Mind Tools for Business from Emerald Works. Learning and Development Toolkit - Small organisations
On-demand leadership and skills development, designed for government departments, agencies and public bodies up to 150 people. We create a learning culture for small organisations and individuals to thrive. Our learning and development online digital resources improve employee performance through real time accessible content. Customisable e-learning/training courses meet learners’ needs.
Features
- Learning and development eLearning tools/functionality for users and managers
- Mind Tools – Online interactive toolkit with on-demand, skill-building resources
- Access to 54 topic areas, and 2000+ individual resources
- 13 formats including infographics, audio, video, guides, exercises, self-assessments
- Off the shelf - self service to online digital resources
- Specifically designed for smaller departments, agencies and public bodies
- Analytics – data on login-frequency, time spent learning and more
Benefits
- Reassurance – market leader of learning and development solutions
- Versatility – scalable L&D services in wide range of formats
- Stability – established 1967, we're a financially secure, global business
- Proven – award-winning resources that improve performance
- Secure – end-to-end control of data, managed in-house
- Reliability - Service available at least 99.5%, 24/7/365
Pricing
£2.13 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 6 9 8 1 0 1 3 8 2 7 0 6 8 2
Contact
MIND TOOLS LTD
Simon Hulcoop
Telephone: 0207 788 7978
Email: shulcoop@mindtools.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
HR Management Systems
Employee Benefits Systems
Talent Management Systems
Other internal organisational systems - Cloud deployment model
- Private cloud
- Service constraints
-
Technical support is available between 8.30 am and 5.30 pm Monday to Friday. Outside of these times support requests can be logged 24x7 via email. Requests will be prioritised as required during business hours and an anticipated turnaround time provided on a per case basis.
It supports the latest stable releases of Microsoft Edge, Chrome, Firefox and Safari. It is accessible on any device with the latest stable releases of iOS and Android with a modern browser. - System requirements
- Cloud-based
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
1 business hour for "critical" issues
2 business days for issues classified as high priority.
5 business days for issues classified as medium priority.
10 business days for low priority - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Critical: PRODUCTION SITE DOWN/NO ACCESS
MAJOR FUNCTIONALITY DEFECTIVE - 1 business hour. High: SEVERE LIMITATION OF FUNCTIONALITY GROUPS OF USERS AFFECTED - 2 business days. Medium: MODERATE LIMITATION OF FUNCTIONALITY
MINOR PROPORTION OF USERS AFFECTED - 5 business days. Low: LOW IMPACT DEFECT OR BUG SINGLE USER AFFECTED - 10 business days. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- This off the shelf product is designed to be intuitive and easy to self serve. Administrators have the ability to manage their users for "adds, moves and changes". We'll send you a comprehensive set of documentation to ensure you know everything you need to know for launching your new platform, all of the features and how to get the most from the reporting system.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- User data can be exported via CSV and uploaded to new system.
- End-of-contract process
- All access is revoked after the end of the contract, all negotiations about renewal of contract will happen before the end date. The data is maintained for 30 days after the end of the contract to comply with our Disaster Recovery Policy.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No differences
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
Our Toolkit is an online provision consisting of 54 topic areas, with over 2000 individual resources. The resources sit under the following four topic headings: Leadership & Management, Personal Development, and Business Skills.
The Toolkit consists of 13 different resource formats including infographics, audio, video, key ideas, questionnaires, how to guides, exercises, self-assessments, top tips, surveys, case studies and more.
Our platform is fully responsive – offering a consistently excellent user experience on any device with a modern browser, meaning staff are able to access the resources wherever and whenever they need it. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We work with Abilitynet to audit our software to ensure an end-to-end digital accessibility strategy. Abilitynet have a panel of independent testers who assess our software. Our Quality Assurance team test using a range of assistive technologies, and we maintain an accessibility statement.
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
-
Our service should be available at least 99.5% of the time on a 24/7/365 basis.
We provide full contract support to all customers with a range of suitably qualified employees; each customer is owned by designated individuals.
This ensures our customers have a designated person in the business to contact for their specific needs as well as a clear escalation route.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
In a determined period of time, the manager can see and download:
Active Users
New Users
Total Time Spent in Resources
Usage (Total View) by Date
Resources Accessed by user, date and topic.
Individual users can see and download their own usage:
Total Time Spent in Resources
Time Spent This Month and Year to Date
Last Accessed Content and Date
Completed Assessments - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Encryption at rest using AWS KMS Solution. KMS uses FIPS 140-2 validated hardware security modules to generate and store our keys. Our keys can only be used inside these devices and can never leave them. The security and quality controls in AWS KMS have been certified by multiple compliance schemes.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- By Excel from within the system.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.
All data flows including but not limited to cloud/application interfaces, API's, authentication information, data transfers/replication, administration and support services and functions including those provided by supply chain members are encrypted using the latest industry standards and high strength encryption mechanisms.
Availability and resilience
- Guaranteed availability
- Our Service should be available at least 99.5% of the time on a 24/7/365 basis.
- Approach to resilience
-
Our platform architecture is deployed by leveraging AWS features. Critical platform components are replicated across multiple AWS Availability Zones, each of them designed as an independent failure zone. All data centres are online and serving customers. No datacentre is "cold". In case of failure, automated processes move customer data traffic away from the affected area. Each availability zone is designed as an independent failure zone.
We leverage this capability by balancing the architecture components between two Availability Zones to keep the system operational even if one stops working.
