SkillSet Limited

Moodle learning management system (LMS) hosting

Moodle learning management system (LMS) hosting with expert support, data backups, and seamless migrations. Our fully managed service and ISO-certified practices ensure a reliable, cost-effective learning management system experience on AWS cloud infrastructure. We offer custom API, plug-in, and code development to tailor your Moodle LMS for your online learning.

Features

• Secure UK-based Moodle LMS development, hosting, support, maintenance and migration.
• Moodle LMS SaaS eliminates the requirement for in-house software management.
• ISO:27001, Cyber Essentials Plus and code scanning ensure Moodle security.
• Monitoring and reporting provide insights into Moodle learning management system.
• Access UK-based Moodle experts for timely support and problem resolution.
• Custom plugin development tailors Moodle functionality to your learning needs.
• Customise Moodle LMS design and branding to your organisation's identity.
• Moodle's learning management system versatile features enables blended learning.
• Integrate Moodle with external systems including payments, authentication and HR.
• Moodle learning management system offers multilingual learning support, including Welsh.

Benefits

• Open-source Moodle for a cost-effective learning management system.
• Optimise your online learning with our Moodle hosting and support.
• Reduce Moodle LMS risks with proactive monitoring and support.
• 100% of Moodle learning management system customers recommend SkillSet.
• Customise your Moodle LMS with bespoke plug-in development.
• Moodle LMS plugins enable additional learning features and integrations.
• Avoid vendor lock-in with complete Moodle LMS data backups.
• Real-time Moodle reporting for learner use and progress tracking.
• 24*7*365 support available for Moodle LMS learning customers.
• No licence cost with a Moodle learning management system.

£3,600 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.deed@skillset.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

434873265746540

Contact

Paul Deed
01252810061
paul.deed@skillset.co.uk

Service scope

• Service constraints: Maintenance must be included with hosting to ensure a secure system, but full site administration accounts can be provided.
• System requirements:
  • Internet access
  • Current web/mobile browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Response Times. Priority 0/1 issues: we provide a response within 1 hour during business hours (8:30am-5:30pm, UK time excluding bank holidays), with restoration and resolution targets depending on priority. Priority 2/3 issues: response within 2 working days during business hours (8.30am-5:30pm, Mon-Fri excluding bank holidays). Resolution timeframes are linked to our quarterly maintenance releases. Weekend support is available but may incur additional costs. 24/7 support is available at an additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat needs to be tested in the context in which it is deployed and we test with each individual client.
• Onsite support: Yes, at extra cost
• Support levels: Standard Support: available during UK office hours (08:30-17:30). Contact us via email, telephone, or our Freshdesk ticketing system. Extended Support: we offer customisable extended hours, including 24/7/365 telephone access and on-site support upon request. Extended Support costs: according to your specific needs and expected usage. Our Premium support package includes first line support and the ability to create tickets directly from Moodle. Essential and Standard packages offer second line support for your project, IT team and nominated Moodle support staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We prioritise a smooth user experience for both administrators and end-users. For administrators and managers, we provide tailored training options including on-site sessions, webinars, in-depth guides, and videos. These resources are customised to your specific Moodle setup, including any required templates or specifications. Moodle itself offers an intuitive design, making it accessible for most end-users without formal training. Additionally, we collaborate with you to develop user tours directly within Moodle. These tours offer step-by-step guidance through the system's key features or specific pages, aiding new users and aligning with your unique business processes. Users can access these tours at any time for a refresher. Our goal is to ensure a seamless onboarding experience for your team, empowering them to leverage Moodle effectively from the start.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: End-users can easily extract their personal data at any time (including the end of contract) using Moodle's built-in tools. This process can be automated or adjusted for manual intervention based on your preferences. Depending on your Moodle setup, users may also be able to directly download certificates and reports. At the end of the contract (or upon request), we'll provide you with a full backup of your Moodle site. This comprehensive backup includes all configuration, user data, and learning content, allowing you to replicate your Moodle site elsewhere or use it for historical reference. We can also provide reports to extract any specific data, including users, completions, course lists etc.
• End-of-contract process: At the end of your contract, we'll provide you with a full backup of your Moodle site, including configuration, user data, and learning content. This backup is included in the contract price, allowing you to retain the data or use it for future setup. Upon request, we can also securely archive your site using AWS (or a similar service) for potential restoration later. While the backup itself is included, there would be a charge if you need us to restore the site after the contract has ended. We'll provide source code for any custom plugins or code created for you. Further support, such as detailed specification documentation or assistance transitioning to a new supplier, would be available at an additional cost.

