iHASCO LTD

iHasco eLearning

iHasco's workplace eLearning solution helps over 10,000 organisations work towards compliance with various Health & Safety and HR legislation.

With over 150 highly-engaging courses, a simple, yet effective Learning Management System and unrivalled support, iHasco are a market-leading provider of workplace

Features

• Interactive eLearning in Health and Safety, Compliance and many more.
• Real-time reporting of training outcomes
• Automated email reminders
• Multilingual learning with 41 languages supported
• Digital certificates to minimise administration
• End-of-course tests to reinforce learning
• 24/7 monitoring to deliver maximum uptime and availability
• Effective Learning Management System (LMS)
• Add your company documents to the Learning Management System (LMS)
• Display Screen Equipment (DSE) Assessment Tool

Benefits

• Complete workplace training on the go, on any device
• Quickly see who has and who hasn't completed their training
• Unrivalled service and support delivering 99.5% uptime
• Dedicated account management providing extra value
• Easy management and reporting saving valuable administration time
• Extensive course library of over 180 courses
• Access to free FAQ'S and additional resources
• Artificial Intelligence (AI) powered ChatBot for greater support 24x7
• Highly regarded: recommended by 96.7% of our 10,000 plus clients
• Highly secure platform evidenced by Cyber Essentials and ISO27001 accreditation

£2.77 to £40 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.king@ihasco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

410850912087651

Contact

Alex King
01344 867088 EXT 464
alex.king@ihasco.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Course content can be used in third-party learning management systems via Sharable Content Object Reference Model (SCORM) packages.
• Cloud deployment model: Private cloud
• Service constraints: No service constraints exist today.
• System requirements:
  • Secure web connection
  • Modern standards compliant web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to provide a response within 4 working hours if sent during 9am - 5pm, Monday to Friday.; ; Priority 1 (System Unavailable): Target issue response within 2 working hours, target fix within 4 working hours.; Priority 2 (System available, but a complete function unavailable): Target issue response within 4 working hours, target fix within 8 working hours. Priority 3 (System available, fault exists but can workaround): Target issue response within 2 working days, target fix within 2 working weeks. ; Priority 4 (Minor issue but system functions without workaround): Target issue response 2 working weeks, target fix within 8 weeks.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: We give the same excellent levels of support to each and every person who gets in touch with us, regardless of whether they are a client or not. Our support team are on hand from Monday - Friday, 9am to 5pm to deal with any queries from clients or prospective clients.; ; Clients are given a dedicated Account Manager and have full access to IT support.; ; No technical account manager, and no cloud support engineer.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training to demonstrate how to use the platform.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The Learning Management System provides the ability to:; ; Export all users in CSV format, download all training certificates as a multi page PDF and export all user training records in CSV format. Additionally, clients can use our API (at no added cost) to extract the same data. We pro-actively reach out to clients during the off-boarding process to ensure that they have everything they need prior to termination of their account.
• End-of-contract process: At the end of a contract, we would encourage clients to renew their service subscription with us. However, we recognise that sometimes clients outgrow us or choose to go elsewhere for a variety of reasons. We believe strongly in helping to make that as easy as possible and do not impose any additional charges beyond what a client has agreed to pay contractually.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features of the desktop service are available on mobile. We use a responsive layout to adapt our web application to a variety of screen sizes.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our web application has a user interface which is built with semantic HTML markup and CSS for presentational styling.
• Accessibility standards: None or don’t know
• Description of accessibility: We do not currently adhere to a specific accessibility standard but are striving towards WCAG 2.1 A and have begun running routine accessibility audits on both our website and application.
• Accessibility testing: We use automated tools which highlight areas which require attention.; ; We also conduct manual tests using assistive technology such as screen readers.
• API: Yes
• What users can and can't do using the API: Clients can use the API to sync users from other management systems and/or pull out data for storage in other systems as required.; ; The iHasco client API is a RESTful service that can be accessed at https://api.ihasco.co.uk.; ; We support requests in JSON (JavaScript Object Notation) format.; Starting with version 2, we use the Semantic Versioning to describe the version of the API. ; ; A specific major version may be specified via an Accept header. The default is v2 :application/vnd.ihasco.v2+json.; ; We keep our API backwards compatible. E.g., if you need version 1 data, please specify application/vnd.ihasco.v1+json, or use the previous version of the API. ; ; Alternatively, you may send an API version integer value as a query parameter. ; ; Every request must supply a valid API token. You can create tokens via the "Settings" area of your Client LMS and there are 3 ways to provide a token.; ; Clients can use the API to sync users from other management systems and/or pull-out data for storage in other systems as required.; ; Documentation is available here: ; https://api.ihasco.co.uk
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Admins can:; ; Add their own branding to their training suites and certificates, hide/disable some elements of the users training suite, enable/disable/change training intervals and required passmarks for courses, create segments and set up smart enrolments, create their own email templates, add custom course completion text and additional certificate text and add their own documents and policies, make them required reading and link them to courses or segments.; ; Our system and courses all work with other third party LMS’s too, so you can customize your learning environment and blend our courses into your LMS. e.g., Absorb, Docebo, Talnet LMS and Totara are used by some clients via the Shareable Content Object Reference Model (SCORM) v1.2

