Resulting Ltd

Assima Systems Training Platform

Assima's Hyperrealistic Digital Adoption Platform Cloud offering comprises of 4 modules:
- Train
- Collaborate
- In-app Search
- Assist

Combined, help organisations create and deploy content to support new system rollouts, saving time for adoption and removing the requirement for training clients. ERP, SAP, Flexible training platform

Features

• Replace Training Clients
• Create Hyperrealistic System Training Packages
• Replace Sensitive or Annoymise data in Training packages
• Translate Training content into multiple languages from one source
• Provide Context Sensitive Search for help in live applications
• Provide Guidance for system tasks in live applications
• Reporting on training content usage to understand knowledge retention
• information displayed at the point of need in live applications
• Digital Adoption Platform (DAP)

Benefits

• Learn system processes faster and better
• Gain confidence learning systems in a replica of live apps
• Reduce amount of errors made in the live app
• Reduce the amount of rework in back office teams

£80,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@resulting-it.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

272058127816240

Contact

Robbert Willemse
+44 1925 906 662
Hello@resulting-it.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements: Authors of content require a Microsoft Windows machine

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA's required
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There are 3 levels of support:; ; 1st line via online support portal: These tickets are handled via our support team to answer basic questions or resolve any generic problems that may occur; ; 2nd line support via our CSM team: Each customer is assigned a customer support member from the team, to help them during implementation and to answer any specific issues you may have; ; All support is covered under the License agreement with Assima
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Assima has a jumpstart program devised to be a kick off plan. This is designed to not only train the customer in how to use the software but to also help in how to design content to solve the problems being faced within the business.; ; You can find out more here: https://assimasolutions.com/services/assimau-services/
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the license contract, the administrator can export all created and stored training content as SCORM zip packages.; ; Stored analytics data can be downloaded as a CSV file for use in an in-house data store.; ; Learner end-users can not extract data from the platform.
• End-of-contract process: The contract's price allows a dept/organisation to use the software to create and consume content for the length of the contract. At the end of the contract, the dept/organisation can remove all of their SCORM-compliant learning that they made and continue to deploy it via other SCORM-compliant LMSs

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The interface has been designed for mobile devices, so it can be administered.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: All branding within the platform can be branded to requirements. All outputs generated from the product can be branded according to your own requirements.; ; Initial templates and themes are configured as part of the Jumpstart and configuration phase and can be customised by an Administrator user.

Scaling

• Independence of resources: Our platform leverages Azure's gateway technology and is built with a Service-Oriented Architecture (SOA) design to ensure scalability and load balancing, even under heavy usage.

