Comaea | Competency Made Easy

Competency and Skills, Assessment and Management

A competency management system used widely in government (GOST). Create, import, and deploy competency frameworks and skills assessments and build career paths and link learning. Simple to use, and easy to set up and manage. New updated interface for 2024

Features

• Graphical Manager dashboards
• Comprehensive Reporting and People Analytics
• User-friendly interface
• Clear Job Level Requirements for each role
• Build a structured library of competencies and job roles
• Simple to update and maintain
• Tracks Certifications
• Simple, Scalable and Secure - Stand alone or fully integrated
• Performance and talent Management
• Role based access ensures GDPR compliance

Benefits

• Understand your staff, team and organisation capability
• Attract, retain and develop competent staff
• Ensure the right people are in the right jobs
• Track competency and certifications for compliance
• Single source of competency and development profiles
• Works with the PDCF (Project Delivery capability Framework)
• Library of over 5000 competencies covering all job families
• Works with any competency framework (eg. CIMA, ICES, CIPS, CQI)
• Plans, goals and Actions are managed in a simple interface
• Add, edit, maintain your own competence frameworks and role profiles

£11.00 to £11.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.martin@comaea.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

302744620160344

Contact

Tony Martin
0330 8085037
tony.martin@comaea.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Works with IE9 and above
  • Works with Windows & Mac
  • Works with any internet enabled device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: First Level Support - by email or by phone - we aim to resolve the issue within 4 hours - this in included at no extra cost; ; Administration Support - we provide support to your internal administrators by email or by phone free of charge.; ; Our UK Customer Service Manager will provide front line support and escalate any issues within our technical teams.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial user training is provided through "First-use prompts" on each page and via the HELP menu which can be configured to include links and additional support documentation.; Virtual or onsite training can be provided to administrators and administration support manuals are available. ; End-user training can also be provided via live or recorded webinars
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data can be exported either as individual portfolio PDF documents or by group extract to CSV / Excel. ; Further data extracts are available through the administration view and includes Organisation Structure, Managers, Competency Library, Job Roles, Job Level Requirements and learning Catalogue.
• End-of-contract process: At the end of the contract all data can be provided in standard CSV format and the system will be made unavailable from the agreed termination date. ; All API data will be deleted and we will keep a copy of the backed up data for a period of 1 month from the termination date unless otherwise agreed. ; ; If data is required in any other format, then additional cost may be applied.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Data that can be exchanged through the API include:; Organisational data; Employee data; Managerial rights; Job roles ; Competence Framework; CV (work history, educational background); Scanned documents; ; The data exchange takes place through direct API or Secure FTP and is SFTP exchange is normally automated to run each evening. Any data changed in the source system will be implemented in comaea through the data exchange; ; The data must be presented in consistent and standard format, and comaea provides templates for all data exchange files.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation available: ; Logo, Introduction text, theme colour, competency library, job roles and job level requirements, organisation structure, dashboard widgets, assessment process, manager hierarchy; ; Managers can customise their own dashboard view.; Users can be made into administrators and access all customisation options through the administration menu. ; ; Administrators can be set up and managed through the interface and access levels granted to specific areas.

Scaling

• Independence of resources: We utilise the latest technology through Amazon AWS and dedicated service providers. We have data servers in Europe (Sweden and UK), Singapore and Middle East, with redundancy built in in case of failure. ; We have performance monitoring tools and automatic load balancing.; All UK Data is stored in the AWS Datacentre in London and does not leave the UK.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide the number of ; registered and active users, ; last login date/time; Assessment status (self completed, manager approved, 100% complete profiles) ; Compliance reports; Gap analysis; Early warning of low compliance
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Individuals users can export their data in either PDF or CSV/Excel format. ; ; Administrators can export individual or aggregated data in CSV/Excel format
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is calculated as:; ; Availability (%) =(Agreed Service Hours – Permitted Downtime – Downtime)/ (Agreed Service Hours – Permitted Downtime).; ; Availability shall be 97% during any given calendar month (standard), however higher availability can be offered at higher SLA cost.; ; If availability is below the agreed level of Availability for the Service, the Customer is entitled to a price reduction of the percentage of the total fees payable by Customer to COMAEA for the preceding calendar month for the Service as shown in the table below. If availability falls below the agreed level for a given calendar month, a price reduction of applies as follows: 5%if availability is 1-5% below, 10% if availability is 6-15% below. ; ; For more information, please request Comaea CMS SLA.
• Approach to resilience: Service resilience. In case of failure or data loss we have the capability to recover data for specific customer accounts, or users within that account.; ; The infrastructure resilience certifications/standards that apply for Comaea follows the Amazon Web Services Cloud Compliance related to; Certifications/Attestations, Laws, Regulations and Privacy and Alignments/Frameworks. The robust controls in place at AWS are to maintain security and data protection in the cloud. As systems (like Comaea CMS) are built on top of AWS cloud infrastructure, compliance responsibilities will be shared.
• Outage reporting: In the unlikely event of an outages (such as Amazon AWS) is down, or in any other situation where Comaea CMS is down we inform designated customer contacts via mail and messenger services. In future we plan to show server status on our web site (hosted on other provider than Amazon AWS), and at login page (on Comaea Amazon AWS instance).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is by Username and Password and is based on role-based access rights on our public cloud. Single Sign On options are also available.; Role-based access allows restriction of access to specific records/information and functions within the system. ; Our support teams have limited access and an escalation process to an account owner who has full administration access. Private clouds and Virtual Machines can be set up and limited to whitelisted IP Addresses.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Advanced Certification Limited
• ISO/IEC 27001 accreditation date: 15/10/2020
• What the ISO/IEC 27001 doesn’t cover: Use of privileged utility programs - We don’t use Privileged Utility Programs.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security is high priority and our solution is compliant to existing data protection/privacy laws in countries we operate. Privacy Shield principles, ISO/IEC27001 and CyberEssentials.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We are following the Atlassian processes and principles for configuration and change management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We are following the Atlassian processes and and ISO/EIC-201 principles for vulnerability management.; ; We annually do external audit the software and run test through external party to try to hack the system, in addition we scan/screen the code to identify security vulnerabilities usingHP/Webinspect and HP45 technology.; ; Patches are deployed after testing to our Production servers on demand, but normally 1-2 times per month.; ; Information about threats is received from customer, and attending security conferences.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Servers are monitored using Amazon AWS Console/Dashboard.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We are using/following ITIL processes for incident Management

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a cloud-based service we proactively enable teams to work and develop remotely to reduce travel and carbon footprints.

  Covid-19 recovery

  Comaea enables remote working and ensuring all staff can access development and skills reviews regularly.

  Tackling economic inequality

  By providing consistent and objective skills assessments, comaea ensures the right person for the right job irrespective of economic background.

  Equal opportunity

  Comaea ensures the right person for the right job irrespective of any factors, it is an objective view of new and existing staff and candidates.

  Wellbeing

  Remote working is one way of ensuring lifestyle choices can be made and this has a direct bearing on personal wellbeing.

Pricing

• Price: £11.00 to £11.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full unlimited access to the system for demonstration/evaluation purposes for 1 week.; ; Contact us for login details

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.martin@comaea.com. Tell them what format you need. It will help if you say what assistive technology you use.