MHR

MHR LMS, MHR Content Hub, MHR Content Library

MHR provides a multi-award winning, best of breed LMS solution which is integrated with iTrent or People first (if contracted for) or deployed independently. The LMS acts as a central learning and compliance hub. Optional Content through MHR includes the Content Hub or Content Library.

Features

• Market Leader
• Multi Award Winning
• LMS is fully customisable
• Flexible licensing
• Extensive curated content library
• Blended learning
• Content creation
• Extensive reporting
• Configurable alerts and tracking
• Mobile app enabled

Benefits

• One stop shop for learning and compliance
• Consolidate learning assets
• Inviting interface to encourage up-take
• Eradicate manual processes
• Scalable / full SaaS
• Learning and compliance hub
• Supporting modules to enhance learner experience
• Agnostic and Extensive reporting
• APIs to drive required integrations
• Extensive choice of pre-built learning in styles to suit

£2.67 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-cloud@mhr.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

358667096924830

Contact

Mary Watkinson
0115 945 6000
G-cloud@mhr.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Yes
• System requirements:
  • Supported desktop browsers: Microsoft Edge, Mozilla Firefox, Google Chrome, Safari
  • Supported OS: Microsoft Windows 8 or higher, OSX, Linu
  • Supported OS for Tablets: iOS13 or higher, Android9.0 or higher
  • Browsersettings: JavaScript, Thirdparty cookies, localStorage (must be enabled)
  • Brower Settings continued: TLS Version1.2.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to call every case back raised within 2 hours – Monday to Friday 09:00 to 17:00. We have an emergency phone number for service availability which is available at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All our customers receive the same service level, our standard support includes: • Service Desk logging, available via the portal or by telephone, the manned service desk available from 09:00 to 17.00 hours (Monday to Friday excluding English Bank Holidays). • Through the dedicated support line customers are able to contact the service desk whereupon each call is given a unique reference number. The call is assigned to the appropriate member of the support team for resolution and is owned and tracked at all times by the service desk. • a Customer Portal where customers can log new calls, track the progress of open calls, browse frequently asked questions (FAQs), view closed calls and receive forward notice of imminent releases. The customer portal comprises a powerful search facility of existing support materials (e.g. documentation, articles, patches, calls) and is available 24/7. • a service manager who will discuss with you your ongoing support. Regular scheduled meetings with your account manager ensure you are able to obtain the most from your implementation. Patches to the LMS occur fortnightly with more significant upgrades monthly. This is a seamless process and doesn’t necessitate downtime.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The LMS is designed to be highly customisable as standard and the onboarding and upskilling program guides customers though to ensure the system meets their individual requirements and in turn can be designed to be an engaging interface to invite learners to take their key compliance and soft skills training. MHR works to a brief and builds the majority of the LMS to said brief to ensure the system optimises best practice features. Various upskilling programmes ensures the customer is self-sufficient at the point of go-live.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: When working towards a planned termination date, we will, upon receiving a customer request, delete or return all of the customer proprietary information (including copies) in its possession or control. Except that this requirement shall not apply to the extent that is required by applicable law to retain some or all of the customer proprietary information, or to the customer proprietary information it has archived on back-up systems, which we shall securely isolate, protect from any further processing, treat as confidential information of the customer, and eventually delete in accordance with the appropriate policies.
• End-of-contract process: On request from the customer, we can also provide a portable copy of the customer proprietary information in accordance with the Data Protection Laws with respect to Personal Data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive design detects screen size. This automatically adapts its user interface to best suit the device being used to access. The majority of tasks can be completed using mobile devices. Limitations to mobile devices reside more around setup and system configuration. Mobile App is targeted at learners (no system administration functionality).
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The LMS is truly web based and designed to be accessed over the internet via a web browser for all aspects of the solution (see supported browsers above). The interface is truly configurable to suit individual customer needs and meets the requirements to be compliant with the WCAG standard for accessibility. Widgets are used to allow for the ideal layout and ease of access to required content, the LMS has won multiple awards regarding the interface and user engagement.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The LMS meets the requirements to be compliant with the WCAG (Web Content Accessibility Guidelines) 2.1, the U.S. Section 508 Standards of the Federal Rehabilitation Act in terms of accessibility and the European EN 301 549 V3.1.1 (Accessibility Requirements for ICT products and services), opening the e-learning experience to everybody.
• API: Yes
• What users can and can't do using the API: Full documentation can be provided.; Introduction to the APIs and further information can be found here: https://www.docebo.com/knowledge-base/introduction-to-docebo-apis/
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The LMS is designed to be highly customisable as standard and the onboarding and upskilling program guides customers though to ensure the system meets their individual requirements and in turn can be designed to be an engaging interface to invite learners to take their key compliance and soft skills training. This includes views to accommodate areas such as accessibility.

