Skip to main content

Help us improve the Digital Marketplace - send your feedback

Causeway Technologies Limited

CourseSight

CourseSight is the all-in-one system for training businesses. Built for flexibility, the system can manage all your training sales, including general sales, sales to a closed group, private courses and the sale of spare capacity on internal training. All in one easy-to-use platform.

Features

  • Comprehensive course sales management with easy bulk scheduling
  • Sell training, materials, memberships, and equipment through the same portal
  • Centralised training resource management (trainers, rooms, venues, equipment)
  • Automated communications (order confirmation, joining instructions etc.)
  • Customer community management (customisable privacy settings for customer access)
  • Real-time reporting and insights (dashboard and exportable CSV, Excel)
  • Transfer of data to third party services (e.g. finance system)
  • Flexible payment/invoicing options with secure online or POA checkout
  • E-learning content hosting (SCORM) and end-to-end delivery automation
  • Customer/employee self-service (incl. bookings, refunds, swaps, replacements).

Benefits

  • Powerful, flexible system without the custom build cost or risk
  • Automation of key processes, making a seamless, efficient experience
  • Centralisation of all training resources and processes
  • Access from anywhere 24/7, on any device including mobiles
  • Keep ahead easily - manage, publish, change content in moments
  • Manage user community easily with controlled access user roles
  • All training delivery methods covered from classroom to e-learning
  • Regular updates and enhancements made to the system
  • Comprehensive training management to maximise business efficiency
  • Extensive reporting capability and visibility of system activity

Pricing

£1 to £6 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tanya.morris@causeway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 8 1 9 7 4 9 2 2 3 7 3 7 6 9

Contact

Causeway Technologies Limited Tanya Morris
Telephone: 01753 279927
Email: tanya.morris@causeway.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
This service can be combined with any of the other services provided by Reference Point, as the booking engine that feeds achievement data over.
Cloud deployment model
Private cloud
Service constraints
No formal constraints. Occasional system maintenance is managed through scheduled downtime, which is always communicated to clients in advance.
System requirements
  • A device with internet access and a current web browser
  • Modern browser versions - MS Edge; Google Chrome; Safari; Firefox
  • Internet Connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
User Support is available via email Monday - Friday 09.00-17.00 (UK Time)
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
A third-party system, testing undertaken by the third party.
Onsite support
No
Support levels
The CourseSight price includes hosted service availability (24/7 ) other than minimal scheduled downtime (for maintenance), which is always communicated in advance. As such, our Cloud service is constantly monitored to ensure full availability.
Standard user support provides phone support, web chat support, and email support and is available to all trained users Monday-Friday (09.00 -17.00 UK time).
All clients are entitled to a single online remote training session (Via Teams or Zoom) and initial set up support from a member of the CourseSight support team during their onboarding.
Large annually contracted clients are entitled, in addition to the above, to an on-site training day for all administrators, a dedicated account manager and individually branded initial set-up collateral and support. Additional training days and customised training materials for supply chain/ key audiences are available at an additional cost - quoted based on a day rate plus travel costs (where applicable).
Support available to third parties
Yes

Onboarding and offboarding

Getting started
- Upon contract commencement, logins will be granted to key users by the designated account manager.
- Existing customer accounts will be bulk uploaded in readiness for launch.
- The administrator training session is then organised for all key users. All training provider customers are entitled to a single training session (via Teams or Zoom) and initial set-up support from a member of the CourseSight support team. Large annually contracted clients are entitled, in addition to the above, to an on-site training day for all administrators, a dedicated account manager and individually branded initial set-up collateral and support. Additional training days and customised training materials for supply chain/ key audiences are available at an additional cost - quoted based on a day rate plus travel costs (where applicable).
- Bulk upload of pre-existing course data and fill of the system with existing booking data is then commenced.
- Although many users would not need further assistance, user guides, e-guides and video tutorials are available online in the training provider resources portal.
- Standard user support provides: phone support, web chat support, and email support and is available to all users Monday-Friday (09.00 -17.00 UK time).
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
CourseSight has a powerful reporting engine that enables pre-defined reports to be generated, allowing users to extract all data they are authorised to. All report contents can be downloaded in an exportable format (CSV). Prior to contract end, users should use this process to extract copies of all the data they will require.
End-of-contract process
The standard End of Contract process is as follows. The Client shall settle any valid outstanding invoices for use of the Software and for the Services provided prior to termination. Prior to contract termination, clients should extract copies of all data they wish to retain and which they are authorised to access using the standard CourseSight reporting and data export feature. Data held will be deleted or anonymised once sufficient time has elapsed to be certain it will no longer be required within CourseSight for the designated purpose. This will be six years from the time at which a customer record becomes “dormant” meaning from the time at which it was last edited or otherwise processed (save for deletion or storage) unless otherwise agreed with the client. The above service is included within our standard contract fee.
If customers require any additional services (such as RPL extracting and supplying encrypted data archives of customer-specific data at contract end or providing any further consultancy around end of contract processes), these are available but would be chargeable.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The site is fully responsive and designed for all functionality to work on both mobile and desktop devices. The user interface adapts to the size of the mobile device and simplifies menus to ensure easy readability.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The service interface consists of, once logged in, a tailored dashboard and access to functionality based on the user role is displayed with key metrics for that user. For key client users, an intuitive administrator control panel, with access to all functionality and commands through a user-friendly navigation panel.

For customers, a customer portal allows course search and extensive filters to be applied without any requirement to log in; a modern and secure shopping basket/ checkout process, and tailored user accounts with access to relevant functionality once logged in.
Accessibility standards
WCAG 2.1 A
Accessibility testing
No specific assistive technology testing is undertaken; however, the web applications are tested to ensure standard expected behaviours within a broad range of browsers are met. For example, responsive design/ scalability; colour contrast, the position of controls etc.

CourseSight is designed to be easy to use and allows users to broadly fulfil WCAG 2.1 A standards by working with a screen reader/ zoomed up font size/ high contrast colour settings.
API
Yes
What users can and can't do using the API
CourseSight has a number of existing APIs.

Type 1 (Internal): These allow: read-only data to be delivered to Reference Point systems (e.g. Highways Passport) which manage workforce competency; and some third party systems for reporting purposes. The data currently available through APIs is booking information, delegate details and achievement data. For example, one of the existing APIs, which is available to all relevant users, transfers outcomes and qualifications directly to CSCS cards via the Go Smart Card Checker app. It would be possible to make extensions to the existing APIs or create additional APIs for the needs of the client at an additional cost, quoted based on complexity.

Type 2 (External): These allow read-only data to be delivered to third party systems and services belonging to the client. The data currently available through APIs is live course and availability information, booking information, financial information, delegate details, organisation details and achievement data. It would be possible to make extensions to the existing APIs or create additional APIs for the needs of the client at an additional cost, quoted based on complexity.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
For an additional fee custom APIs, modules and customisation of branded elements (e.g. communications, certificates and surveys) can be undertaken.

Scaling

Independence of resources
CourseSight is hosted on the Microsoft Azure cloud platform and so benefits from the security tools, scalability and controls this provides.
Run on a responsive, tiered platform, the system has been implemented to utilise the scalability, performance and resilience benefits offered by the MS Azure cloud. This includes the capability to be scaled horizontally and vertically to meet the demands of very large numbers of concurrent users and high volumes of transactions, with rapid escalation when demand/usage peaks.

Analytics

Service usage metrics
Yes
Metrics types
A wide variety of usage metrics are available to permitted users including bookings, delegate details, course details, achievement data, purchase data (materials, resources), Resource information (rooms, venues, equipment, tutors). Which can be accessed as high-level statistics in the dashboard or detailed reports through the reporting suite.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
CourseSight has a powerful reporting engine that enables pre-defined reports to be generated, allowing users to extract all data they are authorised to. All report contents can be downloaded in an exportable format (CSV).
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • If using API, JSON
  • If using API, XML
Data import formats
  • CSV
  • Other
Other data import formats
Excel

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
For full details, please contact Reference Point for the SLA. In summary: Software is hosted and available over the internet on the Microsoft Azure platform 24 hours a day, 365/6 days a year with uptime (excluding scheduled maintenance) of 99.5%. Run on a responsive, tiered platform, the system has been implemented to utilise the scalability, performance and resilience benefits offered by the MS Azure cloud. This includes the capability to be scaled horizontally and vertically to meet the demands of very large numbers of concurrent users and high volumes of transactions, with rapid escalation when demand/ usage peaks.
Approach to resilience
The service is hosted across multiple UK Azure data centres with geo-redundant back-ups. The standard service is provisioned on MS Azure to ensure high availability through automated health monitoring and management services that the platform provides. As such, service resources are configured across multiple fault domains to guarantee the service will operate reliably in the event of an underlying hardware or infrastructure failure with a resilience ratio greater than N+1. Further details are available on request.
Outage reporting
The service is fully and continually monitored with all notifiable failures immediately escalated to the technical service delivery team. Depending upon the extent of the outage, outages may be communicated to users directly via messaging on the application portal or indirectly via email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Single Sign-On using the User Organisation's AD credentials is also available for an additional fee.
Access restrictions in management interfaces and support channels
User permissions are actively segregated within the business and granted in line with the principle of "least privilege".

