Pellcomp Software Ltd

PICS Skills Learner Management System

The PICS Learner Management System is a complete end-to-end solution for all ESFA, ESF and commercial training programmes, including apprenticeships.

PICS offers an entire paper-free learner and journey including digital signup, the industries leading ILR management suite, fully integrated ePortfolio & more, all backed by unbeatable support.

Features

• Your entire learner & employer journey in a single system
• Paper free enrolments and contracting with digital signatures
• Full, robust ILR management for all programmes
• Funding reports and projections which reconcile with the ESFA hub.
• Management of employer co-investments with finance team portal
• Comprehensive reporting covers achievement rates, finance, E&D and more
• Fully integrated ePortfolio tracks all aspects of the training programme
• Digital registers and real-time attendance tracking
• Integrated survey functions
• Excellent and responsive customer support with over 25 years' experience

Benefits

• End-to-end solution significantly reduces data admin burden
• Paper-free system reduces turnaround times and increases efficiency
• Robust ILR features reduce the headache of compliance and audit
• Manage all ESFA or commercial programmes in a single system
• Clear tracking of learners against starting points to demonstrate progression
• Real-time funding calculations demystify funding regimes
• Flexible reporting provides insights into all aspects of your business

£25 to £50 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@pellcomp.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

420764266838389

Contact

Sales Team
01603 215000
sales@pellcomp.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Pellcomp Software perform scheduled software updates and infrastructure maintenance outside of core business hours. ; ; The hosting service will typically be unavailable each Thursday from 8pm to 8am due to scheduled maintenance.; ; Customers are notified of any upcoming maintenance via the Pellcomp Software hosting portal, or via email if a customer subscribes to our maintenance alerts.
• System requirements:
  • Windows 10
  • Mac OS
  • Any up-to-date modern web browser
  • Broadband internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We operate an email help desk Monday-Friday 9-5:30. We aim to provide an informed response to enquiries within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Support queries can be raised through the chat bubble integrated in PICSWeb
• Web chat accessibility testing: No such testing has been completed however we are using an off the shelf system (Intercom)
• Onsite support: Yes, at extra cost
• Support levels: Telephone and email support are provided within our software costs. Onsite support is rarely required, but if necessary it is available at a cost of £1250+VAT per day.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Most PICS implementations will begin with a data conversion of existing ILR data and the preparation of the hosting platform. We then begin a schedule of training. Typically, the initial programme of training consists of three two-hour webinars, delivered over a couple of days. ; ; We then arrange followup training 4-6 weeks after the initial training. this training can be onsite or online depending on client requirements and current social distancing policies. This core structure of training is supplemented by a range of online video training courses and additional online training sessions dependent on the level of SaaS offering chosen and your training needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted through the comprehensive reporting suite, or we can provide read only licenses with access to the full report suite, to suit the customer.
• End-of-contract process: If a customer chooses not to renew their contract, we will provide facilities for extracting PICS data through its integrated reporting suite, additional costs are applicable if a customer wishes for us to do this on their behalf. Alternatively, we can provide read-only licenses and long term data storage, at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Integrated branding allows public-facing aspects of the software to be branded. Extensive customisation options for of== fields, workflows, forms etc are integrated into the product.

