IMC (UK) Learning

imc Learning Suite Learning Experience Platform (LXP)

Our LXP, the imc Learning Suite, provides functionality to cater for all the needs of a modern enterprises training management and delivery, supporting all processes around eLearning, classroom learning, blended learning, on-the-job / informal learning and social learning.

Features

• Anytime learning from any web enabled browser device
• Flexible, scale-able and secure with hosting through MS Azure
• Supports all aspects of learning. Online, offline, blended, and more
• Fully configurable, real time reports and analysis functionality
• Built using responsive design principles for multi device compatibility
• Support for multiple content types for the delivery of training
• Open integration framework for interoperability with 3rd party solutions
• Personalised learning environments based on user roles and type
• Modular framework to simply add/remove functionality through configuration alone
• Full compliance and certification workflow management functionality

Benefits

• Provide learning anytime, anywhere, from all devices
• Reduces training costs through clearer training planning and management
• Intuitive, simple interface for quick adoption of the solution
• Allows to analyse training needs through reporting and feedback tools
• Quickly roll-out new and updated training activities and content
• Instant scalability, vertically and horizontally to grow with an organisation
• Organisation and group management lets model rights and relationships easily
• Open up new revenue streams by selling training
• App lets users work anywhere, offline or online, when want
• Automation of processes reduces need for complex, daily administration