Scaling

• Independence of resources: Customers’ data is stored in their own S3 bucket and is segregated from each environment. There are rigorous policies about keeping each customer’s data and information secured and separated from one instance to the other. By leveraging the capabilities of the Cloud infrastructure, in combination with the MySQL technology, this keeps each customer’s information inside dedicated databases with separate access for respective data sets.

Analytics

• Service usage metrics: Yes
• Metrics types: Through reporting. User driven dependent on requirements. Extensive reporting through the LMS as standard with options to discussed extended analytics.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Docebo / OpenSeasme / Workato

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The LMS platform relies on Amazon Web Services (AWS), and that we can only perform logical deletion. Terminated customer proprietary information stored in the LMS platform is rendered unreadable or disabled by AWS and the underlying storage areas on the AWS network that were used to store the content are wiped, prior to being reclaimed and overwritten, in accordance with AWS standard policies including a secure decommissioning process. We will carry out the logical deletion within thirty (30) days from the termination of the Agreement and, on the customer request, and can provide written confirmation of such deletion.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: To protect data while in transit, customer sessions to the web servers are transmitted utilising Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security (TLS) encryption protocols and allow for 2048-bit encryption. We utilise a trusted certificate authority to issue a TLS digital certificate to inform users that the platform website is secure. The LMS also offers encryption at rest to all customers. Files uploaded by the users are stored inside Amazon S3. Files can be stored with a 256-bit AES volume encryption.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: The web front end (supporting multiple browsers such as Chrome, Edge, Safari etc as detailed in the above link) infrastructure has all of the expected security, encryption and GDPR protocols which are actively enforced and managed under the ISO27001 framework. Audit is also available to monitor and track key activity within the system. Likewise, the necessary Business Continuity and Disaster Recovery policies ensure continued access to the LMS with an uptime of 99.9%+