In case of a failure, the DNS is configured to exclude the unhealthy services from the pool of available services and redirect the traffic to the operational Availability Zone. To cover the increase of traffic in the new zone, the automatic scalability process will begin creating the extra resources needed to keep the service at an acceptable response level. Once the original Zone is back online, the operation team follow a standard procedure to remove the old services that are out of sync. They will then recreate the needed system and link this with the other Zone. The traffic will then start flowing into the original data centre. - Outage reporting
-
We have a monitoring team available 24/7.
The alerts triggered by high level issues come via Slack, Email and automated phone calls. We also work with level of scalonation to decide who should take the front.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- Minimum access is granted.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
-
2FA is enabled to any database or webservice associated with management of the service.
Access to our internal management application is only possible via SSO.
Any patches or changes are only allowed if connected to the VPN with individual and timestamped credentials.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Supplier held ISO 27001
- Supplier held ISO 27017
- Supplier held ISO 27018
- Supplier held ISO 27701
- Supplier held CSA STAR CCM v3.0.1
- Supplier held ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Provided by participating learning organisation with support from Account Manager.
- Information security policies and processes
-
Policies are reviewed on at least an annual basis.
Procedures have been established in order to set basic rules for building security into the entire HR process to ensure that policies and procedures are in place to address security issues. Our Employee Handbook contain specific guidance about home working, data protection, information security policy, access control, acceptable use, virus prevention and system security, intrusion detection, remote access, server security, etc.
Personnel are required to complete security awareness training.
Staff are required to undertake compliance training on an annual basis.
All contractors have to sign a written contract we have in place and we hold regular meeting with them to ensure all contractual obligations are being met.
We ensure that all third parties adhere to our policies, as do internal core employees, and adopt the same level of control, audit capability and industry certification. They are all governed by a GDPR compliant data protection contract.
Minimum access required is practiced, and all access is monitored and recorded to an individual.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
A systematic approach is applied to managing change and ensure that changes to customer-impacting aspects of any functionality are reviewed tested and approved. Change management standards are based on established guidelines and tailored to the specifics of each change request. Program change documents and security best practices are documented on Confluence and Jira.
The development environments are accessed only by authorised developers and the testing environments are separated from the production environments.
Changes are tested according to established Change Management standards prior to migration to production. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We use a system called Data Dog for the following: Security Analytics (siem), Intrusion Detection (conjunction with ossec), Log Data Analysis, File Integrity Monitoring, Vulnerability Detection, Regulatory Compliance (such as GPDR and PCI/DSS) .
In the event that a potential or actual breach is detected the task to identify the cause and remediate the breach is worked immediately. If such action involves patching, patches are tested and evaluated before they are installed to ensure they are effective and do not result in side effects that cannot be tolerated. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Continuous monitoring is performed for recommended critical patches and upgrades in order to mitigate risks resulting from exploitation of published vulnerabilities. Any detected security vulnerability is triaged and remediations are prioritised above and beyond to CVSS score depending on several other factors such as exploit availability, malware availability, social media activity, affected assets value etc.
We perform vulnerability scans every month and whenever a major change is made.
Alerts for high risk processing are monitored in real time and anomalies are followed up immediately.
We have documented and maintained threat and vulnerability management policies and procedures. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Documented policies and procedures for reporting security, availability and confidentiality incidents are in place for identifying, acting upon and reporting failures, incidents and other security concerns. Incidents are logged within a ticketing system, assigned severity rating and tracked to resolution. An Information Security Incident Response Team (ISIRT) is in charge for the response and mitigation activities and escalation of incidents.
Clients will be notified immediately of the discovery of a security breach or data loss incident and all corrective actions will be communicated and shared with client council. Any preventative controls will be agreed with client council.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Mind Tools has an 'Eco Squad' responsible for identifying opportunities to tackle climate change. Our parent company, Emerald Group, is a participant in the Net Zero Challenge, which encourages colleagues to take actions to balance the amount of greenhouse gases we are putting into our atmosphere with the amount we are taking out. - Covid-19 recovery
-
Covid-19 recovery
Our Coronavirus Advice Team coordinates all internal efforts to recover from the pandemic, including setting direction on travel policies, office working, etc. We have also offered a COVID-19 Support Pack to help learners and businesses adapt to the return to work (https://mindtoolsbusiness.com/resources/blog/emerald-works-launches-covid19-support-pack-version2) - Tackling economic inequality
-
Tackling economic inequality
Mind Tools has a 'Charity Squad' to lead on charity activities and makes no use of zero hours contracts. We have also partnered with Working Chance to help women with convictions restart their careers (https://mindtoolsbusiness.com/resources/blog/mind-tools-partners-with-working-chance) - Equal opportunity
-
Equal opportunity
We adopt fair employment practices including an anonymised application process whereby hiring managers shortlist based on applications with no personal information, just employment history and skills/responsibilities. We also offer: clear flexible working policy and process; enhanced maternity, paternity and adoption leave; flexible approach to home and office-based working (this began prior to the Covid-19 pandemic); additional paid leave available to carers and for those with significant personal commitments e.g. moving house. - Wellbeing
-
Wellbeing
We have 'Social' and 'Wellbeing' Squads set up to promote activities; an Employee Assistance Program accessible to all employees; additional paid leave available to carers and for those with significant personal commitments e.g. moving house; sabbatical leave; support and encouragement of continuous development e.g. encouragement to attend external courses, webinars etc; clear goal setting and review cycle being launched to encourage learning and constructive 1 to 1 conversations. This last item includes time being set aside dedicated to discussing career and growth aspirations.
Pricing
- Price
- £2.13 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- The free trial is the exact copy of the service. We have a trial site that the client can be added to for a period of time. The free version is not available for anyone. The user needs to be added to the platform.