STUDIOUS DIGITAL EDUCATION LTD

Ryze

Ryze Pro is a transformational learning experience platform and learning management system. Ryze offers universities, colleges, public services, SMEs and corporates the opportunity to host their content, or access the existing Ryze Courses, on a cutting-edge learning experience platform. Ryze provides content, interactivity, analytics, notifications, gamification and personalised learning experiences.

Features

• Content creation: create micro-lessons, images, video, weblinks, quizzes
• Publish content to multiple devices: mobile app, tablet, web
• Access content from multiple devices: mobile app, tablet, web
• Detailed analytics of user behaviour
• Gamification via points collection, rewards, quizzes and gamified learning
• Access existing courses in business, management, sustainability, employability, university.
• Bespoke content creation
• Accessibility: dynamic text, closed captions, consistent design, zoom, contrast support,
• Personalisation: bookmark, save for later, messaging feature, individualised points
• Secure access, authentication, admin permissions and privacy settings

Benefits

• Give learners or employees access to a cutting edge LXP
• Create interactive content for users to enjoy learning
• Users can access learning across multiple devices
• Access analytics and insights into user behaviour
• Offers users points collection, quizzes and gamified learning
• Access existing courses in business, management, sustainability, employability, learning.
• Allow our team to create content for your organisation
• Admin permissions and privacy settings
• Editors can publish anywhere anytime
• University validated courses available

£990 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at i.mitchell@studious.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

290601448030922

Contact

Ivan Mitchell
07845862644
i.mitchell@studious.org.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Our SAAS continues to grow and develop. We can build new features to accommodate new contracts.
• System requirements: Apple IOS 13 or Android 10 for mobile devices/tablets

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Usually 1-2 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a full package of support. Online support, phone support, in person support. We offer support across three areas: technical, digital learning, general support. Costs vary depending on the package requested.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have on boarding guidance on the service, training videos, and user documentation. We can also give tutorials online.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is able to be accessed throughout as real time data and can be downloaded at any point as a CSV file. We can develop end of contract reports as well.
• End-of-contract process: At the end of any contract, a full review of the delivery is undertaken to ensure fulfilment.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile and desktop services are very similar. There are a few extra features on the mobile device, such as dark mode.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Customisation can occur via multiple avenues, including: bespoke digital learning content creation, support packages, new feature development, consultancy. The digital learning content can be customised by the users or our team as part of the contract package. Others customisations occur by our in-house team.

Scaling

• Independence of resources: Our SAAS has a scalable back end via the Google Firebase and Cloud technologies that we drawn upon. This means there is no upper limit to the number of users and end users that can use the platform. More widely, we have an in-house team that carries wide functional flexibility in terms of job roles, so our team can move around as needed to fulfil key business demands.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a wide range of user behaviour analytics via our real time dashboard. End users can also request their data, which will be sent via email as a CSV file.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be downloaded as a CSV file as user editors or admins of the Ryze dashboard. End users can request their data as well, in CSV form.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have a Master Service Agreement for clients that provides a framework for the client and contract relationship. Schedules of work are then provided on a demand basis. We have never received a request for a refund in our business history. However, if we were to receive this request, this would follow our refund process, for which is built into the agreement process.
• Approach to resilience: Available on request.
• Outage reporting: We send email alerts in the rare instance of any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We use user authentication, requiring strong authentication passwords, two factor authentication, and biometric authentication of hardware where management interfaces are used. We use role-based access control (RBAC) and access control lists (ACLs) to limit what editor or admin privileges are available to users. Audit trails, penetration tests and security audits are regularly used. We also have staff training and third party training that is used.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY Certify Point
• ISO/IEC 27001 accreditation date: 23/01/2024
• What the ISO/IEC 27001 doesn’t cover: Our back end service and database is managed and controlled through Google Firebase. All Google Firebase Services are ISO 27001 compliant. ; ; The service certification link can be found here: ; https://firebase.google.com/static/downloads/gdpr/JAN2024_Firebase_ISO_27001.pdf?_gl=1*1vriab8*_up*MQ..*_ga*MTUwODY1OTY2MS4xNzE0MDUzNDg1*_ga_CW55HF8NVT*MTcxNDA1MzQ4NS4xLjAuMTcxNDA1MzQ4NS4wLjAuMA..
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our main database and storage solutions are Cloud based via Google Firebase. Full details and confirmation of its ISO 27001 compliance can be found via the following link: https://firebase.google.com/support/privacy.​ Confirmatory certification details that Firebase services have completed the ISO27001 can be found at: https://firebase.google.com/downloads/gdpr/NOVext2020_Firebase_ISO_27001.pdf . Confirmation that Google​ Firebase, Cloud Functions for Firebase, Cloud Storage for Firebase, and Firebase Authentication, are certified in ISO 27018 compliance can be found via the following link: https://firebase.google.com/support/privacy​

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a series of configuration and change management processes related to security mechanisms. For example, we track software developments and configurations and analyse updates across during their lifetime. There are security analyses that take place before and after software updates and any new software releases. Any software updates go through quality assurance and security checks and are reviewed by senior technical members of the team. All our updates are implemented consistently across the entire platform and app. Any updates that can impact service delivery are communicated in advance of undertaking (it is very rare that service delivery is impacted).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We undertake regular auditing of our systems and potential security threats. Indeed, our back end systems continually monitor security threats. We take full control for implementing updates to security threats. We have fast response to any required patches to the service (e.g. 48 hours). We have a number of policies around incident responses and notification, technical support and monitoring, and risk management controls.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our systems continually monitor security threats through Google Firebase. We also undertake periodical security audits of the systems. We have fortunately not ever had an event when our Ryze system has been compromised. However, we have policies and processes in place if this was to happen. We will respond to any security or technical breaches immediately via our technical team. We undertake training with staff to ensure systems are robust. We also offer training for clients about security if required.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a pre-defined incident response process, as defined in our cyber security policy. This includes an immediate reporting to the CEO and senior technical team lead and an investigation process. If a user detects an incident there is a technical reporting mechanism that immediately flags this to the technical and a support email address that reports to the digital learning team.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Ryze platform and app reduces the printing and transportation of textbooks or paper-based training to educational institutions or businesses. Furthermore, the platform is optimised to limit heavy data loading, thus further reducing carbon outputs. In this regard, the digital learning and access via remote working can reduce carbon by the way the learning is accessed. In addition, we also have courses on sustainability and carbon reduction for businesses and universities to use to support their training and education of employees and learners. This is particularly useful to use with supply chains.

  Equal opportunity

  The Ryze platform and app carries a series of courses that seek to education and address issues surrounding equal opportunity. Furthermore, the digital learning app provides many training opportunities for people in the workplace or an educational institution to advance their skills (e.g. on entrepreneurship, leadership, management, business), thus enabling greater economic equality. To this end, we can also away 'University Certificates of Attendance' (awarded by the University of East Anglia), which supports development opportunities that can be validated. Lastly, a key focus of ours has been using the platform with widening access teams at universities, in order to support students from disadvantaged backgrounds to access the learning they need to come to university.

  Wellbeing

  We have a series of courses on wellbeing at work that can support people in the workplace. These include contributions and collections with Mind. The wellbeing courses are complimentary to all users without payment. In addition to this, the platform itself is designed to support communities through shared learning and content creation tools.

Pricing

• Price: £990 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer free trials of the Ryze Dashboard for users to design courses. Full access to the content creation tools are included. The time limit depends on the potential for, as well as any wider contract with, the client.
• Link to free trial: Available on Request

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at i.mitchell@studious.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.