Think Learning

Totara TXP Learn LMS (Learning Management System)

Totara TXP Learn: a functionally rich, mobile-responsive platform for elearning, VLE, compliance, CPD, blended learning, seminar (including virtual), multitenancy. Integrated performance appraisal, talent management, e-Commerce, e-Forms, education funding, Content Marketplace. LXP features, social learning and Competencies with Totara Engage, Totara Perform. Healthcare, NHS, ESR, Government, University, Higher/Further Education specialist experience.

Features

• Personalised, role-specific learning pathways and user experience
• Securely cloud hosted, scalable and includes multitenancy
• Fully responsive theming (with Mobile App options)
• Mandatory training and compliance tracking
• Blended learning with seminars and elearning (SCORM, AICC, xAPI)
• Report builder, dashboards, BI integration, ESR Interface
• Single Sign-On (SSO), HRMS (e.g. ESR) integration, e-Commerce features
• Custom workflow processes (Onboarding, Applications, Apprenticeships, e-Forms)
• Social learning and LXP features, Workspaces, Microsoft Teams integration
• Performance appraisal, talent management, succession, CPD, Revalidation

Benefits

• Personalised learning paths for different staff groups and roles
• Data is 100% secure, UK cloud hosted, fully-maintained, backed-up
• User interface responds seamlessly to all device browsers
• Customisable mandatory training refresh periods for real-time compliance data
• Manage different types of learning within a single course
• Interactive and colour-coded reports to help managers proactively manage compliance
• Single sign-on creates a streamlined experience to facilitate employee onboarding
• Custom workflow for more advanced, versatile, performance and business processes
• Improved staff engagement through social, adaptive learning and LXP features
• Powerful processes to track annual performance appraisal and review cycles

£9,433 to £155,947 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@think-learning.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

542044645157649

Contact

Think Learning Commercial Team
01273 025078
hello@think-learning.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Totara TXP Performance (Talent Management Platform), Totara Engage LXP (Learning Experience Platform)
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Planned downtime for scheduled updates/upgrades, pre-agreed with clients for maximum convenience/efficiency, and minimum disruption to end-users.
• System requirements:
  • PC or Mac: Windows 7+, Mac OS X 10.5+
  • Client-side JavaScript required for some administration features
  • Tablet or Smartphone: Android, iOS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard response time within UK business hours: ; - Critical: 1 hour; - High: 4 hours; - Medium: 8 hours; - Low: 16 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard online 2nd and 3rd line support to client administrators (£90-£110/hr dependent on issue complexity). This covers off-site support, helpdesk responses, booked webinar appointments, and other activities requested by client (e.g. site configuration, user guide creation, etc). We track time used against the Support budget in our timesheet system at our standard rates of £110/hr (£825/day) for problem-solving and consultancy, or £90/hr for administration tasks, explanations, and straightforward configuration work via our helpdesk. 20% of the overall support budget is not formally tracked by our teams, and is accounted for by quick, adhoc query responses, access to our online Helpdesk, and further Support-based reporting and analysis. We take a proactive, collaborative approach to Support, working hard to ensure that support queries receive long-term solutions (with detailed responses designed to prevent issue recurrence). We track/report Support budget usage for clients, so that you can make informed, timely decisions about whether or not extra budget is required during the contract. You do NOT pay anything for us to fix confirmed bugs with the system or confirmed technical issues with our hosting services. We offer client portal/forum access, and involve clients with roadmap development and platform strategy. Premium support services are available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Prior to launch, as part of our robust Implementation Service, system administrators go through rigorous training and hands-on familiarisation programmes which are delivered via live, interactive online training sessions (which are recorded for refresher training purposes). Additional cost where onsite training/workshops are specifically required. In business-as-usual, system administrators have access to online training via the Totara Academy certifications, and a comprehensive online Help documentation portal. In addition, system administrators have ongoing support via the Think Learning Helpdesk (utilising their Client Services & Support budgets), and via optional further training and consultancy from our Operations and Development Services teams. We also facilitate client networks (sector- and topic-specific), events, and forums to promote networking, sharing and collaboration.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: When the contract ends, we will provide you with a copy of all user and site data . We do not provide a copy of the Totara TXP code, nor copies of any bespoke software code developed in the course of delivering the Service, because each Totara partner is responsible for their own Totara code, and code created by the Supplier is for use by the Supplier’s client community only. We can provide additional help in migration, either using remaining support budget or for an additional support fee. We purge all client data from servers and all historic backups.
• End-of-contract process: The off-boarding process is included in the price of the contract (provide client/new supplier with all data, purge client data at agreed timescale), any additional actions would be at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Totara is written in-line with industry web standards including XHTML, HTML5, and ECMAScript 5.1 (commonly referred to as JavaScript). Totara Learn displays in the latest browsers that supports these standards. We aim to ensure that the product is equally usable both on desktop and mobile devices. Areas such as navigation, expandable/collapsible sections, and actions should all work with both desktop and mobile controls. There are also responsive themes provided with Totara that will re-flow for smaller resolutions to give the best possible user experience. We also supply native Mobile Apps (optional).
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: REST, SOAP and XML-RPC can be utilised within our platform and implemented on request by the technical team to integrate external systems such as payroll and HR systems. SCORM, AICC and xAPI can be utilised for elearning and set by the user within external authoring technologies.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our Totara user interface has high configurability built into the system administration menu and this includes the user interface colours, language, navigation and layout, and a wide range of additional theming areas. Totara is a permissions-based system so anyone with the appropriate level of permission can make the customisations. Customisation can be at site level, at category/course level and across a wide range of other platform functionality areas (dashboards, theming, user journeys, CPD evidence, competencies, reports, system access rights, and many more). At the course level, there are a range of course creation options and activities that are customisable including the layout of the activities, and the design of online assessments. There is a report builder where the appropriate users can customise reports and dashboards.