Availability and resilience

• Guaranteed availability: 99.5% to 99.9%
• Approach to resilience: MHR has in place a Business continuity plan designed to ensure that MHR continues all functions in the event of a disaster. This plan is reviewed twice yearly and is dynamically updated as the organisation changes. MHR has been certified to ISO27001 since 2005 and are currently following the ISO22301 guidelines to ensure we maintain structured approach to this part of our entire business (not just hosting Service continuity solutions and procedures are in place to ensure that the risk of having to invoke DR is significantly reduced. Resilient features, includes: Three phased power, Monitored UPS System capable of supporting IT infrastructure and essential systems. Diesel generator which kicks in within seconds of the main power failing and taking over from the UPS system. Power is distributed using APC units with dual feeds to each rack. All servers have multiple power supplies and network connectivity. Other resilient features include diversely routed communications links, N+1 air handling units, and 24/7/365 monitoring. All these facilities are supported by a service contract. ; LMS, multiple AWS regions/availability zones within each region for redundancy/disaster recovery purposes to ensure availability of the platform.
• Outage reporting: MHR use a host of tools to ensure all aspects of the service are being monitored, and where needed, alerts are configured. Notifications are configured in the event of an alert, emails, text messaging and on-screen notifications are sent. An innovative approach to upgrades means there is no downtime as such for the LMS and this typically takes place fortnightly for patches and monthly for main releases.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Data/functionality access is assigned according to user definable profiles. Once logged on with their password(typically vis SSO), they will be granted access according to said profile. Supports SSO via:ADFS, SAML 2.0, OAuth 2.0, Token based authentication, Auth0, OpenID Connect, and OKTA. Additionally, Google apps/Facebook/LinkedIn/Twitter, etc. can also be used by end users to sign-in. Data views etc are controlled at sys admin level as per said profile. Passwords are stored in the database within a highly secured (encrypted hash), non-reversible algorithm.; LMS allows administrators to configure different levels of complexity in password management, depending on their housekeeping/internal security policies.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: All LMS users are required to verify their login using unique credentials (username and password) in order to access the platform, regardless of the user’s role in the system. However, the LMS has role-based access once users are in the LMS, therefore Admins will have access to several different features that End-Users do not. The LMS password policy is established in accordance with the ISO 27001 certified ISMS. Multi-factor authentication is dependent on your chosen IdP but is supported.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ACM Limited
• ISO/IEC 27001 accreditation date: 12/05/2022
• What the ISO/IEC 27001 doesn’t cover: N/A. We cover all aspects of ISO 27001 as per our Statement of Applicability
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2
  • ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2
• Information security policies and processes: We have 21 policies covering security. Our security policies and processes are all aligned to ISO27001 standards. MHR take data security very seriously, by implementing and constantly improving our Information Security Management System and supply chain; to ensure your information is protected, giving peace of mind to your business. This is a rigorous, structured and independently verified system of data processing; overseen by our in-house team of specialist security, compliance, data protection and software experts, who all to ensure compliance, as well as the protection of your company and employee data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: MHR use change control process which is built in line with ISO9001:2008 and ISO27001:2013.; MHR has asset management and configuration management database in place forming part of our Information Security Management System (ISMS).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: MHR has vulnerability management in place and perform an annual CREST penetration testing using an external CREST approved provider. We run both external perimeter scans and internal server and client vulnerability scans. Weekly reporting combines scanning results and threat intelligence feeds from NCSC, CERT and security industry bodies and is reviewed with the IT operations for effectiveness of patch management and vulnerability remediation.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Security systems are monitored for exploits and vulnerabilities by our in-house cyber security team and our MSSP security partner 24x7x365 using a specialist Security Operations Centre (SOC). All perimeter devices are monitored real time using the SOC to a service level where all critical events are responded to within 30mins.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: MHR has our own in-house security team with forensic tools; in addition, we are supported by a 24x7x365 SOC team and can call on incident response specialists from our security supply chain or through the cyber insurance we hold. We aim to notify any impacted customers as soon as possible in the event of MHR becoming aware of any incident involving their systems/data. We contact the customer through CRM/Service Desk authorised contacts and start joint investigation process using Teams/WebEx/secure mail. All incidents undergo full investigation including root-cause analysis. MHR incident management procedures require all staff to log incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Cloud based deployments so can be accessed as required

