Causeway Technologies Limited

CourseSight

CourseSight is the all-in-one system for training businesses. Built for flexibility, the system can manage all your training sales, including general sales, sales to a closed group, private courses and the sale of spare capacity on internal training. All in one easy-to-use platform.

Features

• Comprehensive course sales management with easy bulk scheduling
• Sell training, materials, memberships, and equipment through the same portal
• Centralised training resource management (trainers, rooms, venues, equipment)
• Automated communications (order confirmation, joining instructions etc.)
• Customer community management (customisable privacy settings for customer access)
• Real-time reporting and insights (dashboard and exportable CSV, Excel)
• Transfer of data to third party services (e.g. finance system)
• Flexible payment/invoicing options with secure online or POA checkout
• E-learning content hosting (SCORM) and end-to-end delivery automation
• Customer/employee self-service (incl. bookings, refunds, swaps, replacements).

Benefits

• Powerful, flexible system without the custom build cost or risk
• Automation of key processes, making a seamless, efficient experience
• Centralisation of all training resources and processes
• Access from anywhere 24/7, on any device including mobiles
• Keep ahead easily - manage, publish, change content in moments
• Manage user community easily with controlled access user roles
• All training delivery methods covered from classroom to e-learning
• Regular updates and enhancements made to the system
• Comprehensive training management to maximise business efficiency
• Extensive reporting capability and visibility of system activity

£1 to £6 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tanya.morris@causeway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

281974922373769

Contact

Tanya Morris
01753 279927
tanya.morris@causeway.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: This service can be combined with any of the other services provided by Reference Point, as the booking engine that feeds achievement data over.
• Cloud deployment model: Private cloud
• Service constraints: No formal constraints. Occasional system maintenance is managed through scheduled downtime, which is always communicated to clients in advance.
• System requirements:
  • A device with internet access and a current web browser
  • Modern browser versions - MS Edge; Google Chrome; Safari; Firefox
  • Internet Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: User Support is available via email Monday - Friday 09.00-17.00 (UK Time)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: A third-party system, testing undertaken by the third party.
• Onsite support: No
• Support levels: The CourseSight price includes hosted service availability (24/7 ) other than minimal scheduled downtime (for maintenance), which is always communicated in advance. As such, our Cloud service is constantly monitored to ensure full availability. ; Standard user support provides phone support, web chat support, and email support and is available to all trained users Monday-Friday (09.00 -17.00 UK time). ; All clients are entitled to a single online remote training session (Via Teams or Zoom) and initial set up support from a member of the CourseSight support team during their onboarding. ; Large annually contracted clients are entitled, in addition to the above, to an on-site training day for all administrators, a dedicated account manager and individually branded initial set-up collateral and support. Additional training days and customised training materials for supply chain/ key audiences are available at an additional cost - quoted based on a day rate plus travel costs (where applicable).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: - Upon contract commencement, logins will be granted to key users by the designated account manager. ; - Existing customer accounts will be bulk uploaded in readiness for launch. ; - The administrator training session is then organised for all key users. All training provider customers are entitled to a single training session (via Teams or Zoom) and initial set-up support from a member of the CourseSight support team. Large annually contracted clients are entitled, in addition to the above, to an on-site training day for all administrators, a dedicated account manager and individually branded initial set-up collateral and support. Additional training days and customised training materials for supply chain/ key audiences are available at an additional cost - quoted based on a day rate plus travel costs (where applicable). ; - Bulk upload of pre-existing course data and fill of the system with existing booking data is then commenced. ; - Although many users would not need further assistance, user guides, e-guides and video tutorials are available online in the training provider resources portal. ; - Standard user support provides: phone support, web chat support, and email support and is available to all users Monday-Friday (09.00 -17.00 UK time).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: CourseSight has a powerful reporting engine that enables pre-defined reports to be generated, allowing users to extract all data they are authorised to. All report contents can be downloaded in an exportable format (CSV). Prior to contract end, users should use this process to extract copies of all the data they will require.
• End-of-contract process: The standard End of Contract process is as follows. The Client shall settle any valid outstanding invoices for use of the Software and for the Services provided prior to termination. Prior to contract termination, clients should extract copies of all data they wish to retain and which they are authorised to access using the standard CourseSight reporting and data export feature. Data held will be deleted or anonymised once sufficient time has elapsed to be certain it will no longer be required within CourseSight for the designated purpose. This will be six years from the time at which a customer record becomes “dormant” meaning from the time at which it was last edited or otherwise processed (save for deletion or storage) unless otherwise agreed with the client. The above service is included within our standard contract fee. ; If customers require any additional services (such as RPL extracting and supplying encrypted data archives of customer-specific data at contract end or providing any further consultancy around end of contract processes), these are available but would be chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The site is fully responsive and designed for all functionality to work on both mobile and desktop devices. The user interface adapts to the size of the mobile device and simplifies menus to ensure easy readability.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface consists of, once logged in, a tailored dashboard and access to functionality based on the user role is displayed with key metrics for that user. For key client users, an intuitive administrator control panel, with access to all functionality and commands through a user-friendly navigation panel. ; ; For customers, a customer portal allows course search and extensive filters to be applied without any requirement to log in; a modern and secure shopping basket/ checkout process, and tailored user accounts with access to relevant functionality once logged in.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: No specific assistive technology testing is undertaken; however, the web applications are tested to ensure standard expected behaviours within a broad range of browsers are met. For example, responsive design/ scalability; colour contrast, the position of controls etc.; ; CourseSight is designed to be easy to use and allows users to broadly fulfil WCAG 2.1 A standards by working with a screen reader/ zoomed up font size/ high contrast colour settings.
• API: Yes
• What users can and can't do using the API: CourseSight has a number of existing APIs. ; ; Type 1 (Internal): These allow: read-only data to be delivered to Reference Point systems (e.g. Highways Passport) which manage workforce competency; and some third party systems for reporting purposes. The data currently available through APIs is booking information, delegate details and achievement data. For example, one of the existing APIs, which is available to all relevant users, transfers outcomes and qualifications directly to CSCS cards via the Go Smart Card Checker app. It would be possible to make extensions to the existing APIs or create additional APIs for the needs of the client at an additional cost, quoted based on complexity.; ; Type 2 (External): These allow read-only data to be delivered to third party systems and services belonging to the client. The data currently available through APIs is live course and availability information, booking information, financial information, delegate details, organisation details and achievement data. It would be possible to make extensions to the existing APIs or create additional APIs for the needs of the client at an additional cost, quoted based on complexity.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: For an additional fee custom APIs, modules and customisation of branded elements (e.g. communications, certificates and surveys) can be undertaken.

Scaling

• Independence of resources: CourseSight is hosted on the Microsoft Azure cloud platform and so benefits from the security tools, scalability and controls this provides. ; Run on a responsive, tiered platform, the system has been implemented to utilise the scalability, performance and resilience benefits offered by the MS Azure cloud. This includes the capability to be scaled horizontally and vertically to meet the demands of very large numbers of concurrent users and high volumes of transactions, with rapid escalation when demand/usage peaks.

Analytics

• Service usage metrics: Yes
• Metrics types: A wide variety of usage metrics are available to permitted users including bookings, delegate details, course details, achievement data, purchase data (materials, resources), Resource information (rooms, venues, equipment, tutors). Which can be accessed as high-level statistics in the dashboard or detailed reports through the reporting suite.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CourseSight has a powerful reporting engine that enables pre-defined reports to be generated, allowing users to extract all data they are authorised to. All report contents can be downloaded in an exportable format (CSV).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • If using API, JSON
  • If using API, XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: For full details, please contact Reference Point for the SLA. In summary: Software is hosted and available over the internet on the Microsoft Azure platform 24 hours a day, 365/6 days a year with uptime (excluding scheduled maintenance) of 99.5%. Run on a responsive, tiered platform, the system has been implemented to utilise the scalability, performance and resilience benefits offered by the MS Azure cloud. This includes the capability to be scaled horizontally and vertically to meet the demands of very large numbers of concurrent users and high volumes of transactions, with rapid escalation when demand/ usage peaks.
• Approach to resilience: The service is hosted across multiple UK Azure data centres with geo-redundant back-ups. The standard service is provisioned on MS Azure to ensure high availability through automated health monitoring and management services that the platform provides. As such, service resources are configured across multiple fault domains to guarantee the service will operate reliably in the event of an underlying hardware or infrastructure failure with a resilience ratio greater than N+1. Further details are available on request.
• Outage reporting: The service is fully and continually monitored with all notifiable failures immediately escalated to the technical service delivery team. Depending upon the extent of the outage, outages may be communicated to users directly via messaging on the application portal or indirectly via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Single Sign-On using the User Organisation's AD credentials is also available for an additional fee.
• Access restrictions in management interfaces and support channels: User permissions are actively segregated within the business and granted in line with the principle of "least privilege".; ; The only staff with access to production infrastructure and databases are the technical support team. Their access is regularly reviewed by the CTO and has been implemented to require the use of SSO/ Active Directory. Developers and all other Reference Point personnel have no direct access to the underlying infrastructure. ; ; Non-technical (user) support staff access is also reviewed on a regular basis by the CTO and is always restricted to access via CourseSight standard internal security only (authenticated by MFA/ SSO).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: SSO/ Active Directory