Scaling

• Independence of resources: Our platforms are hosted on scalable cloud servers that are monitored 24/7 using performance monitoring software.

Analytics

• Service usage metrics: Yes
• Metrics types: The report source for service metrics includes a 'Site Logs' audit trail for site-wide user activity logging. This system logging gives administrators the ability to see which pages a learner has accessed, time/date they accessed, the IP address, and site actions (view, add, update, delete). These logs can be displayed on a page or downloaded in text, ODS, Excel.; We also provide free site activity tracking reports (from a web analytics application) to provide rich data around LMS in-page time spent, bounces, geographical access and device/browser intelligence.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Encryption at rest for virtual environments is available on request.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Totara Learn is GDPR compliant and has the ability for an individual user to export all data linked to them. The format of each item of exported data is equivalent to its storage method in the application's database (e.g. course names/completion dates, or numerical values that represent status). Totara Learn also provides capabilities for export in the application (e.g. Report Builder, Record of Learning). This approach can be useful for an individual wanting, for example, to take their completion data (courses, competencies, certifications) with them to a new employer.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: External system or database integration

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We work to make your System available for use over the internet 24 hours per day, 7 days per week. We commit to no more than 0.1% of the year of unscheduled downtime (total inaccessibility to your production site), with service credits if we don’t meet this commitment (based on additional free weeks of hosting/maintenance service). Planned maintenance is excluded from the calculation. At least 5 working days of notice will be provided for any maintenance taking place between 5pm and 8am. At least 10 working days of notice will be provided, for any maintenance taking place between 8am and 5pm (or as agreed with clients). Your Totara site will be monitored via health checks at the server and application layers.
• Approach to resilience: We provide clients with access to high performance, secure, entirely UK-based platform services (with ISO27001, ISO9001, ISO27017 certification). A tier 3 data centre in London, and 100% network uptime guarantees. Includes a hot spare blade, so that in the event of a blade failure, a fresh blade is provided and restored. Daily backups are provided and stored on a separate SAN located on a separate physical location. Firewalls are provisioned in a High Availability (HA) pair and are fully managed. The DDoS defence system is based on detection/diversion/verification/forwarding, and inspections are performed in real time, including the provision of IDS server monitoring for any malicious activity.
• Outage reporting: We report outages through Think Learning Helpdesk notifications, email alerts, and by phone, as relevant.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Platforms utilise role-based access control for named system administrators, and all other role types (i.e. managers, employees, trainers, etc). The individuals, system administration and management roles, and specific configuration access are specified and agreed as part of the Implementation process. The named system administrators also have access to technical support via the Think Learning Helpdesk. This is routinely audited, as part of ISO27001 accreditation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISO Quality Services Ltd
• ISO/IEC 27001 accreditation date: 04/03/2022
• What the ISO/IEC 27001 doesn’t cover: Our data centre partners have separate ISO27001 certification for the UK data centre. Certificate available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: IT Governance Ltd
• PCI DSS accreditation date: 24/04/2023
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO9001