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MHR know the impact our business has on the planet, and we’re committed to the actions we need to take to reduce our carbon footprint. https://mhrglobal.com/uk/en/about-us/sustainability. We have implemented an Environmental policy agreeing to:; • Become carbon neutral by 2028 scope 1/2 operations. ; • Reach net zero by 2050. ; • Encourage net-zero practices with suppliers. ; We’re striving to exceed energy standards having installed 400 solar panels. Double thermal insulation in roofing areas/external walls, triple glazed windows, LED lighting with occupancy sensors, centrally controlled heating/cooling systems. Our electricity is 100% REGO backed renewable sources we have reduced our carbon emissions by 38.4% in 2023. All servers in our data centres on a 5-year refresh programme, ensuring the latest technologies are used. Server virtualisation is used replacing physical servers, and run at 65/75% capacity, reducing under-utilisation. Additional measures in our data centres include: ; • Upgraded disaster recovery data centre to free air cooling, reducing energy consumption by £30,000 per annum. ; • Using disaster recovery hardware for test/development infrastructure, ensuring full utilisation of all hardware rather than systems sitting idle. ; • Use of metered power supplies throughout our data centres ; • Growing usage of cloud services ; We recycle 98% of waste and are eliminating single use plastic providing reusable BPA free water bottles, and biodegradable Vegware disposable cups/cutlery/food packaging. We introduced PlanetMark this year which will provide us with independent verified assurance of our carbon footprint including Scope 1, 2, and 3 emissions. MHR is working towards ISO14001 (May 2024).; MHR believe that high overall levels of employee education/interaction and facilitate an employee Sustainability Social Group. The group is an open forum for everyone to share/discuss our Sustainability Strategy including graphical data updates on progress. MHR environmentally screen new/existing suppliers allowing us to monitor direct/indirect emissions of suppliers, encouraging a sustainable supply chain.

  Covid-19 recovery

  Through our software and services, we have been able to support our customers (and their local communities) to adapt to the new ways of working imposed by COVID-19. The web-based nature of our solutions meant customers could still access the software remotely to pay employees accurately and on-time, and employees could be engaged through system communications.; Our product design team responded promptly, releasing functionality to assist customers with calculating and reclaiming payments under the Coronavirus Job Retention Scheme. All developments were completed and delivered at no charge to customers.; We also offered free-of-charge online advice and guidance sessions on key topics such as:; • the remote mobilisation of workforces; • changing government legislation; • furlough and holiday leave extension; Our Managed Payroll Service continued to operate as normal, delivering payrolls with normal high levels of accuracy, and emergency payroll services to support customers who needed it. ; All implementations were, and continue to be, conducted remotely, ensuring the safety of both our clients and our employees, and that crucial HR and payroll operations continued and employees were paid on-time. We have multiple technologies to support this including Microsoft Teams, Skype and WebEx, to ensure we can continue all communications with no delay to the project.; Internally at MHR, we operated as BAU, with no employees placed on the furlough scheme and instead creating new employment opportunities for our local community. ; We take the physical and mental wellbeing of our employees very seriously and implemented several initiatives and procedures to ensure they remained comfortable and happy during this challenging time. (E.g. MHR employees have access to 7 trained Mental Health First Aiders, an Employee Assistance Programme and the Smart Health GP App. We also kept in regular contact with our employees through our HR dashboard, promoting virtual baking clubs, competitions etc.)

  Tackling economic inequality

  MHR provides roles for over 850 people, hiring local talent and raising awareness of employment opportunities; we are constantly injecting income and support back into our local community. We work with local business, using local tradespeople/craftspeople for our building/restoration work of Ruddington Hall. MHR ensure that at least 60% of the suppliers we use are sourced within a 30-mile radius, creating a positive economic impact. ; Improving Lives is a registered charity, working with people with complex health/social needs. Our internal training team have completed several sessions with the volunteers, providing training on Microsoft Word, Excel and PowerPoint, designed to help the volunteers run internal workshops for service users, helping them apply for jobs, create budgets, CVs and presentations. Last year MHR dedicated over 67 hours on regional school visits, offering 31 work experience placements to pupils. We support Founders 4 Schools facilitating inspirational talks for young people, from less advantaged backgrounds, working with schools around STEM skills promoting careers paths within tech industries/emerging trends. ; MHR has a culture of employee development with a suite of over 200 free personal/professional development courses accessible to all staff. Over the past 5 years, 50 employees have completed their CIPP and CIPD qualifications, several employees have completed their CIM qualifications, Prince 2, ACCA, CIMA and Mental Health First Aid. ; MHR future-proof products/services through re-investing 22+% of annual revenue into research/development. iTrent’s cloud-based products/software are highly scalable with the ability to handle increased workloads, add/remove users with minimal cost/impact. Customers can streamline processes using workflow/employee and manager self-service. MHR’s managed service centre use state-of-the-art payroll automation, reducing manual processing time/eliminating human error, negating paper usage. Our professional services team operate a 100% remote delivery, reducing downtime/travel costs whilst maintaining the same level of service/communication (see case study at https://mhrglobal.com/sites/default/files/2021-03/Cherwell_Case_Study.pdf).

