Virtual Learning Environment (VLE) and Learning Management System (LMS)
Secure offline and online (HMPPS assured) Virtual Learning Environment (VLE) and Learning Management System (LMS). Device and educational asset management and reporting.
Learning records, impact and usage, analytics, AI interpretation.
Remote and onsite technical support and training.
Digital content design, curation, management and storage. SCORM and xAPI compliant.
Features
- Secure asynchronous/synchronous learning for online and offline use
- MoJ approved Virtual Learning Environment / Learning Management System
- Individual device and content management, tracking and reporting
- Advanced accessibility tools for LDD and Neurodiverse users
- Detailed user engagement, usage, impact data and analytics
- Individually tailored education, healthcare, employment, skills, psychological interventions content
- Supports all audio, video, document formats. SCORM and xAPI compliant.
- Content design and management for self-guided and blended e-learning
- On-site support in secure environments by vetted staff
- Anonymised individual learner accounts work across multiple devices
Benefits
- Move learning records between secure environments and the community
- Support users and staff in prisons and the community
- LDD learners supported to engage with learning opportunities
- Full audit trail of individual device allocations and usage provided
- Monitoring of usage and impact for teaching staff and buyers.
- Users access digital content and support tailored to their needs
- Users access full range of media to improve digital literacy
- Access specialist expertise in digital content for isolated learners
Pricing
£120 to £500 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 8 3 1 8 3 7 1 2 7 3 6 2 3 1
Contact
CORACLE ONLINE LIMITED
James Tweed
Telephone: 07899958091
Email: jtweed@coracleonline.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Typical SLA has first response time, Monday - Friday, between 0900-1700 of 2 hours. In non-business hours (Saturday - Sunday and bank holidays), automated monitoring for severity 1 incidents.Resolution times dependant on issue severity.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Testing queue management and auto responses to ensure quality of service.
- Onsite support
- Yes, at extra cost
- Support levels
-
CENTRAL SUPPORT DESK (UK based) for telephone, email and ticket channel support. We provide first, second, and third level support to support technical queries and investigations for all customers, included within the support and maintenance fee.
Our on-site support (within prison and other secure environments) provides dedicated, security vetted (Enhanced Level 1, 2, CTC) support personnel. these staff are on hand (drawing keys) to support and guide the prison from initial on boarding to full deployment.
Support levels are based on the contract. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
Initial on-site training by Coracle is conducted to ensure staff are aware of the features and the practical application of said features to support the user's engagement in purposeful activities.
This initial on-boarding is conducted using a train the trainer method, coupled with an authorised user guide, allowing for staff to become capable of supporting Coracle devices.
Contract dependent, a dedicated Coracle representative will be on-site at regular times on an agreed basis to provide further assistance, as well a centralised support desk who are on hand to provide further support.
Additional training with a dedicated Coracle Trainer can be purchased which encompasses half a day of onsite training, covering initial on-boarding topics as well as any site specific topics raised prior to the training session. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
All requests for data extraction must come to Coracle for completion. The format of these exports are csv. If any additional formatting is required, these will be considered for effort assessment.
Unless specified, when the retention period for the data expires, as outlined in Coracle's data retention policy, Coracle will actively destroy the data covered by policy.
If an individual or customer believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, they should identify this data and provide information as to why the data should not be destroyed. - End-of-contract process
-
For contracts where hardware is provided: Removal of the devices, including peripheral equipment (printers, cables etc) from the establishment for decommissioning is included in the price.
Decommissioning will involve resetting each device to factory settings in accordance with NCSC guidance. The factory reset erases all the information on the device's hard drive.
The Supplier will provide a certificate to state that all devices have been decommissioned to provide Buyer with assurance that they have been correctly wiped/erased.
Any obsolete or broken peripheral equipment is recycled or environmentally responsibly disposed.
Full offboarding will be provided at no additional cost to the buyer (with the exception of any additional effort required to format data exports).
For contracts where hardware is not provided: See data removal section above.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Standard responsive behaviour affects the cosmetic layout but no features are impacted.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Users interact with the service via a headless Learning Record Store (LRS) as an HTML portal. Our use of the xAPI (IEEE 9274.1.1-2023) standard for learning technology makes it possible for us to collect data about a wide range of experiences. Osprey-VLE and Colombo provide the integrated service.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We have implemented a range of support for neurodiverse users and tested the interface across UK prisons with a range of prisoners.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Coracle can customise the content on offer within the Coracle Content Store.