• Information security policies and processes: Information Security Management System policies and processes, certificated and audited bi-annually by ISO Quality Services Ltd. Audit reports available on request. The Information Security Manager is a board level Director.; Our Cyber Security and Information Security policies are communicated to, and signed by, all Think Learning employees. Staff training around GDPR is a key element of our onboarding process. We have regular audits of the controls listed above in terms of ensuring that all devices used by staff are fully compliant. All staff are updated at internal company meetings about ongoing cyber and information security requirements of personal devices and internal systems. As consultants, they can also advise on the Infosec capabilities of our cloud-hosted platforms.; Think Learning also has an ICO registered Data Protection Officer (DPO).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Code is managed by the Technical Services team utilising Git. Service and feature changes follow secure software development practices, and risk reviews prior to launch, including pen test processing. Access to production environments is limited. All changes are reviewed and tested before approval and promotion. Stages include design, documentation, implementation and/or rollback, testing in staging and dev sites, peer review, and approval by authorised parties. Exceptions to change management processes are documented and reviewed. All changes and upgrades are tested within a client specific development environment to ensure functionality and security before moving to the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is a control within our Information Security Management System (12.6.1). We monitor for vulnerabilities, and where vulnerabilities are identified, system asset lists are examined to assess the impact of the vulnerabilities on the security of the system. Where a software update is deemed necessary, then the change control process is initiated. Critical patches are deployed as soon as reasonably possible.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our cloud-hosted platforms are monitored 24/7 at the application layer via health checks and performance monitoring. In the event of a potential compromise the technical team are alerted by text to resolve the issue within the stated SLA. Our security suite and defence system is based on detection/ diversion/ verification/ forwarding.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via the Think Learning Helpdesk, which triggers the internal incident management process, involving Classification and initial support; Investigation and analysis; Resolution recording, closure and reporting via the Helpdesk.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Think Learning is a Carbon Audited Organisation, to support ours, and our customers', social and environmental objectives as we move towards a net-zero carbon economy. Audited by https://carbonmanagers.com/. We are committed to carbon reduction in light of the global climate emergency. Through an annual carbon audit we understand the impact of our operations and we minimise this through a long-term investment into carbon offsetting using a combination of ethical carbon removal methods and annually achieving less than 'net zero'. We apply our environmental policies to the activities of all our offices and wherever possible to our consultants when operating on client sites. We will support our clients’ environmental policies when we are operating on their sites. The company applies the principles in a number of ways: ; • Our hosting partner is fully ISO14001 compliant at their London data centres, and are very committed to environmental sustainability. They work to actively reduce the impact of all of their data centres on the environment, through energy efficiency programmes. ; • We undertake an annual company carbon audit. ; • We encourage consultants to work from home whenever possible to reduce impact on the environment. ; • We encourage our consultants to use public transport when travelling, and we operate a car hire scheme which reduces the need for employees to own cars. ; • We conserve natural resources by reusing and recycling materials such as paper and printer cartridges, purchasing recycled materials or with a high recycled content, and using recyclable packaging and other materials wherever possible. ; • We use electronic communication such as email, intranets, voice over IP and P2P software to reduce the amount of paper used. ; • We undertake regular internal audits to ensure ongoing compliance with this policy, including where they impact our Cyber Essentials Plus, ISO9001 and ISO27001 accreditations.
• Covid-19 recovery:

  Covid-19 recovery

  During the pandemic, we've strengthened and improved our technological and service infrastructure, and we are able to offer a very robust, entirely virtual service. We’ve responded quickly to pandemic-related pressures, helping Healthcare clients to schedule mass-staff vaccination appointments, creating a Risk Assessment solution, and configuring PPE-related workflows and e-Forms. We've built increased resilience and capacity so that we can continue to provide high quality, uninterrupted services to our (predominantly Healthcare) client base. We're privileged to have been able to support a wide range of public sector organisations during the pandemic, but especially a large NHS Healthcare client base, who have achieved incredible results in very difficult circumstances, and who have been pushed to deliver more, faster, better, with learning technology. Our platforms have allowed the NHS to rapidly onboard thousands of volunteers and medical staff returning to work to deliver the vaccination program during the pandemic. This was achieved not only by the flexibility of the platform, but also with Totara’s waiver of subscription threshold charges to support NHS efforts in the fight against COVID-19. Throughout the pandemic, Totara was adopted by an additional 44 healthcare customers (in 2020 alone) as organisations sought agility in their learning platforms to rise to the challenges posed by COVID-19.
• Tackling economic inequality:

  Tackling economic inequality

  The majority of our clients are not-for-profit organisations in the public and tertiary sectors. With extensive experience in Non-profit and Health sectors (25% of England’s NHS staff use our Totara Learn platform), we place a high priority on values-based working, and aim to engender a professional culture which recognises and supports the public-spirited ethos of our range of clients. ; The company applies the principles in a number of ways:; • We donate to NHS Charities Together, in order to recognise the extraordinary work of healthcare workers.; • We donate to (and sponsor) NHS employee award ceremonies and presentations, to recognise their contribution to society and their communities.; • We support our employees to volunteer in their local community, as part of their Think Learning salaried time. This enables them to donate paid time to charities/community projects up to 8 hours per year.
• Equal opportunity:

  Equal opportunity

  Think Learning is committed to building an organisation that makes full use of the talents, skills, experience, and different cultural perspectives available in a diverse community, and where people feel they are respected and valued, and can achieve their potential regardless of age, gender, sexuality, disability, religion, race, colour, nationality, national or ethnic origins. We follow the recommendations of the CRE’s statutory Code of Practice on Racial Equality in Employment in all its employment policies, procedures and practices. The aims of our published Equal Opportunity Policy are to ensure that:; • no one receives less favourable treatment, on grounds of age, gender, sexuality, disability, religion, race, colour, nationality, or ethnic or national origins, or victimised for taking action against discrimination or harassment, or instructed or put under pressure to discriminate against, or harass, someone;; • the organisation is free of unwanted conduct that violates the dignity of workers or creates an intimidating, hostile, degrading, offensive or humiliating environment;; • opportunities for employment, training and promotion are equally open to all candidates; and; • selection for employment, promotion, transfer and training, and access to benefits, facilities and services, will be fair and equitable, and based solely on merit.
• Wellbeing:

  Wellbeing

  We provide integrated health cover for all staff including an Employee Assistance Programme and a trained Mental Health First Aider. To help relieve pressure on NHS services, we provide health insurance to employees, which includes benefits such as: Fast track GP appointments, Counselling through 'Stronger Minds', and the 'Be Supported' EAP portal.

Pricing

• Price: £9,433 to £155,947 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial site enables you to explore Platform functionality and try out features such as dashboards, site navigation, course content, compliance features/reports, blended learning, appraisals, competencies, 360 feedback. Contact hello@think-learning.com for access. Site configuration and data is refreshed periodically.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@think-learning.com. Tell them what format you need. It will help if you say what assistive technology you use.