City and Guilds Kineo Limited

Kineo Totara TXP - Totara Learn and Perform

Kineo Totara TXP is our all-in-one learning management system (LMS) and talent experience platform (TXP) that uses technologies built to work together to close the skills gap and open the client’s learning ecosystem. We provide a fully managed service to take each client’s learning strategy to new heights.

Features

• Personalised user journeys and intuitive progress dashboards
• Highly configurable design and theming to your brand guidelines
• Integration with existing HR systems and automated learning assignment
• SAML Single Sign On
• Powerful and flexible reporting engine
• Mandatory and recurring compliance training programs and certifications
• Seamless face-to-face and virtual event management
• Integrated Authoring Tool capability
• SCORM, AICC and xAPI compliance
• Competency reviews and performance management activities

Benefits

• Access to Kineo's Training Hub and personalised training warehouse
• Training tailored to your needs delivered by an Implementation Consultant
• Streamlined, rapid implementation in 7 to 8 weeks
• Ongoing quarterly health checks with a dedicated Customer Success Manager
• Inclusive upgrades to the latest version of Totara
• Additional Kineo developed features and plug-ins continually added
• Gamification - badges, high score tables
• Secure, cloud-based hosting, via Azure
• GDPR compliant and ISO27001 certified
• Provision to be public-facing for extended enterprise

£27,100 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kineo.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

291991555550973

Contact

City & Guilds Kineo sales team
+441273764070
info@kineo.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ELearning and digital asset content development
• Cloud deployment model: Private cloud
• Service constraints: Kineo does not typically offer 1st line support so the expectation is that clients will need to provide 1st line support themselves.; ; Our support desk operates to standard UK business hours (9am - 5:30pm Monday to Friday excluding UK bank holidays). Kineo currently provides out-of-business-hours support for server outages only. Should an outage occur, our server suppliers will work to resolve the issue immediately, without the need for client intervention.
• System requirements:
  • Internet access from mobile, tablet or desktop / laptop
  • A good internet connection is recommended
  • JavaScript must be enabled
  • Desktop browsers: Chrome / Firefox: The latest stable release
  • Microsoft Chromium Edge: The latest stable release
  • Microsoft Edge: Versions 16 to 18
  • Internet Explorer: Version 11 only
  • Safari: Version 11.3 or greater
  • Mobile browsers: Chrome for Android: The latest stable release
  • IOS Safari: Version 11 or greater

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Whenever you raise a ticket in the Services Portal, a member of the Client Services Team will assess the requirement and check the priority level. Priority levels are used to triage and to manage the response time on a per issue basis.; ; Priority 1 (Critical): Service-stopping issues; Solution proposed: Within 1 working hour; ; Priority 2 (Major): Time-dependent issues; Solution proposed: Within 5 working hours; ; Priority 3 (Other): Content amends and routine administrator duties; Solution proposed: Within 1 working day; ; Our support desk operates to standard UK business hours (9am - 5:30pm Monday to Friday excluding UK bank holidays).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Totara Kineo Edition comes preloaded with a generous amount of annual support hours included as standard within our annual costs; our friendly and knowledgeable Client Success team are here to provide you with expert help and advice, backed up by comprehensive SLAs. ; ; Each client has access to their own dedicated UK-based Customer Success Manager (CSM). Your CSM will check-in regularly via scheduled quarterly reviews to proactively support the deployment of the Totara Kineo Edition platform, ensuring the maximum return on investment.; ; We provide 2nd line support to Named Site Administrator/s. Your Named Site Administrator/s will have 24/7/365 access to Kineo’s online services portal, to raise requests, ask questions and engage with our team of dedicated services personnel. Our online self-service dashboard makes reporting very straightforward and it’s easy to track request assistance and track tickets as they are worked on. ; ; Kineo’s UK support desk hours are currently Monday to Friday UK business hours (09:00-17:30 UK time exc. UK Bank Holidays).
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is a fundamental part of the successful delivery of Totara Kineo Edition. Our focus is on ensuring that our clients have the necessary knowledge to be the driving force in the implementation and configuration of their platform, utilising Kineo’s experience to act as a partner and guide them through the process. ; ; The training is delivered in two formats:; • Self-paced asynchronous training via Kineo’s Training Hub; • Instructor-led webinar-based sessions with your dedicated Implementation Consultant; ; Learning outcomes will vary from client to client, however the overall training objective is always the same – to enable our clients to have the necessary knowledge to truly understand how to use their platform to achieve their business goals. By doing this, we ensure that the maximum return on investment is provided to all of our clients.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of the contractual term Kineo will provide a PostgreSQL database containing all data and learning resources to the client.; ; Alternatively / additionally clients will have full access to the Totara Kineo Edition Report Builder which they can use to extract data in various formats including CSV.
• End-of-contract process: If the client does not wish to extend their annual contract, they are free to move to another Totara provider. Included within the price of the contract we will help to export user / database data for the client to help with this move - for example by providing the PostgreSQL database containing all data and learning resources. Running of individual reports from the Report Builder functionality would be the responsibility of client, however if additional help was required this could be provided as a costed service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Totara Kineo Edition is totally device responsive so will work optimally when accessed from a mobile or desktop service for standard end users. However, we do recommend that those accessing admin screens do so from a device no smaller than a tablet.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We provide a JIRA-based online Client Services Portal - a web-based ‘ticketing system’ for tracking issues and queries and reporting against the KPIs and SLAs. It can be accessed by Kineo Client Services staff as well as your Named Site Administrator/s.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A - Interface testing completed by Supplier
• API: Yes
• What users can and can't do using the API: Web services allow external systems to control your Totara site and a wide variety of functions can be managed including, but not exclusively; create users, update users, enrol users and get course completion status. Where an existing API does not match a desired use case, Kineo can develop custom API as an additional costed service.; ; Authentication is token-based. You can generate a unique token for any users in the system - this is the only way to generate tokens for admin users. ; ; The Manage protocols page allows you to enable or disable various web service protocols. Available protocols are: AMF, REST, SOAP, and XML-RPC.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Totara Kineo Edition is highly configurable. Using a combination of the audience and dashboard functionality, tailored user experiences can be created for different users at different points in their user journey, for example a new starter might be shown a completely different set of options on their dashboard compared to a normal user. Kineo have added a highly configurable theme tool that enables a granular level of control over the look and feel of the platform including images, colours, fonts, font sizes and a range of other configurable options. We provide full training so that clients can make further layout and design amends.; ; Users themselves can control their own dashboard, typically through hiding and/or docking of dashboard blocks that are less relevant to them. The full range of dashboard editing options can be provided to users, however typically an administrator would define these for end users.; ; Application core code level customisations are not available, however you can feed into the product roadmap. Alternatively for a business-critical requirement and where appropriate, Kineo can develop a client-specific bolt-on to the core product, which would incur a development and ongoing maintenance fee.