Scaling

• Independence of resources: We monitor application stability on a continual basis using real time monitoring tools such as New Relic.; ; Our application is split into a number of component parts which spreads the load between a primary application server, database server, worker server, notification server and caching server.; ; We also utilise multiple CDNs for the delivery of the video-based content which our application delivers to users for the purpose of fulfilling our service.

Analytics

• Service usage metrics: Yes
• Metrics types: IHasco's Learning Management System dashboard provides information on:; ; Number of registered users,; Number of users enrolled in each course,; Number of users with not started, completed, failed and/or expired training status,; Percentage of users who are compliant across an organisation based on the above,; Number of attempts made by users to pass training; and; Time spent by users completing training for Continuous Professional Development (CPD).
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via our web interface (CSV) or the API (JSON).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Support Period: iHasco support is available to clients from 9am - 5pm (GMT) on business working days.; ; We provide highly resilient services based on Amazon Web Services’ (AWS) cloud-based highly available and scalable platforms, leveraging the best industry approaches to deliver RPO and RTO targets and metrics. This delivers ~99.5% real world uptime.
• Approach to resilience: Available on request.
• Outage reporting: Alert on social media platforms.; Alert on our public website.; Alert via email.; Record of uptime via New Relic monitoring.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Permission based access and regular review of permission levels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Password requirements: 8-15 characters, at least one lowercase letter, at least one uppercase letter, at least one number, at least one special character (?!*@).; ; IP address restricted.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We adhere to industry best practice and have received the government backed Cyber Essentials accreditation.
• Information security policies and processes: IHasco has a comprehensive Security Management Statement that details our polices, https://www.ihasco.co.uk/assets/terms-and-policies/iHasco_Information_Security_Statement.pdf.; ; Our clients trust iHasco with their data, and we make it a priority to take our clients’ security and privacy concerns seriously. We strive to ensure that user data is retained securely, and that we collect only as much personal data as is required to provide our services to clients in an efficient, lawful and effective manner. ; ; Summary of statement topics:; Application and User Security: SSL/TLS Encryption, User Authentication, User Password Management, Data Portability, Privacy and Encryption. ; Data Centres: Design - we use AWS’ assured design and operations policies, Physical Security, Environmental Controls, Data Location, and Availability.; Application Security: Uptime, Third Party Scanning, Testing, Access Control, and Penetration Testing.; Backups: Frequency, Retention, and Server Snapshots.; Organisational: Employee Screening, Training, Third Parties, Access, InfoSec, Accreditations.; Software Development Practise: Stack and Coding Practises.; Security Breaches.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow industry best practice for software development. We track change requests, maintain code in a version-controlled environment, require that changes pass tests and require code review prior to deployment.; ; We deploy changes to a development environment and assess these for potential security issues using industry leading vulnerability scanning tools.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess threats to our services using two third party continual vulnerability scanning services:; ; * Fortify on demand (Micro Focus); * Detectify; ; We aim to respond to and resolve high risk vulnerabilities within 5 working days (if not less).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We follow the general guidance as set out in the CESG's GPG13 guidance on Protective Monitoring Controls (PMC), to record and monitor activity in order to ensure we are well positioned to identify and address potential compromises.; ; A potential compromise would be immediately reviewed by management in order to assess the risk and decide on appropriate steps to mitigate any potential damage.; ; Risk level is used to determine response turnaround and reporting of the risk.
• Incident management type: Supplier-defined controls
• Incident management approach: We have established processes for the reporting and management of common incidents. These include security breaches, performance issues and unexpected application behaviour. Incidents are reported initially to the IT Manager and then subsequently escalated to senior management if necessary. Incidents are reported either verbally (and then confirmed by return email) or via email in the first instance. Incident reports are compiled and reported to the management team on a weekly basis. We report, where relevant, incidents and outcomes to affected stakeholders including clients.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Citation Group and its subsidiaries, including iHasco Limited, have committed to the Science Based Targets initiative (SBTi) and have an active commitment to set science-based targets. The Citation Group is in the final stages of establishing their emissions reduction targets in line with the SBTi’s criteria before presenting it to the SBTi for official validation. As part of this iHasco Limited does and will continue to measure and report on its scope 1, 2 and 3 Green House Gas Emissions. We have a commitment to achieving Net Zero by 2050 and initiatives in place to achieve this.