£19.99 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

339686984882037

Contact

Russell Donders
02080655215
russell.donders@im-c.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The service is fully managed, with an expected up time at a minimum 99%. This is inclusive for maintenance which would scheduled with the customer beforehand. There would be an expected 2 hours downtime for an upgrade or patch installation, with all communications managed through our support desk and will typically be targeted to be performed out of hours, for minimal service disruption to users.
• System requirements:
  • Minimum: 512 kbit/s per user internet connection
  • Recommended:100 Mbit/s internet connection
  • 3rd party licence for any specific content provider library
  • 3rd party licence for preferred virtual classroom technology provider
  • 3rd party licence for Shopify e-commerce platform (if applicable)
  • 3rd party Merchant account with PayPal (if applicable)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide 24x7, 3rd level online support with the response times governed by the severity of the support issue, governed and outlined within the SLA's.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As part of the SaaS licence fee, imc provide access to 3rd level support, which can be requested over the phone, via email or by directly submitting a support ticket using our Service Desk Portal (powered by Jira). This would be the first point contact for all issues relating to the application and hosting environment. imc also provides optional, additional 2nd level support. This provides customers with flexible telephone and email support for issues or questions that are not included in the standard 3rd level support and corrective maintenance package. It can be utilised by customer users who are authorised to access imc 3rd level support. The service can be drawn down in minimum units of 15 minutes, with a 40-hour support package available at an annual cost, which can be ordered by customers at any time. ; ; Every customer will have a dedicated support representative. There will be a support handover meeting at the end of the implementation project, with the purpose of the meeting to introduce the imc support representative, who will also explain the imc support processes, service level agreements, patch cycles, demonstration of the JIRA ticket system, and discuss escalation paths.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the implementation project, core admin training is provided to ensure that the main system admins have a solid understanding of the daily settings and management functions, to help with a smooth transition. Further ad-hoc training is available to wider groups of users that may have specific system use cases, and a member of the consulting team will be available throughout the deployment to manage any questions, issues and provide general guidance.; ; Our training programs are typically ‘hands-on’ to enable a smooth transfer of knowledge from imc experts to the nominated LMS personnel. Participants will directly be accessing the imc product to learn system logic, theory and practical application in scenarios that match your configured application. All of our training programs are available to be run online, in your organisation or other location of your choosing. ; ; We also have our Customer Success program and portal which hosts All your team will have access to our Customer Success programs at no additional cost, and the LMS comes with a comprehensive user manual that covers all topics relevant for system administrators. Through the support desk, you are also able to search for FAQ’s for known issues.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When exiting a contract, all data can be extracted and the database will be provided. All data will then be deleted. The database can be returned in whole, or via CSV files that can be extracted via the interface at any time. Data deletion is covered through the service agreement. ; ; When the contract ends, we will store customer users’ data in a limited-function account for 90 days (the “retention period”) to give time to extract the data or renew the subscription. After this 90-day retention period, Microsoft will disable the account and delete the customer data, and data stored on the server is thoroughly overwritten before being reused with any new contract.; ; Additionally, a detailed transition out plan can be agreed as part of the project. imc will support any transition out activities required including (but not limited to):; -Provision of all data (MS SQL) and content within the system and all documentation and project files built during the project;; -Copy of the database model to query the MS SQL database;; -Removal of all files from imc servers and destruction and sanitisation of all data;; -Specific reports to meet ongoing reporting and compliance requirements and; -Consultancy services/engagement to new vendor/provider.
• End-of-contract process: All data can be extracted and the database will be provided to you, and all data will be deleted at no additional cost. This would include any created media assets and the database can be returned as a whole, or via CSV files which can be extracted via the interface at any time. Data deletion of user accounts and any other data held is included as part of the overall service agreement, with no additional off-boarding costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: With the solution designed and built using HTML5, it is accessible through a web browser on any web-enabled device, with the appearance, functionality, and use case consistent across all the devices. There is also a mobile app that can be used across mobile and tablets. The app provides additional support for offline learning. Content can be downloaded and completed, then upon reconnection to the internet, will sync up all data.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The LMS has a very clear and consistent navigational structure throughout, providing a simple and intuitive front-end for learners and managers, with only minimal training required for administrators. All the dashboard panels are fully configurable to provide as clean and clear a display as necessary, with only the information and tools that the user would need displayed.; ; The system is built around a fully modular framework, allowing for only the modules that are required to be deployed, providing that user with only the relevant modules to them.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The imc Learner Portal has been built to be WCAG 2.1 AA compliant wherever possible. Currently, several elements are compliant, and our focus and commitment is to continuously improve and add features to ensure the learner experience is more accessible. Due to the complexity of our backend functions (e.g. admin), these areas are not considered for accessibility as the limitations on the functional possibilities would be too restrictive. As the guidelines also are related to the scenarios configured as well as the content entered into the system we can offer to test the full scenarios with the added content (extra costs apply). The key accessiblity features include: ; - consitent navigation structure and design throughout; -Keyboard Navigation so that users can navigate those areas of the learner interface by using tabs and shortcuts. ; - Screen Readers. Learners can navigate the accessible areas of the learner experience and interact with them via screen reader. ; - zoom. support for up to 200% zoom without loss of clarity; - Content accessiblity. The imc Learning Suite supports content creators by providing features for adding captions, transcripts and alternative content for multimedia files.; We do not have customer metrics to share.
• API: Yes
• What users can and can't do using the API: The LMS provides a REST interface that is fully is documented, and robust - as we are using the same API ourselves to communicate between the various layers of our applications (e.g. backend with the front end, mobile apps etc) so you can be sure it is a complete and comprehensive API set. The imc Learning and Talent Suite provides a REST interface for the following content:; – People (export): profile data for the user who is logged on; – News (export); – Courses (export):; – News; – Syllabus and library; – Tests, questions and feedback; – Course registration and start by learners; – Rating; – Course room configuration; – Prerequisites; – Course templates; – prebooking; – Media for selected content types (export); – Catalogue (export):; – Dates (export); – SCORM data (import/export); – Search (export): selected simple and aggregated searching for learners, tutors, HR and supervisors.; – Dashboard pages (export); – Groups (export); – Programs (export); – Bookshelf; Area of application:; – Mobile apps and Learnbase (offline client for Windows); – Client-specific interfaces; – Portal systems
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution is built on our own-developed, ground-up framework, allowing for a lot of flexibility in the solution to meet organisation requirements. From a customer perspective, wording in the system, layout of dashboards and how panels are presented through the dashboards are fully configurable.; ; Further system customisation's would be carried out by ourselves to an agreed specification with the customer. We have a specific process for any change requests that may require customisation of the solution. These can be raised through the Jira ticketing system, through a change request ticket. Once ticket is reviewed, an estimation of the cost and required time to implement is provided. Once agreed, this is then passed to our technical services team to implement the developments, with full tracking of the ticket progress available, with the ability for the customer to leave comments at any stage. When the change is available and ready for delivery, this will first be patch tested by internal QA, then once signed off internally will be implemented to the customers test/staging environment for review. Once approved, an update to the production system is scheduled and performed. Note: Customisations are only supported with a dedicated hosting package upgrade.

Scaling

• Independence of resources: Our Standard SaaS solution is provided on a shared application environment, where customers share an application server, with own-dedicated database and file stores. All customers benefit from pooled resources, where more customers within one environment provide greater resources for all to utilise. Where a system is experiencing heavy usage, it can then utilise the unused resources from another system on the server. This provides a load balancing effect where customers aren't affected by demands of others. Additional dedicated hosting packages are available for customers to plan and size their own solution at extra costs.

