People Alchemy Ltd

People Alchemy LWP/ePortfolio

The People Alchemy Learning Workflow Platform/ePortfolio is used for induction/onboarding, developing managers and leaders, enabling learning transfer, training event pre-work, managing mentoring/coaching activities, nurturing aspiring talent, eportfolio and qualifications management, certification assessments, and many other learning and behavioural outcomes. Used in NHS/healthcare for Care Certificates, Preceptorships, Clinical Competencies and more.

Features

Build your own performance pathway, or buy off the shelf
Gather business metrics for ROI calculations
Use the pathway for effective induction
Create an eportfolio for qualifications
Simple to use admin tools and reporting features
Observation in practice assessments
Addon to manage CPD
Mobile device access and SMS alerts for primary user roles
Competency certification and assessment
Qualification assessment and verification functions

Benefits

Reinforce learning transfer from training room to workplace
Manage experiential learning (the 70%)
Involve line managers with their team development
Create a coaching/mentoring mindset
Embed learning right into the workflow
Accelerates time to proficiency
Embeds and reinforces desired behaviours
Encouragres self-directed learning
Easy administration of assessment and verification functions
Save time and effort on programme administration

£42 a user

Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Paul.Matthews@peoplealchemy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

People Alchemy Ltd Paul Matthews
Telephone: 0330 113 3005
Email: Paul.Matthews@peoplealchemy.com

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: No constraints
System requirements: Some Google CDNs, for example, Google fonts, whitelisted in firewall

User support

Email or online ticketing support: Email or online ticketing
Support response times: A meaningful response is typically within one hour during UK office hours. Support may be provided at weekends but is not guaranteed.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Support availability 8 am to 5 pm on standard UK working days.
Standard support response times normally within 1 hour.
Incident escalation process available.
Reasonable support costs are included in the basic contract.
We do not supply a specific technical account manager or cloud support engineer for each account.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Implementation: set up can be done onsite or online.
Training onsite or online is offered for customer admin users to help with implementation, user administration and reporting.
End-user training is generally not required but support is available as necessary.
A full admin user guide is available online.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Pathway templates and completed pathways can be exported as PDFs.
Logs and usage reports can be extracted as Excel spreadsheets.
End-of-contract process: User access becomes unavailable.
With agreement from the customer, all customer data on the system is deleted on an agreed date.
There are no additional costs unless custom data extracts are required.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: All screens for end users are mobile-optimised and resolution-responsive for the main user roles.
Admin screens are partially responsive but we would expect admin users to be on a desktop device.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The service interface allows a customer administrator to fully manage their instance of the system.
Accessibility standards: None or don’t know
Description of accessibility: The administrator screens are not compliant with WCAG2.1.

Some assistive technology, such as screen magnifiers work, but screen readers are not supported.

Note that the end-user screens are compliant with WCAG2.1 AA
Accessibility testing: We have not done any testing of the admin interface with assistive technology.
API: No
Customisation available: Yes
Description of customisation: Customised branding and skins (by supplier)
Custom reports by selecting parameters (by user admin)
Extensive configuration to manage system behaviour (by user admin and/or supplier)
Build custom learning pathways (by user admin)
Custom features (by supplier)

Scaling

Independence of resources: The service is hosted on a server cluster which is significantly over-specified for the average usage levels. The cloud-based cluster can be upgraded within minutes for unusual loading situations.

Analytics

Service usage metrics: Yes
Metrics types: User access data and logs reported in different ways against different filters.
Also user progress through their assigned pathways.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: Less than once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: No
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: User details and usage reports can be exported by Admin.
Individual users can export their notes and generated data as PDFs.
Larger exports for groups of users can be provided on request and for a fee depending on complexity and quantity of data required.
Data export formats: CSV

Other
Other data export formats: PDF

MS Excel XLSX
Data import formats: Other
Other data import formats: MS Excel XLSX

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Service availability 99.9%
Approach to resilience: Available on request
The datacentre provider is Tier 4
Outage reporting: Customers are informed by email if their access is significantly affected by an outage.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Username and password for web access to administration screens.
People contacting support via phone or email are assessed for being genuine based on what they know about the account, and previous contact with us. Any requests for significant system changes are verified at another level within the customer account.

In addition, MFA can be switched on for Admin and/or other user roles.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: Between 6 months and 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Between 6 months and 12 months
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: We have in house processes that use SO/IEC 27001 as a guide for good practice.
We use external security consultants for penetration testing and security advice.
Information security policies and processes: The CEO is responsible for security and the relevant policies.
He maintains the security policy, with the assistance of an external security consultant, and ensures the risk assessment is kept up to date.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Changes to the software are tested in the development environment, then on a staging server, and then immediately after installation on the production server.
A ticketing system and a Git repository track all code and configuration modifications through this process.
All changes are assessed for security implications, and then further tested by an external penetration tester on the regular pen test cycle.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: In addition to our in house testing, we engage an external pen tester on a regular cycle of testing.
We monitor appropriate security publications and also rely on our external security consultants for up-to-date information on potential threats.
Patches to our own software to mitigate security risks are deployed immediately, and patches to operating systems and other libraries in use by the system are updated, usually monthly, or when required based on the level of threat.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We have monitoring software installed to warn of any unusual activity.
Unusual activity is immediately assessed for threat and appropriate action taken.
We also engage an external security consultant to do regular penetration testing, and immediately fix any vulnerabilities that he identifies.
Incident management type: Supplier-defined controls
Incident management approach: Users would report incidents or outages by phone or email to our support desk.
Should there be an incident, the CEO would report directly to any affected customers.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Pricing

Price: £42 a user
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: We provide a fully working sandbox system with all features and some additional tweaks to assist testing.
Pathways built in the sandbox can be exported to a production account.
The number of users in the sandbox is limited but there is no time limitation.

Service documents

Request an accessible format

Cookies on Digital Marketplace

People Alchemy LWP/ePortfolio

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents