Skip to main content

Help us improve the Digital Marketplace - send your feedback

CORACLE ONLINE LIMITED

Virtual Learning Environment (VLE) and Learning Management System (LMS)

Secure offline and online (HMPPS assured) Virtual Learning Environment (VLE) and Learning Management System (LMS). Device and educational asset management and reporting.

Learning records, impact and usage, analytics, AI interpretation.

Remote and onsite technical support and training.

Digital content design, curation, management and storage. SCORM and xAPI compliant.

Features

  • Secure asynchronous/synchronous learning for online and offline use
  • MoJ approved Virtual Learning Environment / Learning Management System
  • Individual device and content management, tracking and reporting
  • Advanced accessibility tools for LDD and Neurodiverse users
  • Detailed user engagement, usage, impact data and analytics
  • Individually tailored education, healthcare, employment, skills, psychological interventions content
  • Supports all audio, video, document formats. SCORM and xAPI compliant.
  • Content design and management for self-guided and blended e-learning
  • On-site support in secure environments by vetted staff
  • Anonymised individual learner accounts work across multiple devices

Benefits

  • Move learning records between secure environments and the community
  • Support users and staff in prisons and the community
  • LDD learners supported to engage with learning opportunities
  • Full audit trail of individual device allocations and usage provided
  • Monitoring of usage and impact for teaching staff and buyers.
  • Users access digital content and support tailored to their needs
  • Users access full range of media to improve digital literacy
  • Access specialist expertise in digital content for isolated learners

Pricing

£120 to £500 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jtweed@coracleonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 8 3 1 8 3 7 1 2 7 3 6 2 3 1

Contact

CORACLE ONLINE LIMITED James Tweed
Telephone: 07899958091
Email: jtweed@coracleonline.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typical SLA has first response time, Monday - Friday, between 0900-1700 of 2 hours. In non-business hours (Saturday - Sunday and bank holidays), automated monitoring for severity 1 incidents.Resolution times dependant on issue severity.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Testing queue management and auto responses to ensure quality of service.
Onsite support
Yes, at extra cost
Support levels
CENTRAL SUPPORT DESK (UK based) for telephone, email and ticket channel support. We provide first, second, and third level support to support technical queries and investigations for all customers, included within the support and maintenance fee.

Our on-site support (within prison and other secure environments) provides dedicated, security vetted (Enhanced Level 1, 2, CTC) support personnel. these staff are on hand (drawing keys) to support and guide the prison from initial on boarding to full deployment.

Support levels are based on the contract.
Support available to third parties
No

Onboarding and offboarding

Getting started
Initial on-site training by Coracle is conducted to ensure staff are aware of the features and the practical application of said features to support the user's engagement in purposeful activities.

This initial on-boarding is conducted using a train the trainer method, coupled with an authorised user guide, allowing for staff to become capable of supporting Coracle devices.

Contract dependent, a dedicated Coracle representative will be on-site at regular times on an agreed basis to provide further assistance, as well a centralised support desk who are on hand to provide further support.

Additional training with a dedicated Coracle Trainer can be purchased which encompasses half a day of onsite training, covering initial on-boarding topics as well as any site specific topics raised prior to the training session.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All requests for data extraction must come to Coracle for completion. The format of these exports are csv. If any additional formatting is required, these will be considered for effort assessment.

Unless specified, when the retention period for the data expires, as outlined in Coracle's data retention policy, Coracle will actively destroy the data covered by policy.

If an individual or customer believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, they should identify this data and provide information as to why the data should not be destroyed.
End-of-contract process
For contracts where hardware is provided: Removal of the devices, including peripheral equipment (printers, cables etc) from the establishment for decommissioning is included in the price.

Decommissioning will involve resetting each device to factory settings in accordance with NCSC guidance. The factory reset erases all the information on the device's hard drive.

The Supplier will provide a certificate to state that all devices have been decommissioned to provide Buyer with assurance that they have been correctly wiped/erased.

Any obsolete or broken peripheral equipment is recycled or environmentally responsibly disposed.

Full offboarding will be provided at no additional cost to the buyer (with the exception of any additional effort required to format data exports).

For contracts where hardware is not provided: See data removal section above.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Standard responsive behaviour affects the cosmetic layout but no features are impacted.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Users interact with the service via a headless Learning Record Store (LRS) as an HTML portal. Our use of the xAPI (IEEE 9274.1.1-2023) standard for learning technology makes it possible for us to collect data about a wide range of experiences. Osprey-VLE and Colombo provide the integrated service.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have implemented a range of support for neurodiverse users and tested the interface across UK prisons with a range of prisoners.
API
No
Customisation available
Yes
Description of customisation
Coracle can customise the content on offer within the Coracle Content Store.