Using the service

• Web browser interface: Yes
• Using the web interface: Moodle's web interface is designed with usability in mind. Extensive documentation and continuous updates ensure an intuitive experience for all users. Site administrators have significant control, customising the site's appearance (colours, fonts, branding), optimising navigation for core tasks, and potentially tailoring interfaces at different levels. Teachers and managers can fully manage courses, activities, and programmes. Depending on installed plugins, they may also control team structures and user options. Learners enjoy a personalised experience, engaging in courses, collaborating on activities, creating content, customising their dashboards, and managing notifications. Some actions may be limited by specific plugin configurations or user permissions. Users can access configurable reporting tools (with appropriate training), and for advanced customisation beyond Moodle's core capabilities, SkillSet offers custom development services (at additional cost).
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Moodle's mobile app and browser application have been audited by Moodle HQ and achieved WCAG 2.1 Level AA accreditation. SkillSet understand that every Moodle site is unique due to customisations. Therefore, we prioritise pre-deployment accessibility testing for each client's site using assistive tools and test protocols. If your organisation has users who rely on assistive technologies, we're eager to collaborate with them directly to ensure optimal functionality. We've also partnered with clients and professional accessibility auditing companies for specific assessments with existing clients.
• API: Yes
• What users can and can't do using the API: SkillSet uses a REST API plugin to enable seamless and secure data exchange between your systems and Moodle, enhancing efficiency and automation. Users with the appropriate permissions can seamlessly integrate external systems with their Moodle LMS. We provide comprehensive documentation for standard Moodle APIs (https://docs.moodle.org/dev/Core_APIs) and define secure web service accounts to control access and tailor information for each integration. The API empowers users to automate various LMS actions like adding users, updating information, managing enrolments, tracking course completion, and manipulating grades. SkillSet also offers bespoke API integrations for custom data exchange, ensuring your systems receive the exact information needed and potentially streamlining complex processes, lowering the need for manual processes such as uploading spreadsheets of users or assigning user to groups. It's important to note that all APIs are governed by strict permissions and IP whitelisting, and standard APIs may not cover every niche scenario, potentially requiring custom development. Our team has extensive experience in Moodle integrations, including the use of third-party ETL services, and we're ready to provide the best solutions for your specific needs.
• API automation tools:
  • Ansible
  • Other
• Other API automation tools:
  • Zapier
  • Tray.io
  • IFTTT
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Our Moodle service is single-tenant and so each customer’s databases and web servers run on dedicated virtual machines in a separate security group. We understand use patterns with Moodle and will work with our clients to ensure that where we anticipate high use (such as launches of new course materials, mandatory training deadlines and large-scale scheduled online assessments) we can put additional resources in place. Our Moodle service can also be load-balanced and auto-scaled if required. This can save costs compared to sizing for rare worst-case scenarios.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Moodle HQ - https://moodle.com/about/