  Covid-19 recovery

  As part of their service, iHasco provide a variety of eLearning modules which support businesses with Covid-19 recovery. For example, their returning to Work after COVID-19 Training was designed to assist colleagues in making a smooth transition back to the working environment, whether they had been furloughed or were working from home. Further topics include responding to and managing change, infection prevention and control and risk assessment training.

  Tackling economic inequality

  iHasco is committed to paying colleagues the National Living Wage at minimum. We pay into and utilise our Apprenticeship Levy to upskill colleagues in junior customer service, sales and HR roles. Where possible, iHasco offers flexible working arrangements to help enable a more inclusive approach to employment.

  Equal opportunity

  iHasco strives to encourage and has seen the benefits of having a diverse and inclusive workforce. Diversity and inclusion is not just about seen differences, it covers hidden and perceived differences across background, education, social differences, neuro diversity, age, gender, religion, ethnicity, beliefs and much more. Inclusion isn’t just a policy; it’s part of the fabric of our culture. We want to learn from diverse perspectives, drive innovation, grow together and create an environment where differences are embraced so everyone can thrive at work.; ; In the last 12 months >65% of colleagues have undertaken development above the requirements of their and our Women in Leadership Programme has helped us to accelerate the careers of high potential women. ; ; From a client perspective, iHasco delivered over 7,000,000 successfully completed eLearning modules in 2023 which included topics such as Equality, Diversity and Inclusion, unconscious bias and disability awareness and inclusion.

  Wellbeing

  We want to be the business that colleagues want to work for and clients want to work with. That is why colleague engagement is at the heart of our business strategy. We are proud of culture and our colleagues, who have together created a great place to work – evidenced through our leading colleague engagement scores.; ; iHasco has a number of colleagues who are trained as Mental Health First Aiders and colleagues have access to an Employee Assistance Programme as part of their healthcare benefit.; ; From a client perspective, iHasco delivered over 7,000,000 successfully completed eLearning modules in 2023 which included topics such as Mental Health awareness, building resilience, stress awareness and bullying and harassment.

Pricing

• Price: £2.77 to £40 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 14-day free trial of our entire course library is available. ; ; There is nothing to install and its accessible over the web.; No obligation is created, and no credit card or payment details are required either.; ; Access to our Learning Management System is not included.
• Link to free trial: https://www.ihasco.co.uk/try

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.king@ihasco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.