Drieam B.V.

Portflow

Portflow is an overarching learning experience portfolio for holistic assessment and learner agency, seamlessly integrated with your VLE/LMS.
Portflow allows students to collect evidence and feedback from learning experiences from their personal learning journeys. It provides rich insights into their competence development and can be used for assessment and showcasing.

Features

• Collect evidence from learning experiences in many formats
• Import evidence from a wide array of sources
• Share with anyone (instructors, peers, externals, coaches)
• Request, discuss and track feedback, reviews and reflections
• Link evidence to a framework of goals, competencies, and outcomes
• Organise evidence into collections
• Rich insights for students and coaches into the development process
• Create snapshots of the portfolio for summative assessment
• Build and offer templates for scaffolded portfolio structure and content
• Fully and seamlessly integrated with the VLE/LMS

Benefits

• Offers a holistic approach to assessment, tying together learning experiences
• Stimulates learner agency through ownership and sense of control
• Overarching personal learner journey portfolio, across all learning contexts
• Integrated user experience thanks to synergy with the VLE/LMS
• Include and centralise all relevant insights on the learning process
• Supports fully flexible and personal learning journeys
• Keep access to the portfolio as alumnus for lifelong learning
• Making learning visible around outcomes, attributes, goals, competencies, and skills
• Provides a rich scaffolding toolbox to foster career-readiness
• Facilitates reflective practice and active learning

£7.20 to £13.10 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@drieam.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

405650814008644

Contact

Jim Bouw
+31403046346
sales@drieam.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: VLE/LMS platforms, currently: Canvas, Brightspace, Blackboard, Moodle.
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance may occur a couple of times a year outside of primary operating windows. These are announced at least 14 days in advance to all customers. No other constraints apply.
• System requirements:
  • An internet connection
  • A browser-enabled computer or mobile device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Drieam offers second-tier support to address all issues. Our support team is available on working days (Monday to Friday) from 9 to 5 (GMT/UK time). For the incoming e-mail and phone support, a KPI of 80% response within 1 working day applies.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Drieam offers the same high-quality service to all clients, as part of our standard SLA. A key aspect of our service is providing each institution with a dedicated Customer Success Manager to ensure optimal use of Portflow. They will be available via email or phone or adhoc queries, as wel as regular Executive Business Review meeting.; ; Additionally, Drieam offers second-tier support to the institution's designated contact points from Monday to Friday, 9 am to 5 pm (UK time). For the incoming e-mail and phone support a KPI of 80% response within 1 working day applies. For priority 1 issues, a response target of 4 hours applies.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our implementation consultants will guide new and existing customers through the implementation process. Depending on the needs and context of the institution, our team is able to provide adequate training, documentation, and assistance. We also provide a rich toolkit for central (organisation-wide) and/or decentral (programme-wide) implementation and adoption of Portflow. This toolkit consists of i.a. e-learning packages for instructors and students, training materials, solution design workshops, discussion facilitators, and much more. The content of the toolkit can easily be adjusted to fit specific needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Users can extract their own data (at any time) by exporting their portfolio. In addition, if the organisation made this service available, users can keep using the portfolio as alumnus.
• End-of-contract process: In line with GDPR guidelines, we ensure the secure deletion of data within 60 days after end of contract. For various QA or practical considerations, it is possible to keep assessment data for a longer time.; When the contract ends, we can provide organisations with support for extracting or migrating data. Every offboarding action apart from data deletion will be offered in separate quote in advance.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Based on the WCAG guidelines, Portflow is fully responsive and usable on all mainstream screen sizes, from desktop, to tablet to mobile. This means that there are no significant differences between viewports. In addition, 2024 marks the introduction of a native mobile app that allows users to capture evidence and provide authentic feedback.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The main user interface of Portflow is a responsive web application, usually integrated and positioned within the VLE/LMS. Users are authenticated over the LTI 1.3 protocol and can then use all Portflow features. Based on roles and permissions, various additional features are available to admins, coaches, instructors, and other staff members. Users that are not part of the educational institution (i.e. don’t have access to the VLE/LMS, externals) can access the interface directly on the web upon invitation of a user. In addition, 2024 marks the introduction of an extension to the public API.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: To ensure conformance to most current accessibility standards, Portflow employs the expertise of various accessibility experts. The entire development practice is conducted with accessibility in mind. Before delivery, the interface is tested manually and with automated tests using accessibility and assistive technologies. In addition, we work closely with our customers to ensure that the intended accessibility is actually being achieved.
• API: Yes
• What users can and can't do using the API: The current API allows administrators to access additional usage insights and to manage user data lifecycle. Additional API features are continuously added. Users are informed of any changes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: End users (learners):; As the main purpose of the application is to serve as a modern and flexible portfolio, the majority of its visual appearance and all content is customisable by all users. This can be done in the form of evidence, collections, goals, sections, and their content, descriptions and metadata.; ; Customers (organisations/institutions):; Admins can customise Portflow to match their brand and appearance. Specifically, they can set the application icon, logo and add the name of the organisation to the application’s footer and email notifications. Additionally, the application can be configured with settings to match the organisation’s needs (enabling/disabling specific features, configurations, interaction with VLE/LMS and other systems, etc.).