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We use AWS for hosting and take advantage of their ability to encrypt data at rest for all elements of the service provided. Our protective monitoring processes include continuous vulnerability scanning and intrusion detection systems to identify potential compromises early.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Database
  • Moodle Web Directory
  • Server Operating System
  • Server Configuration
• Backup controls: Our solution ensures comprehensive, automatic backups. Daily backups using AWS Snapshot include all stored data. These backups are retained for 30 days and a monthly backup is retained for 6 months. We can rebuild your site from the previous night's backup, even if the live server is inaccessible. If you require a customised backup schedule or specific content backups, please contact our support team, and we'll work with you to accommodate your needs.
• Datacentre setup: Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Data is always transmitted using TLS 1.2+ between servers. All data storage is on encrypted volumes. Access to the hosting environment is restricted to specific users, requires multi-factor authentication and is accessed via a VPN. We have worked with clients in different ways to provide additional data security between their network and our servers. Some clients do not make their Moodle instances accessible outside of their internal network, so we block all access and whitelist their outbound IP, and/or work with a VPN to provide access. Administration pages can specifically be whitelisted by IP.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We use the AWS Cloud Services due to its resilience and capacity. AWS commits to a monthly uptime of at least 99.95%. We offer varying levels of support, starting with UK business hours. We provide 24 hour support for business critical systems: this allows access to a member of our support staff at all times.
• Approach to resilience: Our standard Moodle hosting prioritises swift recovery. Through nightly backups, we can restore your site to a new instance within 2 hours, minimising disruption. This approach balances resilience and cost-effectiveness for most clients. For clients whose LMS is mission-critical, we offer a fully resilient architecture. This includes load balancing, multiple web servers across AWS availability zones, distributed storage, and a resilient database solution. These ensure maximum uptime and seamless operation. This is designed and costed based on the client’s specification. We use AWS CloudWatch to monitor key metrics like CPU, storage, and memory. This allows us to detect potential issues early, proactively safeguarding your system's availability.
• Outage reporting: AWS Cloudwatch monitors the hardware for any failure conditions or extended periods of excess load. The support team are notified when thresholds are breached. We also monitor the availability of all public web front-ends with a third party monitoring solution outside of AWS, again, immediate notifications to our support team. Currently, we do not have automatic notification of outages direct to client contacts via dashboard, or API. Customers would be notified by email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
• Other user authentication: Moodle provides a number of authentication plugins to support ensuring the user is who they say they are. Integrations include, but are not limited to: OIDC, OAuth2, SAML, LDAP, Shibboleth, and SSO options for third party services such as Microsoft Azure AD, on-premises AD, Facebook, Google, LinkedIn, Joomla CMS and Wordpress CMS. Additional controls can be introduced including limiting retry attempts before enforced cooldown periods, IP whitelisting, anti-hammering policies, password strength, MFA and more.
• Access restrictions in management interfaces and support channels: We prioritise secure access in management interfaces and support channels. User authentication methods can include username/password, MFA, and integration with external identity providers, all tailored to client needs. Moodle's robust role-based access control framework allows us to restrict configuration screens based on agreed user roles. Access to infrastructure management interfaces is strictly limited to authorised SkillSet personnel via VPN with multifactor authentication. Server command line/SFTP access utilises public key authentication. Our information security manager and technical director oversee permissions in accordance with our ISO27001-accredited process, ensuring the highest security standards.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 22/05/2024
• What the ISO/IEC 27001 doesn’t cover: There are no exemptions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policy is provided to all staff and forms part of our ISO27001(2022) compliance. It covers, but is not limited to, any systems or data attached to the company’s computer or telephone networks, any systems supplied by the company, any communications sent to or from the company and any data that is owned by the company held on external systems. The company will ensure that: - information is always available to those who need it and there is no disruption to business. - confidentiality is not breached. - the integrity of information is maintained. - appropriate legal, regulatory and contractual clauses are complied with. - the management team continually improve security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We hold ISO27001(2022) accreditation and manage configuration and changes through processes controlled by our quality management system. All source code is tracked within Git or Subversion as part of our continuous integration pipeline. Customers initiate changes following our formal Change Request process, and all changes undergo impact assessment and customer approval. Our approach to individual client instances allows us to make customer-specific changes without adversely affecting other clients, ensuring flexibility and tailored solutions.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We proactively assess potential threats through regular vulnerability scanning and penetration testing. We stay informed about security risks via trusted sources like the Moodle community, security bulletins, and our internal threat monitoring. We follow ISO27001 processes for evaluating and deploying critical patches in a timely manner, with bi-monthly reviews ensuring all systems are protected. Results from penetration tests are applied across all our Moodle sites to strengthen security for everyone.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes include continuous vulnerability scanning and intrusion detection systems to identify potential compromises early. If a potential compromise is detected, we immediately escalate the issue to our information security manager. Resolution procedures strictly adhere to our ISO27001 approved process. We guarantee a response to all incidents within one working hour.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow an ISO27001-approved process for incident management, ensuring structured and effective responses. Users can conveniently report incidents via email, phone, or a support ticket. We use predefined processes to streamline resolution. We provide customers with detailed incident reports, including response times, and discuss them during service review meetings. Our robust incident management approach is regularly assessed as part of our ISO27001 certification.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS
• How shared infrastructure is kept separate: SkillSet creates VPCs for each client, logically isolated virtual networks within AWS. VPCs define network boundaries, subnets, route tables, and security rules, customising a completely separate environment within the shared infrastructure. Client server instances exist within these VPCs keeping them separate from other client instances.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SkillSet and the Latitude 91 group continue to strive to meet demanding environmental, social, and sustainability commitments, aiming to be the best business we can be. As members of the SME Climate Hub (www.smeclimatehub.org), we are committed to achieving net-zero status by 2050 and halving baseline emissions by 2030. Our office practices promote recycling, public transport, and electric car leasing. Sensor-controlled lighting and remote work policies further reduce our environmental impact.

  Equal opportunity

  We champion diversity and inclusion. Our commitment is reflected in our longstanding equal opportunity policies and a workforce where:; 40% of our staff are female; 25% of the board are female; 30% of our staff are from diverse ethnic backgrounds.; 40% are over 50. ; ; Flexible work arrangements cater to diverse needs, including caregivers. Our company leadership extends this commitment to the community, exemplified by our current support for Ukrainian refugees. While not directly part of our G-Cloud service, these values signal our approach to responsible business, aligning with socially conscious clients.

  Wellbeing

  Our company supports remote working and allows flexible working hours to meet employee needs. HR conducts weekly check-in calls with staff. Directors actively cultivate open channels of communication to foster transparency, trust, and collaboration, nurturing a positive and productive work culture. Our annual anonymous staff satisfaction surveys consistently reflect high levels of employee contentment and commitment.

Pricing

• Price: £3,600 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.deed@skillset.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.