  Equal opportunity

  MHR ensures that its most important resource, its employees, are treated fairly and that diversity of employees' backgrounds and other characteristics are used to the advantage of the individual and the business. We do not treat applicants unfavourably based on their Protected Characteristics, ensuring that there are equal opportunities at all stages of the recruitment/promotion processes. We believe that an individual’s disability, ethnicity, sexual orientation, and gender identity should not affect whether they get a job, benefit from training, or get promoted. MHR believes that all employees should receive equal pay for the same or broadly similar work, https://www.mhr.co.uk/gpg-report/; At MHR we champion diversity and inclusion, making sure that everyone in the company feels welcome and at home. All staff participate in mandatory equality, diversity and inclusion training sessions including accessible e-learning material via our Learning Management System. Participation is monitored and recorded through our HR department with reminders sent to those who have not enrolled. MHR strive to bring everyone together and celebrate each other’s individuality through our staff community pages on our internal social feed. We have celebrated International Women’s Day with a breakfast event for all, including a chance for all staff to identify their inspirational women https://mhrglobal.com/uk/en/blog/mhrcelebrates-international-womens-day-2023?term=international+women%27s+day We utilise our employee platform to encourage all staff to celebrate their cultures and way of life and several staff have set up groups and events to celebrate this across the business.; We perform a regular audit of supplier’s policies/websites to monitor the risk of modern slavery. We strive to work with our partners to raise standards so that their employees are paid a living wage and are not subject to forced, compulsory, trafficked or child labour. Our Chief Officers have responsibility to ensure that organisations demonstrate these qualities. Our statement can be found on the website at https://mhrglobal.com/uk/en/modern-slavery-statement

  Wellbeing

  We recognise the importance of supporting the physical and mental wellbeing of our people. We have implemented several measures that supports and promotes employee wellbeing with visible, long-term commitments to mental/physical health including: ; • Supportive workplace where employees understand and can discuss mental health and wellbeing through our mental health first aid team, mentoring programme, and dedicated wellbeing platform on our employee community page. ; • Support for employees to manage their own mental health and wellbeing, encouraging them to achieve their wellbeing goals utilising our employee assistance programme or taking advantage of discounted healthcare options and gym memberships. ; • Home Working and Digital Solutions–using Online Communication, Webinars and Video Conferencing enabling a work-life balance for employees, contributing to clean air and reduction in carbon emissions in the community. ; • Our Smart GP offers employees unlimited access to a Virtual GP as well as health and wellbeing experts for employees enabling them to receive an immediate response. ; • Employees can access confidential support with mental, financial, physical, and emotional well-being though our LifeWorks programme. Supporting employees with questions about handling stress, parenting, and childcare, managing money, or health issues. ; • Actively contribute to raising awareness/understanding of health and wellbeing. With several initiatives throughout the year and regular mental health awareness workshops with our internal training team. ; • MHR support the nutritional/dietary needs of employees serving, gluten free, vegan, vegetarian, and healthy eating options within our subsidised restaurants. ; • Provide employees with the tools and knowledge to build and support each other in building personal resilience. ; • Our charitable work, in conjunction with employees, supporting local and national causes through volunteering hours to pick litter, create peace gardens for a hospice, running marathons, delivering training sessions for unemployed/disengaged young people, provides huge impact for our employees and community physically and mentally.

Pricing

• Price: £2.67 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Service dependant
• Link to free trial: Available on request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-cloud@mhr.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.