Scaling

• Independence of resources: Incoming connections to the hosting platform are load-balanced to spread the demand on the resources that provide the service.; ; Performance alerting and resource monitoring are present. If a performance alert is generated, more reserved resources can be allocated. ; ; This ensures a fast, stable and resilient software hosting service.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers are able to view usage reports of our hosting service via the advanced inbuilt reporting module. ; ; Customers can see audit trails and tailor the reports to their own bespoke requirements.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If a Pellcomp customer ceases to use PICS, the customer's data is returned to them. The customer's data is archived and retained by Pellcomp Software for a period of 6 months.; ; Pellcomp Software provide the data in a compressed format to the customer using our secure File Drop site.
• Data export formats:
  • CSV
  • Other
• Other data export formats: ZIP (file attachemnts)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Pellcomp Software will aim to achieve at least 99% availability of access to the hosted installation of the software. Availability is measured by an external application checking every minute. ; ; During the last 12 months, Pellcomp Software's customer hosting software platform achieved 99.97% uptime (excluding scheduled maintenance).; ; Pellcomp Software are happy to discuss any individual requirements that a customer may have.
• Approach to resilience: The hosting infrastructure has redundancy built in to avoid single point of failures. ; ; At each data centre, this includes dual power supplies, RAID, at least two servers at each physical layer, active-active switches, active-standby firewalls, NIC teaming and Network Load Balanced services. ; ; The entire physical and virtual infrastructure is replicated at a second data centre for disaster recovery purposes.
• Outage reporting: Pellcomp software use an API to display information banners on the customer hosting portal.; ; The banners inform customers of the nature of the outage, the systems affected by the outage, and the expected recovery timeframe. ; ; Pellcomp Software update the banners during the incident and when it is resolved.; ; Customers are also able to subscribe to our email alerts. These alerts provide information on scheduled maintenance and service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: To gain access to the hosting servers, each user must login to the hosting website with a unique username and complex password. ; ; Once logged in to the server, a second login and appropriate license key is also required to gain access to the PICS application.; ; All successful authentications, record creations, updates and deletions are permanently logged inside the database and existing log records cannot be altered or deleted.
• Access restrictions in management interfaces and support channels: Security appliances are configured to allow incoming management traffic from approved Pellcomp staff machines only. A second stage Active Directory authentication is then required to gain access to the management network. All network traffic is encrypted in transit and logged.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Pellcomp Software's requires two-factor authentication in order to access management interfaces.; ; Access to remaining management systems are secured using a combination of security appliance device IP whitelisting and Active Directory authentication security groups.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: An Independent UKAS accredited company - Approachable UK
• ISO/IEC 27001 accreditation date: 04/08/2017
• What the ISO/IEC 27001 doesn’t cover: The scope of activates for ISO27001 compliance are:; ; Design, development, installation, data hosting and support of software products - Statement of Applicability v7
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Elavon Security
• PCI DSS accreditation date: 26/04/2019
• What the PCI DSS doesn’t cover: This service is PCI DSS compliant. All controls for PCI DSS are in scope for this service, there is nothing not covered.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Pellcomp Software have implemented an extensive Information Security Management System.; ; We have an online system that staff use to access the ISMS portfolio. All Pellcomp staff are required to read and follow these processes. A digital confirmation box must be signed to prove that the member of staff has read the documentation.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to both our software hosting infrastructure and software development are managed in accordance with our ISO27001 ISMS portfolio. ; ; Changes are risk assessed, tested and tracked via our ticket management system throughout the life cycle of the change.; ; All changes are approved by senior management before they are implemented and released to our customers. ; ; The software development lifecycle follows the Sprint methodology. All proposed changes are assessed for potential impact to application security before being released.; ; Our applications are penetration tested annually by an independent CREST-accredited organisation for any potential vulnerabilities.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Pellcomp Software utilise Microsoft industry-standard tools to centrally manage the alerting, updating and application of software updates and patches. ; ; Patches are applied every two weeks, or immediately if a critical vulnerability is being actively exploited in the wild. All software patches and updates are applied in line with our ISO27001 change management procedures.; ; Pellcomp monitor a variety of different vendor security feeds, such as Microsoft, Hewlett Packard and Cisco. We also monitor the UK’s NCSC and the US Cyber Emergency Response Team security alerts.; ; We are committed to provide continuing and evolving protection to our infrastructure and software products.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Pellcomp Software have advanced monitoring and alerting implemented for a range of suspicious events. ; ; A DMZ separates the outer and inner firewalls where incoming traffic is terminated and scanned by security appliances before being forwarded to the back-end web servers. ; ; Firewalls from different vendors are used to mitigate against vulnerabilities specific to firewall vendors. ; ; An IDS/IPS system is configured at the internet-facing perimeter with alerting enabled. Network traffic logs are maintained for 12 months.; ; The firewall configuration changes go through Pellcomp’s change management process as defined by our ISMS. All physical and virtual servers have Windows Firewall enabled with logging.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Pellcomp Software's extensive ISMS portfolio contains predefined incident response and control processes.; ; We have a dedicated security incident response team who, along with the onsite IT team, are responsible for overseeing the management and resolution of the incident.; ; Customer software incidents are categorised by levels of severity and a resolution is implemented within the agreed SLA.; ; We have a specialist in-house software support team that can be contacted via phone or email. We do not and will not outsource our support.; ; We are ISO27001 certified. Our processes are audited annually by a UKAS accredited auditor for ongoing compliance.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  The PICS Learner Management System supports our customers to administer and deliver training and employability programmes in an optimal, efficient manner. In doing so PICS helps to ensure that training and employability providers are able to maximise the impact of government funded programmes for tackling unemployment and tackling skills gaps including apprenticeship, traineeships & more.
• Equal opportunity:

  Equal opportunity

  The PICS Learner Management System supports our customers to administer and deliver apprenticeship programmes in an effective and efficient manner. In doing so PICS supports training providers to maximise the impact of apprenticeship funding to support in-work progression to help people, including those from ; disadvantaged or minority groups, to move into higher paid work by developing new skills.

Pricing

• Price: £25 to £50 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@pellcomp.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.