Scaling

Independence of resources
We have auto sharding processes in place and auto scaling server contracts.

Analytics

Service usage metrics
Yes
Metrics types
All service metric data is synced to the cloud. When used online, data is updated in real time; when used offline, data is updated when connected to the internet.

Data and metrics collected include:
- Individual learning records, completed, workbooks and progression date,
- Individual device usage metrics including page visits and time on site for different content accessed by users,
- Device management, allocation and security data
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
User learning records can be exported as anonymised user and/or device specific accounts.

Learning data is exported as xAPI statements.

User generated documents are exported in PDF, ODF or HTML format.

Usage and engagement data is exported in CSV or SPSS ready format.

Device management, allocation and security data is exported as CSV or PDF (also accessible through secure user portal).

All data containing Personally Identifiable Information is stored, exported and shared in accordance with our HMPPS approved Level 2 Data Protection Impact Assessment and the Data Protection Act (2018) .
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • HTML
  • PDF
  • SPSS
Data import formats
Other
Other data import formats
N/A

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SLAs in place for offline and online use to meet requirements on the ground per site.
Approach to resilience
Available on request.
Outage reporting
API, email and SMS alerts

Identity and authentication

User authentication needed
Yes
User authentication
Other
Other user authentication
Offline users in prisons don't require authentication as devices issued to their care.

Online users require username and password.
Access restrictions in management interfaces and support channels
Management console access is restricted via a role based permission system attributed to authorised user credentials (username / password).

Offline users are restricted via centrally managed services that do not allow for access to any interfaces other than a user interface.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
HMPPS Assurance

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Coracle are certified Cyber Essentials Plus and comply with the tenets and governance of ISO 27001: 2022.

Information Security Policy details the responsibility of individuals and the business to the confidentiality, integrity, and accessibility of data.

Mandatory policies are promoted for reading via line management and HR systems. This system requires an acknowledgement from the individuals reading the documents with line management ensuring the policies are adhered to.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
CONFIGURATION MANAGEMENT
Components are managed via source controls as part of Coracle's use of Bitbucket and centrally hosted Git repositories.

Changes (including fixes) are controlled via Git branch procedures and peer reviews and approvals (pull/merge requests).

CHANGE MANAGEMENT
Business change requires a documented reason for the change, impact assessments, review, and approval by representative stakeholders from affected areas of the business.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential vulnerability awareness is gathered through relevant primary sources (OEM notifications) and secondary sources (openCVE alerts). General awareness and corresponding notification to Lead Software Engineer is also encouraged.

Vulnerability relevance is assessed and dictated by Lead Software Engineer and Product Development Manager.

Patching policies dictate that all software defined as being in scope must be patched within 14 days. With the exception of key components (which are manually reviewed and accepted as necessary every 7 days) these patches are automated.

Participation in monthly MOJ Security Working Group meetings.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring and corresponding alerting is configured to ensure the stability of the service (CPU load monitoring, password changes, user event logs etc).

The alerts are sent to members of the Security and Risk Management Group with assessments being made by the Lead Software Engineer and Product Development Manager.

All alerts are assessed as they are made with corresponding actions conforming with the Incident Management process (including triage).
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management processes are founded in ISO 27035 including Six Sigma RCA methods.

Users report incidents via on-site support through to the dedicated support desk. The channels for managing are emails, tickets or phone with potential incidents that meet the definition being encouraged to be phoned through.

Incident reports are compiled by an appointed incident commander and approved by the Security and Risk Management Group.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We are committed to reducing waste to landfill by ensuring that any obsolete or broken IT equipment is recycled or environmentally responsibly disposed.

Tackling economic inequality

We are committed to creating new jobs and developing skills amongst employees.
We support charities to support our supply chain and other related charities, committing to distribute 1% of total annual contract value to our selected charities.

Equal opportunity

We are committed to actively seeking to recruit a diverse workforce and have a programme of targeting appropriate jobs at Coracle to be filled by ex-offenders.

Wellbeing

We are committed to the six standards of Mental Health at Work commitment, retaining Investors in People accreditation and conducting half yearly reviews around staff wellbeing.

Pricing

Price
£120 to £500 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Free trials available on request and subject to agreement on a case by case basis.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jtweed@coracleonline.com. Tell them what format you need. It will help if you say what assistive technology you use.