The only staff with access to production infrastructure and databases are the technical support team. Their access is regularly reviewed by the CTO and has been implemented to require the use of SSO/ Active Directory. Developers and all other Reference Point personnel have no direct access to the underlying infrastructure.

Non-technical (user) support staff access is also reviewed on a regular basis by the CTO and is always restricted to access via CourseSight standard internal security only (authenticated by MFA/ SSO).
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
SSO/ Active Directory

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Limited
ISO/IEC 27001 accreditation date
16/08/2019
What the ISO/IEC 27001 doesn’t cover
There are no exemptions and therefore the Standard is fully covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Reference Point Limited (via self-signed attestation of compliance)
PCI DSS accreditation date
30/07/2019
What the PCI DSS doesn’t cover
CourseSight is PCI DSS SAQ-A compliant, using Stripe. SAQ-A is a self-signed attestation of compliance – not certification. The payment processing within CourseSight is fully outsourced to Stripe who are PCI-DSS compliant.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The protection of client information is core to our business. Our approach to information security is fully aligned with our ISO 27001 accredited Information Security Management System. This means that we meet all regulatory and legislative requirements and ensure these are embedded in our policies and business continuity plans. Our information security objectives and business continuity plans are reviewed regularly. These are effectively tested and implemented in the business. All policies are also communicated across the business to all staff who receive suitable, regular training. We ensure the security, integrity and confidentiality of information at all times. We maintain and regularly update comprehensive information asset register and review all access to information to ensure it is protected from unauthorised access. All third parties and sub-processors who work alongside us are made aware of their obligations towards protecting all information assets. Any breach of information security, whether actual or suspected, is reported to Reference Point's DPO for investigation.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All service components are subject to rigorous proactive monitoring throughout the entirety of their lifetime.

All service infrastructure and configuration changes are thoroughly assessed for potential security impact and go through an internal change control/ change approval and robust pre-implementation testing process before being deployed to production environments.

Additionally, all hosted services are regularly reviewed and subject to external penetration testing from a CREST-accredited supplier to ensure they meet relevant IT security standards and industry best practice.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The underlying MS Azure platform is managed by Microsoft with regards to security and vulnerability management, as well as deployment schedules.

All web browsers, Android and iOS Operating Systems are regularly updated by the OS vendors. As a result, Reference Point review all notified changes, vulnerabilities and security updates to ensure no negative impact on the CourseSight service and applications.

We perform regular vulnerability scans and continually monitor information sources (such as OWASP) to maintain knowledge and expertise about potential threats that could affect our services and applications. If applicable, suitable updates are provisioned by us.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The underlying MS Azure platform is managed by Microsoft which provides network level defences against DoS attacks and similar hostile attacks.

Additionally, Reference Point utilise the Azure web application firewalls and gateways to monitor and protect against malicious activity.

The configuration of these services for CourseSight is reviewed by Microsoft Security technicians to ensure best practice is followed.

Exceptions and other alerts (e.g. around unusual traffic patterns) are automatically escalated to the technical support team at Reference Point.

Additional periodic review of WAF logs is also undertaken.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
There is a defined Incident Management procedure which would be followed.
The key points are:
Escalation and notification to relevant parties.
Immediate analysis to enable confirmation and any immediate preventative actions to be taken.
Capture of relevant details, log files, screenshots of incident for subsequent analysis;
Development of (any required) actions to mitigate risks - both short and medium term.
If required, notify relevant parties within statutory timeframes.
Production of report following above.

Clients will be notified in line with the Incident Reporting SLA.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

As a company we are working towards gaining ISO 14001 certification.
Covid-19 recovery

Covid-19 recovery

Reference Point has a clear Covid 19 Risk Management strategy which is regularly reviewed and updated in line with the evolving pandemic.
Equal opportunity

Equal opportunity

We have an equal opportunities policy which is adhered to and regularly.
reviewed/ updated.
Wellbeing

Wellbeing

Wellbeing is a staff priority within the business. This is communicated to all staff from senior management and is monitored.

Pricing

Price
£1 to £6 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access to a training environment is available for large organisations during the procurement process to trial processes.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tanya.morris@causeway.com. Tell them what format you need. It will help if you say what assistive technology you use.