Scaling

• Independence of resources: Portflow provides an SLA with a 99.5% uptime guarantee. The application is hosted on scalable cloud infrastructure, provided by Heroku and AWS. This means that as demand fluctuates, our service automatically scales up or down to accommodate the incoming traffic. Whether it's a sudden surge or a gradual increase, our system adjusts dynamically to ensure optimal performance for all users. Thanks to additional proactive monitoring systems, we are able to quickly identify bottlenecks and optimize resource allocation.

Analytics

• Service usage metrics: Yes
• Metrics types: Insights into historical and active usage (users, data storage, objects, etc.)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can extract their own data (at any time) by exporting their portfolio. This will result in a zipped file containing all original evidence files, feedback and metadata, allowing for easy reuse and archiving.; Admins can export lists of (external) users from the Portflow admin panel.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • TXT
  • HTML
  • ZIP
  • All original uploaded file formats
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • All document file types (e.g. docx, pptx, xlsx, pdf)
  • All image types (e.g. png, jpg, gif, etc.)
  • All video types (e.g. mp4, mpeg, etc.)
  • All audio types (e.g. mp3, wav, etc.)
  • Most frequently used other files (e.g. zip, dwg, eps)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Drieam will use commercially reasonable efforts to make Portflow is available with an annual uptime percentage of at least 99.5% (“Service Commitment”). The availability of the production environment and of the IP-connectivity will be measured on an annual basis. In the event Drieam does not meet the this commitment, Customer will be eligible to receive a service credit as described below. Each hour, on top of the guaranteed availability, that the production environment is not available will be credited based on the average daily costs of the yearly payment. Crediting takes place once per year. There can be limitations or disturbances of the services that are outside of Drieam’s influence. If Drieam cannot comply to this agreement due to circumstances beyond Drieam’s control, Drieam has the right to postpone the agreement. Examples of circumstances beyond Drieam’s control are: not by Drieam influenceable technical limitations of the internet, large interruptions in power supply, fire, natural disasters and/or Denial of Services attacks. When preventive maintenance is planned, Client will be notified via an announcement. Preventive maintenance does not comply with the above mentioned guaranteed availability rate.
• Approach to resilience: Drieam is committed to maintaining the quality of our continuous service. We have established a Backup Policy, Disaster Recovery Plan, and Incident Response Plan in accordance with SOC2 norms to ensure uninterrupted service delivery.; ; All data for UK customers is hosted in the European Economic Area with hosting provided by Amazon Web Services (AWS) in Ireland. Continuous backups are maintained in our secondary database in Germany. AWS is the most established and trusted cloud hosting provider worldwide, offering high levels of physical and network security as well as diverse hosting options. AWS maintains high-level security compliance, including SOC 2 and ISO 27001. Due to this setup, we can deliver an RPO of 1 hour and an RTO of 4 hours.; ; Over the past year, we maintained 99.99% uptime, which equates to less than 56 minutes of downtime throughout the year. We perform automatic "hands-free" upgrades and updates, ensuring customers never have to worry about patches or version numbers. Furthermore, Portflow resilience is ensured by Drieam's self-healing architecture and automatic scaling.; ; Our Security Team diligently works on maintaining resilient and continuous service. By regularly (at least annually) testing the IRP and DRP, we ensure readiness for all possible scenarios.
• Outage reporting: At Drieam, transparency is a core value. That's why we provide real-time information about Portflow's availability through our public online dashboard. This platform enables customers to stay informed about Portflow's performance and availability effortlessly.; ; You can access the availability details at the following dashboard: status.drieam.com. Customers can sign up for email notifications about any potential issues with Portflow, ensuring they remain fully informed and updated about its status.; ; If the customer has any questions or concerns regarding Portflow's availability, they can always contact their Customer Success Manager or our support team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: User authentication for VLE/LMS users is handled by the VLE/LMS itself or connected authentication services and then relayed over the LTI 1.3 standard.
• Access restrictions in management interfaces and support channels: Restricting access to management interfaces is defined based on roles within the VLE/LMS. For support channels, access is restricted by mapping specific recognised users to resources in our support systems.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: User authentication for managers/admins is handled by the VLE/LMS itself or connected authentication services and then relayed over the LTI 1.3 standard.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type II compliant