Scaling
- Independence of resources
- We have auto sharding processes in place and auto scaling server contracts.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
All service metric data is synced to the cloud. When used online, data is updated in real time; when used offline, data is updated when connected to the internet.
Data and metrics collected include:
- Individual learning records, completed, workbooks and progression date,
- Individual device usage metrics including page visits and time on site for different content accessed by users,
- Device management, allocation and security data - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
User learning records can be exported as anonymised user and/or device specific accounts.
Learning data is exported as xAPI statements.
User generated documents are exported in PDF, ODF or HTML format.
Usage and engagement data is exported in CSV or SPSS ready format.
Device management, allocation and security data is exported as CSV or PDF (also accessible through secure user portal).
All data containing Personally Identifiable Information is stored, exported and shared in accordance with our HMPPS approved Level 2 Data Protection Impact Assessment and the Data Protection Act (2018) . - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- HTML
- SPSS
- Data import formats
- Other
- Other data import formats
- N/A
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- SLAs in place for offline and online use to meet requirements on the ground per site.
- Approach to resilience
- Available on request.
- Outage reporting
- API, email and SMS alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
-
Offline users in prisons don't require authentication as devices issued to their care.
Online users require username and password. - Access restrictions in management interfaces and support channels
-
Management console access is restricted via a role based permission system attributed to authorised user credentials (username / password).
Offline users are restricted via centrally managed services that do not allow for access to any interfaces other than a user interface. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- HMPPS Assurance
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
-
Coracle are certified Cyber Essentials Plus and comply with the tenets and governance of ISO 27001: 2022.
Information Security Policy details the responsibility of individuals and the business to the confidentiality, integrity, and accessibility of data.
Mandatory policies are promoted for reading via line management and HR systems. This system requires an acknowledgement from the individuals reading the documents with line management ensuring the policies are adhered to.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
CONFIGURATION MANAGEMENT
Components are managed via source controls as part of Coracle's use of Bitbucket and centrally hosted Git repositories.
Changes (including fixes) are controlled via Git branch procedures and peer reviews and approvals (pull/merge requests).
CHANGE MANAGEMENT
Business change requires a documented reason for the change, impact assessments, review, and approval by representative stakeholders from affected areas of the business. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Potential vulnerability awareness is gathered through relevant primary sources (OEM notifications) and secondary sources (openCVE alerts). General awareness and corresponding notification to Lead Software Engineer is also encouraged.
Vulnerability relevance is assessed and dictated by Lead Software Engineer and Product Development Manager.
Patching policies dictate that all software defined as being in scope must be patched within 14 days. With the exception of key components (which are manually reviewed and accepted as necessary every 7 days) these patches are automated.
Participation in monthly MOJ Security Working Group meetings. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Monitoring and corresponding alerting is configured to ensure the stability of the service (CPU load monitoring, password changes, user event logs etc).
The alerts are sent to members of the Security and Risk Management Group with assessments being made by the Lead Software Engineer and Product Development Manager.
All alerts are assessed as they are made with corresponding actions conforming with the Incident Management process (including triage). - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incident management processes are founded in ISO 27035 including Six Sigma RCA methods.
Users report incidents via on-site support through to the dedicated support desk. The channels for managing are emails, tickets or phone with potential incidents that meet the definition being encouraged to be phoned through.
Incident reports are compiled by an appointed incident commander and approved by the Security and Risk Management Group.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We are committed to reducing waste to landfill by ensuring that any obsolete or broken IT equipment is recycled or environmentally responsibly disposed.Tackling economic inequality
We are committed to creating new jobs and developing skills amongst employees.
We support charities to support our supply chain and other related charities, committing to distribute 1% of total annual contract value to our selected charities.Equal opportunity
We are committed to actively seeking to recruit a diverse workforce and have a programme of targeting appropriate jobs at Coracle to be filled by ex-offenders.Wellbeing
We are committed to the six standards of Mental Health at Work commitment, retaining Investors in People accreditation and conducting half yearly reviews around staff wellbeing.
Pricing
- Price
- £120 to £500 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Free trials available on request and subject to agreement on a case by case basis.