Skip to main content

Help us improve the Digital Marketplace - send your feedback

Brainwave Labs Limited

LEAP Digital Platform

The LEAP service is an innovative learning platform designed to enhance digital literacy across organisations through experiential learning. It offers interactive workshops, peer-to-peer collaboration, and a rich repository of digital content, effectively bridging the digital divide and fostering a culture of continuous innovation and growth.

Features

  • Engages users with peer-to-peer, hands-on digital modules.
  • Provides real-time analytics on progress and knowledge gains..
  • Ensures learning flexibility with access from any location.
  • Centralises method cards, tutorials, and playbooks for easy access.
  • Keeps learning materials current with automatic updates.
  • Adapts scenarios and topics to fit various learning needs.
  • Facilitates problem-solving and innovation through interactive sessions.
  • Protects user data with advanced security protocols.
  • Supports growing user numbers and complex scenarios efficiently.
  • Links seamlessly with existing systems for enhanced functionality.

Benefits

  • Enhances productivity and proficiency across the organisation.
  • Reduces traditional training costs with scalable digital resources.
  • Offers anytime, anywhere learning via remote access capabilities.
  • Provides real-time analytics to improve training strategies.
  • Facilitates easy content management and access on multiple devices.
  • Encourages teamwork and problem-solving through dynamic workshops.
  • Supports ongoing professional development and adaptation to new technologies.
  • Implements top-tier security protocols for data protection.
  • Enhances productivity through smooth integration with existing infrastructure.
  • Secures and makes accessible valuable corporate knowledge for strategic advantage.

Pricing

£499 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael@brainwavelabs.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 8 5 3 2 9 9 0 9 8 0 1 2 5 9

Contact

Brainwave Labs Limited Michael Ekpe
Telephone: 07771255949
Email: michael@brainwavelabs.io

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
Nil.
System requirements
Requirement for internet access.

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 Hour.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
We conducted rigorous web chat testing with assistive technology users, ensuring accessibility compliance. Users navigated chat interfaces using screen readers, assessing functionality and ease of interaction. Feedback guided iterative improvements, ensuring seamless engagement for all users, regardless of ability.
Onsite support
Onsite support
Support levels
Standard (working hours) support is included. Premium Support is at an additional cost as described in the pricing sheet, depending on the level on service.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To ensure users start using our service effectively, we offer a comprehensive onboarding process that includes several forms of support and training:
1. Online Training: We provide a series of interactive online training modules accessible directly through the platform. These modules cover all key features and functionalities, tailored to different user roles to ensure relevance and effectiveness.
2. User Documentation: Comprehensive user documentation is available within the platform. This includes detailed guides, FAQs, and step-by-step instructions designed to help users navigate the platform independently.
3. Onsite Training: For organizations that require it, we offer onsite training sessions conducted by our experts. These sessions are custom-designed to meet the specific needs of the team and focus on hands-on practice with the platform.
4. Webinars and Workshops: Regularly scheduled webinars and workshops are available to deepen user understanding and highlight advanced features or new updates to the service.
5. Customer Support: Our dedicated customer support team is available to answer any queries and assist with any challenges that arise as users familiarise themselves with the service. Support is available via phone, email, or live chat.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
When a contract with our service comes to an end, we ensure that users can extract their data easily and securely. Here’s how the process works:

1. Data Extraction Tools: Users have access to tools within the platform that allow them to download their data in common file formats, such as CSV, SQL, XML, Excel, or PDF, depending on the data type. These tools are accessible through an admin dashboard under the ‘Data Management’ section.
2. API Access: For more comprehensive data needs or automated extraction, admins can utilise our API to programmatically retrieve their data. Detailed documentation is available to guide users through this process.
3. Support Assistance: If users require assistance with data extraction, our support team is available to help. They can provide guidance on how to use the extraction tools effectively or assist in preparing custom data exports if the standard options do not meet the user’s needs.

We aim to make the data extraction process as straightforward and user-friendly as possible, ensuring that all data is retrieved securely and efficiently as the contract concludes.
End-of-contract process
At the end of the contract, here is a breakdown of what's included in the pricing and any potential additional costs:
Included in the Price:
• Data Extraction: Users are entitled to use built-in tools to download their data at no extra cost. This includes access to data in standard formats such as CSV, Excel, or PDF.
• Account Deactivation: Deactivating user accounts and access to services is included, with no additional fee for the account closure process.
• Final Review Meeting: A concluding session to discuss the service performance and any end-of-contract concerns is part of the contract without additional charges.
Additional Costs:
• Extended Data Access: If users need to extend their access to the platform beyond the contract end date to retrieve data or complete projects, additional fees may apply depending on the duration of the extension.
• Data Migration Support: Should users require assistance with data extraction or need custom reports and data formats, there may be additional charges based on the complexity and resource requirement.
• Archival Services: If users opt for archival of their data on our servers beyond the grace period outlined in our data retention policy, additional fees will be incurred.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Both our mobile and desktop services provide full access to our platform's features, but they are tailored to suit the specific strengths and user contexts of each device type. Using either the mobile or desktop version of our service, users can enjoy a flexible learning experience that adapts to their lifestyle and preferences, ensuring they have the tools they need in the format that best suits their immediate context.
The mobile UI/UX provides is designed with a simplified interface, optimised for touch interaction and provides instant notification features.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The LEAP interface is intuitively designed for ease of use, featuring a streamlined dashboard that provides a quick overview of progress, activities, and personalised recommendations. A clear navigation menu offers direct access to courses, workshops, community forums, and additional resources. Learning modules integrate interactive content with quizzes and real-time feedback to enhance engagement and retention. Integrated communication tools, including a messaging system and discussion boards, facilitate collaboration and community engagement. Accessibility features such as adjustable text sizes, and keyboard navigation ensure the platform is inclusive for all users. The mobile-optimised interface supports learning on-the-go with touch-friendly controls and offline access.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Testing Scenarios
Our testing includes a variety of real-world scenarios to ensure that users of assistive technologies can navigate the interface, access content, and interact with all platform functionalities effectively. Scenarios tested include:
• Navigating the dashboard and accessing various sections of the platform using screen readers.
• Interacting with learning modules using keyboard-only navigation to ensure that all interactive elements are accessible without a mouse.

Compliance and Standards
All interface testing is conducted in line with established accessibility standards, including the Web Content Accessibility Guidelines (WCAG) 2.1, to ensure compliance with both legal requirements and best practices. We aim to meet or exceed Level AA compliance, addressing issues related to navigability, readability, and operability.

Training and Documentation
In addition to interface testing, we provide comprehensive training materials and documentation that are accessible and easy to understand for users of assistive technologies.
API
Yes
What users can and can't do using the API
Our API provides robust options for users to customise and automate their interaction with our service, yet there are specific limitations to consider:

Capabilities
- Users can set up new accounts, specifying user roles and access levels.
- Settings for organisational structures, learning paths, and content categories can be configured via the API.
- Add, update, or delete learning materials and organise them into modules or courses.
- Update profiles, modify roles, and manage permissions.
- Generate custom reports on user engagement and performance, with options for data export.
- Data analytics

Limitations
• Initial Setup: Initial platform setup and integration with enterprise systems like SSO may require direct UI interaction or technical support.
• Complex Configurations: Advanced security settings and intricate organisational structures often require manual setup.
• Bulk Operations: There are restrictions on the volume of bulk operations to prevent system overload.
• Feature Availability: Some UI features, particularly those involving complex interactions or real-time collaboration, are not accessible via the API.
• Rate Limits: API usage is subject to rate limits to ensure system stability and fair usage.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our service is adaptable, enhancing both user experience and operational efficiency for organisations of varying sizes and complexity.

What Can Be Customised
• User Interface: Tailor themes, colours, and layouts to match organisational branding.
• Learning Content: Create and integrate custom training content.
• Workflows and Processes: Adjust workflows to fit organisational procedures.
• Access and Permissions: Set user-specific access controls and permissions.
• Reports and Dashboards: Customise reports to highlight relevant metrics.
• System Integration: Seamlessly integrate with existing HRIS, CRM, and ERP systems.
How Users Can Customise
• Admin Panel: Use an intuitive interface for UI adjustments, content management, and role configurations.
• API Access: Utilise our API for deeper system modifications and integration with external databases.
• Templates and Wizards: Employ built-in tools to easily develop custom reports and learning modules.
Who Can Customise
• Administrators: Manage all system settings, user roles, and permissions.
• Managers: Customise team-related operations and generate specific reports.
• End Users: Personalise dashboard layouts and notification settings.

Scaling

Independence of resources
We ensure independence of resources through robust infrastructure scaling and resource allocation mechanisms. Our infrastructure utilises elastic resources (dynamically adjusts resources to accommodate varying demand levels), preventing performance degradation during peak usage. Additionally, we employ load balancing, high availability, content delivery networks, IP rate limiting, and isolation techniques to ensure user experience remains unaffected by others' activities. This approach guarantees consistent and reliable service performance regardless of concurrent user activity.

Analytics

Service usage metrics
Yes
Metrics types
Yes, we provide comprehensive service usage metrics. This includes tracking key metrics like login frequency, active users, and session duration. We also monitor feature adoption, content creation, content consumption, community engagement, and learning progress. User feedback, knowledge gains, learning outcomes, knowledge gaps, frequently accessed content, learning requirements, career progression options, and security metrics are also included. Additionally, we offer custom reporting for tailored analysis.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data easily through our platform's intuitive interface. Simply navigate to the "Data Management" section, where you can select export and find data you wish to export and choose the desired file format. Our platform supports common formats such as CSV and Excel, ensuring compatibility with various systems and tools. Once selected, the export process is initiated with just a few clicks, and users receive a download link via email or directly within the platform once the export is complete.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • SQL
  • Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • SQL

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.995% measured annually
Approach to resilience
Brainwave’s engineers have designed a highly scalable, and resilient product architecture that can operate on either Azure and AWS.

Features include:
Load balancing
Elastic resources
Horizontal scaling
Multiple availability zones
Data backups and archiving
Content delivery networks
Web Application Firewall (WAF)

System performance is vigilantly monitored for vital metrics, ensuring that no single system bears an excessive load. In the event of overloading or faults, automated processes swiftly deploy additional temporary systems or replace existing ones.

Automation is ingrained in our architecture, enabling seamless system monitoring, updates, and corrective actions without downtime.
Outage reporting
The system has multiple layers of monitoring at database, server, and user interface. Cloud service providers also provide physical monitoring capabilities that are integrated within our service.

Outages are monitored and reported via multiple channels including: admin dashboards, email, SMS, and slack. Additional reporting capability can be provided via integration with the preferred tools of our client organisations.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access in management interfaces and support channels is strictly controlled to authorised personnel only. We enforce access restrictions through role-based access controls (RBAC) and multi-factor authentication (MFA). Additionally, access is monitored and audited regularly to ensure compliance with security policies and regulations. Our team undergoes regular training to reinforce security protocols and practices.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our commitment to security governance is unwavering, safeguarding the platform/software, data, and infrastructure. With Security as a distinct function and board-level accountability, we instil confidence in our approach.

Software Security: We embed security best practices into the software development process from inception.

Infrastructure Security: Our data centre and transit provider boast SOC2 and ISO27001 security accreditation, catering to public sector entities with cloud solutions.

Data Security: We ensure data security through robust policies, processes, and automated tools, embracing the principles of least privilege.
Information security policies and processes
Brainwave’s engineers have designed a highly scalable, and resilient product architecture that operates on AWS and Azure.

System performance is vigilantly monitored for vital metrics, ensuring that no single system bears an excessive load. In the event of overloading or faults, automated processes swiftly deploy additional temporary systems or replace existing ones.
Automation is ingrained in our architecture, enabling seamless system monitoring, updates, and corrective actions without downtime.

Our secure hosting infrastructure safeguards all data. We ensure regulatory compliance through meticulous adherence to formal and informal policies and internal procedures, subject to regular review.

New staff undergo comprehensive training covering all aspects outlined in our Information Security Policy, vital for server and data access. Breaches or concerns are promptly reported to the Chief Technology Officer and the designated security officer.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our development team manages a central version control solution housing the code base. All code alterations are meticulously logged in this repository.
A Release Manager oversees software updates across various logical environments, including:
• Compiling update packages
• Coordinating customer testing
• Documenting release notes on resolved functionality or faults
• Tracking software updates
• Orchestrating releases to the production environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our information collection process consolidates data from trusted sources, partner sites, and official product/service channels.

Upon threat identification, we promptly assess them with the relevant teams and owners, prioritising necessary actions into our backlog for swift resolution.

We uphold stringent security standards by operating our applications on the latest, security-supported versions of the Operating System and platform code. Leveraging Long Term Support (LTS) versions where possible, we ensure weekly updates and patches every Wednesday.

Our patching procedures are meticulously executed every Wednesday, guided by threat severity levels and rigorous testing regimes to guarantee the utmost resilience and protection.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Brainwave platform operates on the public cloud infrastructure. Cloud providers deploy comprehensive monitoring devices across environments to detect unauthorised intrusion attempts, usage abuse, and network/application bandwidth utilisation.

These devices monitor various aspects such as port scanning attacks, resource usage (CPU, processes, disk utilisation), application metrics, and unauthorised connection attempts. Near real-time alerts promptly notify potential compromise incidents, triggered by pre-defined thresholds set by the cloud Service/Security Team.

Remedial actions are applied across the stack from software through to data and infrastructure components.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We employ pre-defined processes for common events. Users report incidents through our service desk or management tools.

Incident management begins once the incident is identified, classified within our systems, and managed within our SLA following full ITIL processes. We have agreed escalation points and provide reporting to the client based on the severity level. Incident reports, particularly for P1 events, are available upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

Covid-19 recovery

To aid in the nation's recovery from the COVID-19 pandemic, our G-Cloud services enhance remote working capabilities and support public health initiatives through experiential learning platforms. These platforms are tailored to train government staff and the public in new digital tools and health guidelines through interactive, practice-based scenarios. This hands-on approach ensures that knowledge is not only acquired but also applied effectively, enhancing both individual and organisational resilience.

Tackling economic inequality

Our commitment to reducing economic inequality is furthered by providing scalable, experiential learning solutions. These offerings enable smaller government bodies and communities to gain access to quality educational resources, thus bridging the digital divide. By offering cost-effective, innovative solutions that include practical learning experiences, we ensure that technological advancements are accessible to all, promoting economic opportunity across diverse communities.

Equal opportunity

Our approach to delivering G-Cloud services is rooted in the principle of equal opportunity. Our commitment to reducing economic inequality is furthered by providing scalable, experiential learning solutions. These offerings enable smaller government bodies and communities to gain access to quality educational resources, thus bridging the digital divide. By offering cost-effective, innovative solutions that include practical learning experiences, we ensure that technological advancements are accessible to all, promoting levelling up of economic opportunity across diverse communities.

Pricing

Price
£499 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30-day access to online platform
Access to a deck of activity cards
Access to a LEAP workshop

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael@brainwavelabs.io. Tell them what format you need. It will help if you say what assistive technology you use.