Analytics

• Service usage metrics: Yes
• Metrics types: We monitor our Azure implementations with Microsoft Application Insights. This provides full statistics in real-time, detailing the system at that exact time. The key metrics available include;; - Server response time; - Server requests; - System availability; - Incoming requests and request duration; - Outgoing requests; - Overall system health, with CPU % and memory usage; - Concurrent users with defined time periods; - User information including country of origin, operating system and browser. ; This system has configurable alerts to notify technicians of any service issues. This is available 24/7, with reports communicated through the support team.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: For system administrators within the reporting dashboards, these are available through the export options, available to csv and xls. Any data list in the system can be exported to these formats. ; For system users, as part of requirements under GDPR, we support the right to data portability, with the imc Learning Suite providing users with the ability to request a full, personal data report which will be delivered via email. In addition, they will be able to export learning records to PDF.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xml
  • Xls

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Through the provision of Microsoft Azure for the hosting service platform, the system will be available 24/7, 365 days, with a guaranteed system availability of 99.0%, except for scheduled maintenance which requires your approval and updates would be out of hours with minimal downtime.; ; For support issues in relation to the Azure implementation, our reaction time to severe incidents, where the system is down and can’t be reached is max. 1 hour. Our RTO is 8 hours and we take nightly backups, therefore the RPO is no more than 24 hours. Backups are performed on a nightly basis as part of our application management service and kept on a rolling basis for 14 days.
• Approach to resilience: Microsoft publishes their Azure infrastructure design for resiliency, available here https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure-availability, with further controls and processes in place by imc. ; As an overview, all our systems are designed to reduce the impact of a single point of failure, for example, all our hosted systems are built using at least 2 ‘roles’ or nodes, meaning that if one goes down the other is still accessible, whilst also providing load-balancing services. ; Furthermore, we monitor our Azure implementations with Microsoft Application Insights. This provides us with full statistics in real-time, detailing the full system functionality at that exact time. The key metrics available through here include the following;; - Server response time; - Server requests; - System availability; - Incoming requests and request duration; - Outgoing requests; - Overall system health, with CPU % and memory usage; - Concurrent users. with defined time periods; - User information including country of origin for the request by a user, operating system and browser version of the user. ; This system has configurable alerts to also notify technicians of any service issues including alerts on performance changes or crashes. This is available 24/7, with reports communicated through the support team.
• Outage reporting: As detailed, we monitor our environments with Microsoft Application Insights. This provides us with statistics in real-time, detailing the full system functionality at that exact time. This system has configurable alerts to notify technicians of any service issues including alerts on performance changes or crashes. This is available 24/7, with reports communicated through the support team via the Jira powered service desk portal. In addition, we can provide access to the health dashboards for customers at an additional cost. Additionally, via the API is the event-bus service. The "event-bus“ service encapsulates a messaging system that allows you to loosely couple heterogeneous systems together, with no tight relationship between request and response. ; The messaging system can be operated in 2 different modes:; - Point-to-point – A message is sent to a queue and gets dispatched by only one processing instance, even if there are multiple – peer-to-peer.; - Publish-Subscribe – A message is sent to a topic and many consumers/subscriptions gets a copy of that message for processing.; ; This event-bus service is available already in our standard technical framework. We need to understand the expected data/flows, etc. to build the respective messages to support the specific scenario/s you want to solve.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Authorisation within the system is governed by access control rights with the system having support for several different identity providers to authenticate the user, ensuring the right user has access to the right system areas. This determines the relevant access to read, write, create and delete objects as needed for their specific use case.; Within imc, the hosting and support team will require specific user authorisation and access rights to be able to access and make any changes to the system. This is only provided on a very limited basis, and only as required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DQS Holding GMBH
• ISO/IEC 27001 accreditation date: 15/12/2021
• What the ISO/IEC 27001 doesn’t cover: Information security in project management - Information security shall be addressed in project management, regardless of the type of the project. Projects as such are not done within the scope of the ISMS. Thus this control is not applicable.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 29/3/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Any services explicitly covered by Microsoft Corporation as the cloud hosting platform provider are not included within the scope of our certification, as they hold their own certification for these specific controls.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Securities Essentials
• Information security policies and processes: As dictated by the ISO 27001 certification requirements and process, we have documented policies that cover the following areas:; -Acceptable use policy; -Access Control Policy; -Access Protection Policy; -Backup Policy; -Clear desktop and office policy; -External User Policy; -Information security policy; -Information security policy for customer management; -Information security policy for supplier relationships; -Information transfer policy; -Key management policy; -Logging Policy; -Login Policy; -Mobile Device Policy; -Network Security Policy; -Policy on the use of cryptographic controls; -Server Security Policy; -Teleworking policy; -Virus Protection Policy; -WLAN Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a dedicated QA department responsible for testing all releases with a formal QA process in place. We run automated tests and manual regression tests. The amount of regression testing is based on the type of release. In decreasing order: major, patch, hotfix. ; ; For each new release we run standard performance tests on the same hardware to ensure that no significant performance degradation was inadvertently introduced into the product. We also perform penetration tests/security scans internally, once per year that involve several tests, where any findings are immediately addressed. All logged, tracked and managed through our Jira ticketing system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform penetration tests/security scans twice per year to determine the probability and severity of an attack. The findings are scored from ok, through to critical, with recommendations on how to be resolved. These are managed through our Jira ticketing system. ; ; Depending on the severity and size of the vulnerability, these are addressed as either a hotfix release or in the next available patch release, approx every 3-4 weeks. ; ; In addition, the solution is designed against the OWASP top 10 vulnerabilities to ensure the solution is aligned with the up-to-date industry guidelines.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our solution includes MS Security Center that provides full inclusion protection and anti-virus scanning for all services. Windows Defender Advanced Threat Protection is included within the service for up-to-date threat protection and providing immediate response to the latest threats and system vulnerabilities. Fully configured security policies are in place, with access to the MS Azure cloud platform limited to select support and hosting team members, and the service will also provide alerts for any detected issues to our support personnel 24/7 that are then responded to accordingly and communicated to you through the support desk.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents affecting the cloud environment are managed by Microsoft and their incident management procedures. imc have an internal security and incident management procedure in accordance with our ISO 27001 accreditation, documenting all processes, classifications and resolutions for a reported incident. We use a security incident ticket to raise any security incidents. After a security event has been reported, it is analysed in order to verify the occurrence and to take first actions. Where a security incident affects any customer data, they are notified as soon as possbile, communicated through the service desk portal.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  As a leading provider of educational technologies, imc recognizes our influence on promoting environmental sustainability through eLearning. Our SaaS learning management solution offers numerous environmental advantages while being mindful of the energy needed for our computing resources. We efficiently manage this by:; ; Dynamically allocating server capacity based on actual demand, which not only minimizes environmental impact but also reduces costs.; Employing a micro-services architecture, ensuring only necessary services are active, reducing unnecessary energy use.; Key Benefits of the imc Learning Suite include:; ; Paper and Ink Reduction: By eliminating the need for printed training materials, we substantially decrease paper and ink usage.; Lower Energy Consumption: Our solution reduces the need for travel and the use of energy-intensive equipment in traditional training methods.; Carbon Footprint Reduction: Decreasing paper usage and energy consumption helps lower an organization's overall carbon footprint.; Increased Efficiency: Learners can access materials anytime, anywhere, reducing the necessity for physical meetings and travel.; imc is committed to minimizing our operational environmental impact. We adhere to all relevant environmental laws and regulations, aiming to prevent pollution and conserve resources. Our waste management strategies enhance recycling efforts, and we encourage sustainable practices among our stakeholders.; ; We also focus on improving the environmental efficiency of our transport and travel, set measurable environmental targets, and regularly update our policies to stay effective. Our company promotes eco-friendly practices, such as prioritizing eLearning, using recycled paper, recycling waste, and conserving energy with responsible office habits.; ; In conclusion, imc is dedicated to advancing environmental sustainability through innovative eLearning solutions and responsible business practices, striving for a greener future