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Limited
• ISO/IEC 27001 accreditation date: 16/08/2019
• What the ISO/IEC 27001 doesn’t cover: There are no exemptions and therefore the Standard is fully covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Reference Point Limited (via self-signed attestation of compliance)
• PCI DSS accreditation date: 30/07/2019
• What the PCI DSS doesn’t cover: CourseSight is PCI DSS SAQ-A compliant, using Stripe. SAQ-A is a self-signed attestation of compliance – not certification. The payment processing within CourseSight is fully outsourced to Stripe who are PCI-DSS compliant.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The protection of client information is core to our business. Our approach to information security is fully aligned with our ISO 27001 accredited Information Security Management System. This means that we meet all regulatory and legislative requirements and ensure these are embedded in our policies and business continuity plans. Our information security objectives and business continuity plans are reviewed regularly. These are effectively tested and implemented in the business. All policies are also communicated across the business to all staff who receive suitable, regular training. We ensure the security, integrity and confidentiality of information at all times. We maintain and regularly update comprehensive information asset register and review all access to information to ensure it is protected from unauthorised access. All third parties and sub-processors who work alongside us are made aware of their obligations towards protecting all information assets. Any breach of information security, whether actual or suspected, is reported to Reference Point's DPO for investigation.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All service components are subject to rigorous proactive monitoring throughout the entirety of their lifetime. ; ; All service infrastructure and configuration changes are thoroughly assessed for potential security impact and go through an internal change control/ change approval and robust pre-implementation testing process before being deployed to production environments. ; ; Additionally, all hosted services are regularly reviewed and subject to external penetration testing from a CREST-accredited supplier to ensure they meet relevant IT security standards and industry best practice.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The underlying MS Azure platform is managed by Microsoft with regards to security and vulnerability management, as well as deployment schedules. ; ; All web browsers, Android and iOS Operating Systems are regularly updated by the OS vendors. As a result, Reference Point review all notified changes, vulnerabilities and security updates to ensure no negative impact on the CourseSight service and applications. ; ; We perform regular vulnerability scans and continually monitor information sources (such as OWASP) to maintain knowledge and expertise about potential threats that could affect our services and applications. If applicable, suitable updates are provisioned by us.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The underlying MS Azure platform is managed by Microsoft which provides network level defences against DoS attacks and similar hostile attacks. ; ; Additionally, Reference Point utilise the Azure web application firewalls and gateways to monitor and protect against malicious activity. ; ; The configuration of these services for CourseSight is reviewed by Microsoft Security technicians to ensure best practice is followed. ; ; Exceptions and other alerts (e.g. around unusual traffic patterns) are automatically escalated to the technical support team at Reference Point.; ; Additional periodic review of WAF logs is also undertaken.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: There is a defined Incident Management procedure which would be followed. ; The key points are:; Escalation and notification to relevant parties.; Immediate analysis to enable confirmation and any immediate preventative actions to be taken.; Capture of relevant details, log files, screenshots of incident for subsequent analysis;; Development of (any required) actions to mitigate risks - both short and medium term.; If required, notify relevant parties within statutory timeframes.; Production of report following above.; ; Clients will be notified in line with the Incident Reporting SLA.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As a company we are working towards gaining ISO 14001 certification.
• Covid-19 recovery:

  Covid-19 recovery

  Reference Point has a clear Covid 19 Risk Management strategy which is regularly reviewed and updated in line with the evolving pandemic.
• Equal opportunity:

  Equal opportunity

  We have an equal opportunities policy which is adhered to and regularly.; reviewed/ updated.
• Wellbeing:

  Wellbeing

  Wellbeing is a staff priority within the business. This is communicated to all staff from senior management and is monitored.

Pricing

• Price: £1 to £6 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a training environment is available for large organisations during the procurement process to trial processes.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tanya.morris@causeway.com. Tell them what format you need. It will help if you say what assistive technology you use.