  • 1EdTech Data Privacy Standard Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: - SOC 2 Type 2 compliant; - 1Edtech Data Privacy Standard Compliant
• Information security policies and processes: Drieam has established comprehensive internal security policies encompassing various areas such as information classification, secure development, maintenance, privacy, change management, media protection, risk management, awareness training, third-party management policy, and several other topics. All employees accept these policies when starting at Drieam, and any updates require employees to acknowledge and accept the changes. To gain an understanding of all policies, customers can request our SOC2 report. ; ; The security team reviews all security policies at least once a year to ensure that they are being followed consistently across all teams and that security is a company-wide priority.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Drieam has a formalised security and systems development methodology that includes project planning, design, testing, implementation, maintenance, and disposal or decommissioning. Proposed changes are evaluated to determine if they present a security risk and what mitigating actions, including employee and user entity notifications, must be performed.; ; Changes to infrastructure and software are developed and tested in a separate development or test environment before implementation. Additionally, non admin developers cannot migrate their own code changes into production environments. Access to migrate a change to production is restricted to approved Engineering personnel.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability scanning tools are utilised to automatically scan our application's codebase and identify potential vulnerabilities. Identified vulnerabilities are ranked by risk (high, medium, low) to prioritise their remediation. We adhere to the following remediation times for these vulnerabilities:; - p0: 7 days; - p1: 30 days; - p2: 60 days; - p3: 90 days; Penetration tests, including a full scope of blended attacks such as client-based and web application attacks, are conducted at least once a year. Any discovered issues are directed through our incident and risk management processes for resolution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise various applications to monitor processes and identify potential compromises, such as analysing request logs. Additionally, we offer customers the ability to notify us if they suspect a potential compromise.; ; Upon becoming aware of a potential compromise, we initiate our well-defined and tested incident response plan. This plan outlines all necessary steps to address different types of compromises. We keep our customers updated on the incident's progress and ensure a swift response to any breaches.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report a potential incident through various methods including email, a support portal, and phone.; ; Upon receiving an incident, Drieam applies their predefined Incident Response Plan. This plan outlines the process of identifying, prioritising, communicating, assigning, and tracking incidents until they are resolved. The Security team communicates these incidents externally if necessary. Details such as analysis, impact, and resolution of the incident are documented and possibly shared.; ; The Security team also conducts annual tests of the IRP, either through simulation (table-top exercise) or retrospective of a real event. Any lessons learned from these tests are incorporated into the plan.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  In a bid to reduce greenhouse gas emissions and foster a greener future, our company has proactively adopted a sustainable mobility policy alongside our existing paperless policy. The cornerstone of this policy is an internal mobility pool of two electric lease cars. These eco-friendly vehicles are made available to all our employees. ; ; Moreover, we recognize that public transportation is a key component in the fight against climate change. To this end, we encourage our employees to utilize public transit systems. To make this a viable option, we provide our employees with public transportation cards, giving them unrestricted travel within a certain area. ; ; In addition, our sustainable mobility policy also includes a bike leasing program. This program provides our employees the opportunity to lease high-quality bikes for a certain period. The leasing scheme includes maintenance and insurance, making it a cost-effective and flexible option. ; ; Beyond internal sustainability efforts, we also place a high importance on selecting suppliers who are conscious of their environmental impact. A prime example of such a supplier is AWS, our data provider. AWS not only guarantees safe storage and data processing but also places a high premium on sustainability. Research by 451 Research indicates that AWS's infrastructure is 3.6 times more energy-efficient than the median energy consumption of US data centers and up to five times more energy-efficient than the average in Europe. Furthermore, the same research shows that AWS can reduce the CO2 footprint of customer workloads by almost 80% compared to other data centers, and even up to 96% when AWS runs entirely on renewable energy. By opting for AWS, we are making a concerted effort to lessen our environmental impact.