Analytics

• Service usage metrics: Yes
• Metrics types: For Authors, we log the following; - Login Date/Time; - Activities including content creation/editing/publishing; ; SCORM data collected is as follows - if content is deployed via Assima platform (optional):; - Content Access Time/Date/Duration; - Score; - Pass/fail (if the score is set); - Completion Status (Complete/Incomplete/Not taken)
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Assima Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Authors users can export created and published content to a SCORM zip-file for use in for instance an LMS.; ; Depending on the configured user settings, Learner end-users can export all their score data using the My Activity report and receiving the data via a csv file.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The SLA targets 24x7x365, 99% availability, excluding scheduled maintenance.; ; Limitations:; ; Service Hours: The guarantee only applies during the specified time window, offering some flexibility for maintenance outside those hours.; ; Scheduled Maintenance: Downtime specifically scheduled for maintenance does not count against the availability guarantee.; ; Force Majeure: Extreme, uncontrollable events are exempt from the guarantee.; ; Restoration Target: 3 Business Days
• Approach to resilience: Assima Solutions employs a multi-faceted approach to resilience within our Microsoft Azure-hosted platform to ensure continuous service availability for our clients.; ; Datacenter Resilience: We leverage Azure's geographically distributed UK datacenters with built-in redundancy and robust physical security measures. Detailed datacenter specifications are available upon request as part of our security documentation.; ; Platform Architecture: Our platform utilizes load balancing, component replication, and auto-scaling mechanisms to prevent single points of failure and handle fluctuating demand.; ; Backups & Disaster Recovery: Regular data backups to Azure's geo-redundant storage and a comprehensive, regularly tested disaster recovery plan ensure swift recovery in the event of disruptions.; ; Monitoring & Proactive Maintenance: Integrated monitoring, alerting, and proactive maintenance practices enable us to identify and mitigate potential issues before they impact service availability.; ; More info: https://learn.microsoft.com/en-us/dotnet/architecture/cloud-native/infrastructure-resiliency-azure; ; Evidence:; SOP-DOC-0003_ICT_BCAP001_-_Natural_disaster; SOP-DOC-0005_ICT_BCAP002_-_FireEvent; SOP-DOC-0019_ICT_BCAP004_-_Flood_or_water_damage; SOP-DOC-0020_ICT_BCAP005_-_Data_breach; SOP-DOC-0021_ICT_BCAP006_-_Cloud_Service_Disruption; SOP-DOC-0058_ICT_Continuity_Incident_Response_Procedure; SOP-DOC-0059_ICT_Business_Continuity_Plan
• Outage reporting: Our service employs a structured outage reporting process to promptly communicate any service disruptions. When an outage occurs, our system automatically generates alerts to notify our technical team. Simultaneously, our monitoring systems detect the outage and trigger predefined escalation procedures. ; ; Our technical team investigates the root cause of the outage and assesses its impact on service availability and performance. Following the investigation, our team communicates the outage details, including the cause, duration, and impact, to relevant stakeholders through various communication channels, such as email notifications, status updates on our service dashboard, and announcements on our website or social media platforms. ; ; Additionally, we provide regular updates on the progress of outage resolution efforts until service restoration is achieved. This structured outage reporting process ensures transparency, accountability, and timely resolution of service disruptions, minimising the impact on our customers and stakeholders.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We conduct regular reviews and updates of access controls for management interfaces and support channels to prevent unauthorised access. Utilising role-based access controls (RBAC) allows us to ensure that only authorised individuals have access to sensitive management interfaces and support channels. By implementing RBAC, we customise access permissions to specific roles, thereby minimising the risk of unauthorised access to critical systems and information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Interdigicert Europe SA
• ISO/IEC 27001 accreditation date: 15/12/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our service employs a structured outage reporting process to promptly communicate any service disruptions. When an outage occurs, our system automatically generates alerts to notify our technical team. Simultaneously, our monitoring systems detect the outage and trigger predefined escalation procedures. ; ; Our technical team investigates the root cause of the outage and assesses its impact on service availability and performance. Following the investigation, our team communicates the outage details, including the cause, duration, and impact, to relevant stakeholders through various communication channels, such as email notifications, status updates on our service dashboard, and announcements on our website or social media platforms. ; ; Additionally, we provide regular updates on the progress of outage resolution efforts until service restoration is achieved. This structured outage reporting process ensures transparency, accountability, and timely resolution of service disruptions, minimising the impact on our customers and stakeholders.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our approach to configuration and change management involves a systematic and structured process. It begins with the identification of proposed changes, followed by an assessment of their potential impacts on security and business operations. Changes are then documented, evaluated, and authorised before implementation. Throughout this process, we emphasise communication, collaboration, and adherence to established policies and procedures.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process begins with regular vulnerability assessments conducted using third party. Identified vulnerabilities are then prioritised based on severity and potential impact. We promptly apply patches and updates to remediate vulnerabilities and mitigate associated risks. ; ; Additionally, we continuously monitor emerging threats and vulnerabilities to adapt our mitigation strategies accordingly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes involve the deployment of robust monitoring tools and technologies to capture and analyse security-related events. We employ a combination of automated alerts, anomaly detection, and manual review to identify suspicious activities and potential security incidents. Upon detection, incidents are promptly investigated, escalated, and remediated according to predefined response procedures.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach begins with the timely identification and classification of security incidents based on predefined criteria. Incidents are then assessed to determine their scope, severity, and potential impact. We employ containment strategies to prevent further damage and eradicate the root cause of incidents. Subsequent recovery efforts aim to restore affected systems and data to normal operation. Finally, post-incident analysis is conducted to identify lessons learned and implement preventive measures to mitigate future incidents.; ; Throughout this process, clear communication, documentation, and collaboration among relevant stakeholders are prioritised to ensure effective incident resolution

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our software means no travelling, everyone learns from home. It is also more efficient in the use of power in the datacentres, as our tool removes the requirement to stand up an extra training environment for each of the systems trained on the solution.

  Covid-19 recovery

  Our software allows people to learn independently, so there is no need to bring people together and reduce any spread of novel viruses.

  Tackling economic inequality

  The learning created can be allocated easily to diverse groups of learners, regardless of location.

  Equal opportunity

  There are no limitations on the diversity of people who can be educated through our software

  Wellbeing

  Our software improves people's knowledge of new systems. When people become more knowledgeable, it means they can better use the processes and therefore feel better/prouder of themselves

Pricing

• Price: £80,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hello@resulting-it.com. Tell them what format you need. It will help if you say what assistive technology you use.