Scaling

• Independence of resources: We partner with Azure, a market leader in cloud hosting and work on high-capacity, scalable servers. The TKE service comes with a burst concurrency of 2 times our standard concurrency rate for times of high demand. We monitor site usage and can work with any client that has a requirement for higher usage rates.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are embedded throughout our Totara Kineo Edition service. Your CSM can provide regular reports that include overall service metrics such as site usage, load latency and concurrent usage stats.; ; At an application level, Totara Kineo Edition features full site logging for audit purposes as well as a suite of embedded reports and a powerful, flexible report builder. The report builder includes a variety of sources that cover user details, learning completion, resource engagement and much more. Reports can be configured to display as graphical reports and can then be embedded into reporting dashboards.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Totara Kineo Edition allows for users to extract their own data, in line with GDPR regulations.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Service shall be available, excluding during any scheduled downtime and non-qualifying service breaks, for 99.5% of time during Working Hours in the Territory, calculated by Kineo on a calendar month basis as stated in the Statement of Work (SOW) / Managed Service Agreement (MSA).; ; If a dispute arises under or in connection with the Agreement or the performance, validity or enforceability of it (Dispute), then the Parties shall follow the procedure set out in the MSA.; ; Either Party may give to the other Party written notice of the Dispute, setting out its nature and full particulars (Dispute Notice), together with relevant supporting documents. On service of the Dispute Notice, the Executive Director (or equivalent) of each Party shall attempt in good faith to resolve the Dispute.
• Approach to resilience: Kineo operate a 99.5% SLA utilising Azure's resilient hardware. Our data centres are in the UK - UK South or UK West. Production and back up servers are based in opposite data centres. Kineo use the Azure platform and its geographical services to provide a Recovery Time Objective (the maximum time before the platform will be operational post a failure) and Recovery Point Objective (the point in time that the platform can be recovered to) of 24 hours to its clients that consume the hosted version of Totara: Kineo Edition.; ; Highlights of our hosting service include:; • Web Application Firewall as standard; • Resource and vulnerability monitoring with 24/7 automated alerts; • HTTPS SSL (Secure Sockets Layer) encryption as standard; • Geo-redundant daily incremental backups (held for 30 calendar days as standard) ; • Performant, secure UK data centres with Microsoft Azure; • Monthly vulnerability scanning ; • Annual penetration testing of the core service
• Outage reporting: The Client Services team has an internal dashboard and receives email alerts, which automatically create support tickets; these tickets are also reported immediately to the Client Services Managers so that customers can be informed and kept up to date with progress. Major System Outages are also announced through the hosting company's publish status pages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: LDAP
• Access restrictions in management interfaces and support channels: Credentials for customer and infrastructure systems (eg. support and backups services) are stored and controlled using a third-party password management service. These credentials will only allow access to a system when accompanied by the correct alphanumeric token generated by a hardware security device (“multi-factor authentication”). By default, support staff are only granted non-privileged-level access to any system and if a member of the support team needs privileged access to a system, they must request this through the established procedure. Additional procedures cover the granting and revocation of all accesses based on circumstances such as: new employees and employees leaving.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 14/03/2022
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers all Platforms operations
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff in Kineo operate under the Electronic Information Security Policy (EISP), which is based upon the International Standard ISEC/ISO 27001 the Code of Practice for Information Security Management and ISEC/ISO 27002 the Code of Practice for Information Security Controls. These standards have been adapted by Kineo to reflect the business operations performed. The policy provides an overarching framework (and a commitment) to apply information security controls throughout Kineo, through a variety of controls and measures.; ; This policy applies to all Users and includes:; - all staff employed by, or working for, or on behalf of Kineo; - third party contractors and consultants working for, or on behalf of Kineo; - all other individuals and groups who have been granted access to Kineo’s internal network or hosting network; ; The Kineo Senior Leadership Team (SLT) is responsible for compliance of the policies and procedures in support of the Electronic Information Security Policy and will report non-conformance to the Data Protection Officer of the ultimate holding company (City and Guilds).; ; The manager/leader in each team is responsible for ensuring that adherence to this policy is observed within their respective department and for overseeing compliance by Users under their direction, control or supervision.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to live Kineo Business Systems follow a change management process to ensure that activities are undertaken in accordance with stringent change control processes. All development work undertaken by Kineo will be subject to test prior to implementation in production and live systems. Code changes are tracked via version control (Gitlab) and peer reviewed by case-managed ticket before being tested in a non-live environment. The development and review process follows OWASP guidelines and live deployments are subjected to regular internal penetration testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform monthly vulnerability and web application scanning. Regular bulletins from third party sources are collated and reviewed weekly for issues that need a response). Response actions are divided into Hotfix requirements ('immediate action') and general mitigations which are ticketed for deployment (after internal testing) during future, scheduled patch cycle. Information is received from OS and application vendors/suppliers, Qualys, https://nvd.nist.gov, Hacker News and various security mailing lists.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: There are several layers of proactive and responsive monitoring. Sites are monitored through external services - for example, Pingdom - to detect anomalies in performance and presence. Threat assessment and log collation and automation can be incorporated at a level to meet customer requirements - these are typically tailored according to individual needs to balance cost Vs performance and can comprise front-end UTM appliances, installed applications (such as tripwire, snort, OSSEC and other HIDS tools. Incident response is confirmed by contract and will be a balance of immediate automated and timed manual response.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Management is governed by internal process and Kineo's Electronic Information Security Policy. All events are treated as unique in order to not make any assumptions. Where an electronic security incident is believed to have happened, then the relevant operational manager should report the matter to the Data Protection Officer and the management process is followed accordingly. Users may report incidents in person, via telephone or email. Incident reports are provided via PDF, sent through an encrypted method as requested.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Key actions taken to reduce the emissions associated with your product/service during the same reporting period 1st May 2020 to 30th April 2021 ; ; We have just completed our environmental footprint for Scopes 1 & 2. We are undertaking Scope 3 now. Once completed we’ll use this data to action plan, set and work towards a Science based Net Zero target. Following completion and activation of our net zero plan, we will formally disclose how we use environmental sustainability as a strategic decision-making criteria for our work, through the Taskforce for Climate-Related Financial Disclosure(TCFD). ; ; Kineo is ISO 14001 accredited, with targets for waste reduction, energy usage etc. We do not have any company cars for Kineo staff and all employees are encouraged to minimise travel, working remotely and conducting all meetings virtually.
• Covid-19 recovery:

  Covid-19 recovery

  Kineo responded extremely quickly and effectively to the COVID crisis and continued to deliver BAU throughout two challenging years through our internal COVID emergency team. All staff worked from home during lockdown, with Kineo supporting effective operations through: ; ; New laptops for every member of staff to support efficient home working and meet ISO 27001 requirements ; ; Funding for home desks, monitors and computer chairs ; ; Closing all Kineo offices as required by law during various stages of lockdown ; ; Communication wholly online and by phone ; ; No face-to-face internal or external meetings ; ; Full COVID-sensitive adaptations to offices and communal areas ; ; Continually changing guidance to staff on our latest COVID policy outlining expected behaviours and office protocols ; ; Throughout COVID we maintained our previously high levels of customer service. Whilst Covid presented multiple challenges, we quickly mobilised a market approach to see our customers had the support they needed to tackle training under remote working, restricted budgets and the need to adapt quickly as businesses. This included a free Covid safety course, free resources to support virtual delivery, rapidly deployed Totara LMS, and priority services to key industries. All this whilst tackling our internal challenges of home working and the need to mobilise quickly.
• Tackling economic inequality:

  Tackling economic inequality

  As part of a UK registered charity we do not make profit for shareholders, rather we deploy any surpluses we make to help our partners achieve their social responsibility goals, helping disadvantaged and hard-to-reach individuals gain the skills they need for successful employment, so supporting more skilled and productive societies. We believe in a world where everyone has the skills and opportunities to succeed. ; ; Here are just some of the areas where tackle economic inequality: ; • We’ve invested £1.25m to fund 14 social projects that remove barriers and help under-served individuals to develop skills for employment ; • We work with 120 prisons, supporting 50,000 learners each year. We launched The Future Skills Commission for Prisons with a £1m fund to reduce reoffending by upskilling prisoners and helping them into employment on release; • Our bursary programme funds individuals in financial need to develop skills for jobs; • Our Apprentice Connect ambassadors raise awareness amongst young people, teachers and parents about alternative career paths ; • We deliver employability workshops to at-risk young people to help them overcome barriers to skills for jobs, such as those in Pupil Referral Units, leaving care and young offenders; ; The City & Guilds Foundation has a specific focus on high impact social investment, recognition and advocacy programmes. Each programme acts as a catalyst for us to make a difference by investing our surplus and resources into helping everyone, no matter who they are or where they come from, get opportunities to succeed.
• Equal opportunity:

  Equal opportunity

  The City & Guilds Group is committed to improving diversity & inclusion within the way we work, and in how we deliver our purpose; to help people and organisations develop the skills they need for growth. ; ; We are actively pursuing, implementing and reviewing working practices that enable a diverse and inclusive business strategy and working environment that are truly representative and supportive of our colleagues, customers and communities. ; ; We are doing this through our strategy of: ; • Addressing equity of opportunity for our colleagues – making sure that everyone has an equal opportunity to grow; ; • Creating an inclusive culture – making sure that everyone feels they can belong and deliver their best work; ; • Embedding Inclusion & Diversity in our organisation through actions that create long-term sustainable change, that improve products and services and the way we work; ; Addressing diversity through data taking action to highlight and address gaps in data and diversity/ representation.
• Wellbeing:

  Wellbeing

  Kineo and our parent company City & Guilds are strongly committed to support the health and wellbeing of our workforce. Examples of initiatives within the company include the Employee Assistance Programme (EAP) that offers information and support on a wide range of topics that focus on the end goal of helping us lead and maintain a healthy lifestyle. ; ; Within the business are trained Mental Health First Aiders who have been trained how to identify, understand and help a staff member and their line manager in dealing with a mental health issue.; ; This also extends in to how we interact with the wider world including our clients, suppliers and local communities. Within Kineo we run Community Days. Over the years this has expanded into around 6 to 10 varied projects a year, ranging from outdoor ground clearance work to creating elaborate designs for the local children's parade. ; ; It now has expanded to include more and more charitable initiatives that have been set up by groups or individuals with a passion to give back to the community. ; ; For example, during the recent Covid-19 outbreak we worked closely with a local charity Together Co, who support people struggling with social isolation and loneliness. Kineo developed an online learning course and platform for free to enable Together Co to train their volunteers in a time when face-to-face training simply wasn’t an option. ; ; Full details of this case study can be seen on our website.

Pricing

• Price: £27,100 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer full access to a sandboxed demo site for your trial that provides full access to the entire range of core functions of the Totara Kineo Edition service. Access isn't specifically time limited so you can have access for as long as you need.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kineo.com. Tell them what format you need. It will help if you say what assistive technology you use.