  Covid-19 recovery

  Drieam aids COVID-19 recovery by offering educators and students a robust virtual platform, ensuring activities can take place wherever they are. During the pandemic, we supported a record number of users as institutions transitioned fully online. We continue to support institutions in their recovery and progression, enabling them to adapt and thrive in the post-pandemic landscape.; ; In addtion, we offer a flexible work model for our staff, allowing them to choose their preferred work location. Employees can work entirely remotely, fully in-office, or opt for a hybrid setup, supporting COVID-19 recovery efforts. This flexibility enables those who benefit from social office spaces to do so for their mental health, while also allowing employees who need to shield or have ongoing COVID-19 concerns to work entirely from home.

  Tackling economic inequality

  Drieam upholds Social, Labor, and Environmental policies to promote the well-being of our employees and community. We ensure our team members receive a living wage and strictly adhere to local labor laws. We also hold our suppliers to these same standards. By fostering ethical practices across our supply chain, we contribute to a more equitable and sustainable future.; ; Furthermore, Drieam is a company that demonstrably spends a lot of time offering internships for students and young professionals. At Drieam, the development of the intern is central, and we offer various opportunities to stimulate this development. For example, we regularly organize training and workshops to improve the intern's skills, and we provide tailored guidance to ensure that the intern can get the most out of his or her internship.

  Equal opportunity

  At Drieam, we value the inclusion of all, both in our culture and in our Portflow product. Portflow is designed to cater to a diverse user base, including individuals who may require assistance. We are dedicated to ongoing improvements to enhance accessibility, reflecting our strong commitment to this goal. Currently, we comply with WCAG 2.2 AA standards, and we aim to further increase accessibility for our users.; ; In addition we strongly believe in the value of an inclusive and diverse culture, offering equal opportunities to all. We embrace the diversity of cultures, nationalities, and gender differences within our company and ensure that everyone feels accepted and valued. This is also visible within Drieam, where a diverse team has emerged with different cultures, genders, and nationalities.

  Wellbeing

  At Drieam, our primary responsibility is to ensure absolute compliance with local labor laws across all the regions we operate in. This is a topmost priority for us, as we firmly believe in establishing a lawful and ethical business environment. We are committed to meeting, and where possible, exceeding all regulations and guidelines set forth by local authorities.; ; In addition, we also place a high value on the wellbeing of our employees. This is not merely a policy but a core value that defines our business operations. We recognize that our workforce is our most valuable asset and we are dedicated to maintaining a healthy, happy, and productive environment for them.; ; In our commitment to employee wellbeing, we provide various benefits to enrich both personal and professional lives. For instance, we offer discounts on sports subscriptions. Our consistent focus on employee wellbeing results in a low turnover rate, a fact that we take great pride in.

Pricing

• Price: £7.20 to £13.10 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A free trial can be arranged for your auditing committee in our trial environment to explore the student experience. This includes all student-facing features. Alternatively, a full trial experience (in your own VLE environment), including that of students, staff, and admins, can be arranged by contacting our sales department.
• Link to free trial: https://drieam.com/portflow/try-out/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@drieam.com. Tell them what format you need. It will help if you say what assistive technology you use.