  Tackling economic inequality

  imc voluntarily commit to paying all employees above the National Living Wage. As recognition of the higher education expected as part of the role, imc feel that remuneration according to salary benchmarking will ensure appropriate pay, creates a competitive market and ensures there is no bias when assigning salaries to certain individuals as it is determined by statistic. These factors all make for a farer working environment which is a very attractive feature of a business, and this wage allows our staff to be present at work, rather than worry about their livelihood, fostering a happier and healthier work place. This then has the knock-on effect of improving employee retention. Not only do higher retention rates reduce hiring costs and strain on the business, they also prove invaluable to our customers (you!) as you have consistency in the Account Manager assigned to your business who will have ample knowledge from other customers to guide and support you on the continued journey with imc. ; ; Further to providing more than the National Living Wage, imc also supports all staff with the option for private health insurance and schemes such as cycle to work.

  Equal opportunity

  imc is dedicated to tackling inequality within our workforce, focusing on employment skills, pay equity, and ensuring a diverse and inclusive work environment. We employ several strategies to achieve this:; ; Diversity and Inclusion Training: We provide training programs to educate both employees and managers on unconscious bias, fair hiring practices, and fostering inclusivity.; Transparent Pay Structure: Our compensation system is designed to be clear and based on role-specific responsibilities and performance, ensuring equitable pay across all organizational levels.; Industry Benchmarking: We actively compare our diversity, pay equity, and inclusivity metrics against industry standards to gauge our performance and identify areas for improvement.; Success Metrics: We measure our progress through increased diversity at all organizational levels, reduced pay disparities among different demographic groups, and improved employee satisfaction concerning workplace fairness and inclusivity.; Data Collection and Analysis: To support these efforts, we utilize our Human Resources Information System (HRIS) to analyze workforce demographics, salary data, and performance, alongside employee surveys to capture perceptions of fairness and inclusivity.; Looking forward, our plans include rolling out unconscious bias training, conducting thorough pay equity analyses, and enhancing diversity within leadership roles.

Pricing

• Price: £19.99 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.