Isotoma Ltd

Sofia Curriculum Mapping Software

Sofia is a powerful curriculum tool that maps even the most complex curriculums simply and beautifully. Developed for real-life use by the team at Imperial College it is now in use by nearly 20 institutions worldwide, providing curriculum mapping and management across a wide range of undergraduate and postgraduate courses.

Features

• Support for all curriculums within an institution
• Define metadata on a per curriculum basis
• Powerful version control tools, with full exportable audit trail
• Assign versions of each curriculum to individual cohorts of students
• Cloud hosted SaaS product, fully browser based
• Easy integration via API with other institution systems
• Upload or link to learning and teaching resources
• Round trip import and export of any curriculum
• Integration with institution SSO
• ISO27001 and Cyber Essentials Plus

Benefits

• Rich graphical interface for both students and adminstrators
• Powerful search and filtering of curriculums using metadata
• Allow learners and educators to view outcomes in context
• Support curriculum governance processes and procedures with ease
• Link institution scheduling tools to see when topics are taught
• Provide read only accounts to external accreditors to evidence teaching
• Robust traceability and provability of teaching and learning
• Support curriculum teams across the entire institution
• Access the application on or offline from any device

£12,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

559128487133260

Contact

Andy Theyers
01904313980
enquiries@isotoma.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: SaaS application

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hours UK working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The application is monitored and managed 24 x 7. All customers receive the same support level. All customers have access to a specialist support team via web, phone and email
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Every customer receives up to 10 days of curriculum consultancy provided by educational specialists from Imperial College. There is a large library of online training videos to assist in using the application.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users may extract their data at any point using the unbuilt export feature
• End-of-contract process: Users are provided with an export of their data in a format that can be used in other systems. We manage the disconnection from customers' SSO systems. No other offboarding is required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users accessing the application via a tablet get the full desktop experience. Those accessing via a mobile phone or similarly small screened device get a cut down version of the application, with key 'at a glance' features made more prominent.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Authorised users can:; - access curriculum data; - access curriculum changes; - update curriculum data; - create and update calendar entries
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users of the software can:; - customise the appearance of the application to match their institution's branding; - customise the structure of the curriculum appropriate to their institution; - customise the metadata the system stores appropriate to their institution

Scaling

• Independence of resources: Sofia is installed in multiple AWS Availability Zones and is configured in such a way that it can auto scale. Customers read from a fluid pool of database read replicas, ensuring that all load can be accommodated.

Analytics

• Service usage metrics: Yes
• Metrics types: If you provide us with a Google Analytics tag we will incorporate this within your instance of the application. Other systems are available at a small extra cost

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported at any time via the inbuilt export feature. Data is delivered in a documented spreadsheet format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim to meet 99.99% availability, measured annually. 2020 and 2021 were both 100%
• Approach to resilience: This information is available on request. Full architecture is available to those institutions wishing to purchase the product.
• Outage reporting: Outages are reported on a public dashboard and via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Available on request
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 25/10/2021
• What the ISO/IEC 27001 doesn’t cover: The entire Sofia service is covered by our ISO27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Sofia is managed under both our ISO27001 and Cyber Essentials Plus certifications. Our ISMS is available to prospective customers on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Available on request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on request
• Incident management type: Supplier-defined controls
• Incident management approach: Available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Isotoma is an equal opportunities employer, with 53% of our technical roles filled by staff that identify as female or non-binary. We have complete pay clarity and pay equality across the company.

Pricing

• Price: £12,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can set up a demo instance (time limited to 1 month) for prospective customers

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.