical process is subjected to documented testing at least every 6 months. ; Incident management and business continuity plans are fully documented and reviewed annually as part of ISO 27001.
• Outage reporting: When Customers need to be advised in the first instance a publicly accessible Status Page is updated and notifications are emailed to subscribers. ; If the incident is, or becomes, a major incident and a public announcement is needed then Customers will be emailed directly via the support team’s CRM.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Support staff are only able to access customer datasets when explicitly invited to do so using a function in the product which creates a time limited user account
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: June 2021
• What the ISO/IEC 27001 doesn’t cover: All activity on G-Cloud is covered by ISO 27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Range of policies in compliance with ISO27001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: OneAdvanced’s internal IT team conduct a series of daily/weekly/monthly checks including:; • Backups; • Endpoint protection; • Vulnerabilities & configuration; • Performance & capacity forecasts; • Uptime & availability; Security event log monitoring focuses on suspicious activity including but not limited to:; • Brute Force password attacks; • Elevation of privileges; • Account creation; • Changes to sensitive security groups; • Security logs cleared; Suspicious activity is logged in OneAdvanced’s ISMS in line with ISO27001 policies. Security risks are formally reviewed by management on a regular basis. All employees have a responsibility to report information security weaknesses.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: OneAdvanced use industry recognised vulnerability scanners to produce weekly patch and secure configuration reports.; OneAdvanced are also subscribed to various alerting services such as NCSC Early Warning System.; Penetration testing is performed annually.; Servers are patched monthly but critical updates are risk assessed and applied sooner when needed. ; All updates to production systems go through OneAdvanced’s change management process in line with ISO27001.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: OneAdvanced’s internal IT team conduct a series of daily/weekly/monthly checks including:; • Data/infrastructure backups; • Endpoint protection; • Firewalls; • Vulnerability & configuration; • Performance & capacity forecasts; • Uptime & availability; • Security event logs; Security event log monitoring focuses on suspicious activity including:; • Brute Force password attacks; • Elevation of privileges; • Account creation; • Account deletion; • Accounts being enabled; • Security logs cleared; Suspicious activity is logged in OneAdvanced’s ISMS in line with ISO27001. Security risks are reviewed by management on a regular basis.; All OneAdvanced employees have a responsibility to identify/report information security weaknesses.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are categorised at 3 risk levels, low, moderate and high. A moderate risk includes loss of data, temporary loss of services, etc and staff are trained to follow an incident management process with clear separation of responsibilities based on roles. Progress updates are communicated with customers hourly during core business hours and daily during weekends and national holidays. A high risk includes substantial downtime, widespread data loss, financial, contractual, or legal implications. The process for high risks is the same as moderate except a postmortem review is required immediately after the event has been contained and services restored.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to building a better tomorrow for our staff, customers and wider community through outstanding environmental sustainability performance. Our vision is underpinned by five core principles: ; ; To protect the environment by reducing our carbon footprint ; To reduce the environmental impact of our operational activities through effective management of our estate ; To create and maintain a positive environmental sustainability culture ; To maximise the positive impact of our sustainability actions through effective communication, collaboration and partnership ; To fulfil all environmental compliance obligations and seek to exceed regulatory requirements ; ; To achieve this vision, we continuously invest in and develop our ESG strategy to provide a structured and meaningful approach to our climate activity. Our success also relies on effective engagement with staff, utilising and developing their skills, knowledge and understanding. ; ; We have launched a number of initiatives to reduce our GHG emissions on an annual basis, since 2018 we have seen a reduction in 36% in our total GHG emissions. ; ; We are proactive in the property management of our offices, maintaining pressure on landlords and staff to ensure energy efficiency. Home working is facilitated and encouraged, and unnecessary travel is minimised by the delivery of consultancy, training and implementation services remotely, where appropriate. Reducing the amount of paper we generate is a key focus, and we use recycled paper - which we then recycle ourselves. We have also taken steps to recycle other materials such as plastics, food and cardboard. We comply with WEEE regulations and recycle our electrical items. All our UK based offices are entirely using green electricity and we have undertaken an office consolidation project to minimise unnecessary carbon expenditure. ; ; We are focused on our transition to a Cloud service company ensuring our customers have solutions which are future proofed and don’t require costly or energy inefficient hardware.

  Covid-19 recovery

  In the event of a similar incident OneAdvanced has a documented Health and Safety policy regarding Covid-19 Arrangements, which focuses on handwashing, hygiene, self-isolation and social distancing. ; ; As part of our transition to hybrid working we provided all employees with the materials and processes to allow them to work at home indefinitely. In the event of a similar incident all staff are able to work from home for as long as is required. This allows them to prioritise their health and safety and avoid risk of transmission. ; ; Working from home is undoubtedly challenging and may have a negative impact on the wellbeing of our employees. We provided guidance for staff working from home to stay connected e.g., quizzes, coffee mornings and time allocated for informal catch ups. ; ; We have also made changes to our approach to visiting customers on-site. Where appropriate, training and consultancy can be provided virtually. ; ; With the increase in remote work and changes in the software landscape we have invested significantly in digital transformation and cyber security to ensure the safety of the business, employees and customers. This includes protection of personal data.

  Tackling economic inequality

  OneAdvanced is committed to tackling economic inequality. We are renowned for our recruitment processes which seek to eradicate biases that can perpetuate economic inequality. We hire for potential rather than based on experience. ; ; Our commitment to tackling economic inequality is also exemplified in our pay reporting transparency. In addition to the legal requirements to produce a Gender Pay Gap Report, we have also released our Diversity Pay Gap Report to ensure accountability and so that we can take steps to address economic inequality within our own employee base. ; ; As we develop as an organisation and embrace our role in bettering society we are building features into our products to assist us in tackling economic inequality. One example of this is our education software that is used by prisons in the UK to help educate individuals that have been in the prison system and broaden their opportunities for education. Another example is the service we provide to many NHS offices across the country which allow them to act more efficiently and see more patients each day. ; ; A focus of OneAdvanced is to commit to increasing our community outreach. As part of our strategy we are planning to implement a regular schedule of community education workshops for local schools, colleges and other groups. Examples include ‘How to get started in Tech’ and coding classes. Each employee is entitled to 1 paid day they can use to volunteer for a cause close to their heart including those that are aimed at helping those from lower socio-economic areas. ; ; Our learning and development team are in place to allow our staff the opportunity to develop their skillset and further their professional career. This can allow disadvantaged individuals to increase their opportunities to secure high paying jobs both within the software industry and outside of it.

  Equal opportunity

  Cultivating a diverse workforce and inclusive culture is a priority for OneAdvanced. Diversity of experience, age, race, ethnicity, culture, gender and sexual orientation provides a wide range of talent from entry level through to our leadership teams creating richer perspectives and a powerful frame of reference. ; ; Not only is it right to recognise and celebrate differences, and ensure everyone has the opportunity to thrive, but creating a culture that is genuinely committed to a meritocratic workplace is important to our success. Ensuring all our employees understand and engage with our values, and have the opportunity to realise their full potential, is fundamental to our business. ; ; We have published 4 Diversity Pay Gap reports that extend beyond the legal requirement for gender to ethnicity, sexuality, education, disability and socio-economic status. This data provides transparency and will aid us significantly on our journey to creating a fair and equitable workplace for all. ; ; OneAdvanced is delighted to have been announced as one of the top 100 Diversity Leaders of 2020 across UK businesses following an independent survey carried out on behalf of the Financial Times. The award assesses diversity across gender, age, ethnicity, disability and sexual orientation, and ranks organisations in Europe on the extent to which they offer diverse and inclusive workplaces. The survey focused on two broad areas, looking at the scale in which employers promoted diversity within the workforce, and identifying companies that stood out when it came to encouraging diversity and equal opportunities. ; ; OneAdvanced is renowned for its innovative recruitment process, which seeks to eradicate bias – unconscious or otherwise – when hiring. In our recruitment, we use tools that give us additional insight into intellect and attitude, and remove CVs from the interview process, so managers go in without preconceptions.

  Wellbeing

  We take wellbeing very seriously at OneAdvanced, employees have access to the following initiatives to promote wellbeing: ; ; Our Employee Assistance Program (EAP) is a 24/7 phone line where our employees can speak to a trained professional regarding any matters. Whether that is related to their current workload, or whether it is related to their finances for example. This service is 100% confidential. ; ; The Wellbeing hub on our internal website is central point for resources, such as the Thrive app to which our employees have an access code. In addition, the Hub is a link to our partnership with Perks at Work who offer discounts and classes for wellbeing, fitness, and meditation. ; ; Our offices have been made more friendly and accessible than ever before as part of our office changes brought on by the new, flexible ways of working. All our offices now contain a ‘wellbeing room’, sharp boxes for needles and free sanitary products in all bathrooms (available to guests as well as our staff). ; ; We are undertaking an exercise to update our employee value proposition and undertook research to identify what factors employees themselves want. This was done so we can provide benefits that our employees will value from the most and benefit their health and wellbeing.

Pricing

• Price: £360.00 to £720.00 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide a evaluation site containing dummy data for demonstration purposes. This is available but is not carried forward if a full version is purchased.
• Link to free trial: Links are not available - evaluation sites are provided on a case by case basis, and the links generated at point of enquiry.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.