Catalyst IT Europe Ltd

Moodle

Catalyst provide managed service hosting for the Moodle LMS, alongside support, consultancy, training and development.
Catalyst provide a range of services from a standard code base SaaS solution, through to customised bespoke development and hosting, working closely with you as our partners.

Features

• Full hosted, managed, eLearning solution including assessment tools
• Purpose built, fully responsive user experience through customised theme
• Content creation using the H5P toolkit as standard
• Supports learning content including SCORM, documents, audio, video
• Full integration with other systems including those with LTI compatibility
• Distance and blended learning facilitated with the BigBlueButton feature set.
• Built in accessibility checking and reporting
• Powerful reporting functionality, including graphical representations and dashboards
• Compatible with all modern platforms, browsers, devices and even offline
• Open source code offers core functionality and bespoke development options

Benefits

• Construct learner-centric courses with a variety of resources/activities available
• Offer content and track engagement for internal and external audiences
• Engage with learning anywhere and on multiple devices
• Integrate learning and development with existing systems for seamless experience
• Build in competency based learning and development frameworks
• Develop, approve and monitor learning plans by individual or role
• Provide synchronous and asynchronous learning delivered direct to users
• Customise themes to your organisation's requirements to support learner engagement
• Report on learning, progress and activities throughout learning resources
• Benefit from advanced support and training

£1.30 to £3.66 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at businessdevelopment@catalyst-eu.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

595570691261373

Contact

Richard Oelmann
01273 929450
businessdevelopment@catalyst-eu.net

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The service maintenance window is 7am - 9am on Wednesday of each week. There will not be a deploy every week, however when standard maintenance tasks are required, they will occur within this window by notice only!
• System requirements:
  • Devices (laptop / desktop / mobile ) with internet connection
  • Modern, standards compliant browser

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: See attached service description document. Responses to tickets are variable according to severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Catalyst offer level 2-4 technical support of cloud hosted Moodle LMS. Pricing is subject to negotiation relative to requirements including how mission critical systems are, scale of support need, support hours and geographic location. Catalyst are able to offer dedicated technical account management or onsite support subject to scale of requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Moodle has extensive on-line user documentation and a support community. Catalyst also run a community for our own partner institutions to enable resource and practice sharing. Included with the service is 1 - 2 days (depending on scale of implementation) of foundation administrator / configuration support. Further training by Catalyst (particularly for parties with no prior in-house experience of the platform) is available if required and on request.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Catalyst will provide copies of all data to clients upon request at the end of a service contract. Backups will be deleted after a period of six weeks from the contract end date.
• End-of-contract process: At the end of a contract the Moodle LMS site will be closed, removed from service and all data purged. Costs for this are included in the base contract. If a client requires additional copies of data this can be extract at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Full functionality on desktop and mobile devices are supported by fully responsive design.; ; Administration features of the application may be harder to utilise on a mobile device and for this reason we recommend a desktop/laptop is utilised for application administration.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Application dashboard; Service Management dashboard
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None at this time
• API: Yes
• What users can and can't do using the API: Moodle LMS web services allow you to connect your Moodle LMS site with other applications that have web services / APIs. In order to use web services, your site must use a SSL certificate.; ; You can enable web services globally in the administration user interface and then configure protocols individually to suit your needs. Once a protocol is enabled, it can be used for all functions, users and tokens. Protocols available as of version 16.10 are: SOAP; XML-RPC; REST; and OAuth.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service may be customised as follows:; - adapt the look and feel of the application through custom theme.; - add specific features to meet bespoke requirements.; - apply 3rd party plug-ins to support specific requirements.; - levels of hosting (user numbers and storage) and support.; Code & software development customisations will generally be delivered by Catalyst, but the software may be configured by the customer with full control.

Scaling

• Independence of resources: All user sites are created within their own Virtual Private Cloud. Additionally, Catalyst provide hosting on Private cloud where required.

Analytics

• Service usage metrics: Yes
• Metrics types: Catalyst are able to provide web analytics on the usage of the Moodle LMS service on request. User logs are accessible by default to administrative users of the system.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: User data can be exported from Moodle LMS sites by CSV file. On request and at additional cost, course content can be migrated the clients nominated storage location.; A read only database clone is available as an optional service.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data is encrypted at rest and in transit. Strong security principles and governance ensure proper role separation, minimal privileges granted to each role, and strong defensive security posture.

Availability and resilience

• Guaranteed availability: The Moodle LMS service will use commercially reasonable efforts to ensure a Monthly Uptime Percentage of at least 99.95%, in each case during any monthly billing cycle. Service credits for failure to meet guaranteed availability targets can be agreed as part of individual contract negotiations.
• Approach to resilience: Full redundancy is built into the system architecture with no single point of failure. Additional details are available on request.
• Outage reporting: Email alerts via ticketing system. Private dashboard showing monthly availability metrics.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Configurable permissions within each user group restrict access to site functions as appropriate.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 11/09/2020
• What the ISO/IEC 27001 doesn’t cover: Anything outside the declared scope of:; "The provision of software design, development and testing services, managed cloud services, and associated consulting services in accordance with the Statement of Applicability version 2.2 date 20/07/2021"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Catalyst has formal, documented policies and procedures that provide guidance for operations and information security management within the organisation. The policies clearly define scope, roles, responsibilities and management commitment. Staff maintain the policies in a centralised and accessible location, subject to review by the Security Manager. Senior management provides visible support for security initiatives, and ensures appropriate prioritisation and resource allocation in order to maintain good security posture. Policies are reviewed at least annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to Catalyst services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is limited.; ; Teams set bespoke change management standards per service, underpinned by standard practices.; ; All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.; ; Exceptions to change management processes are documented and subject management review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Catalyst monitors potential threats from a variety of sources including CERT and upstream project channels such as the Debian Security Advisories (DSA). Supplier notifications and industry updates are assessed by technical team and Critical patches are deployed as soon as possible.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Catalyst use a combination of intrusion detection methods to identify potential security incidents. IDS alarms alert the infrastructure support team immediately. Upon detection, the affected systems are isolated and analysed, followed by service restoration using fresh cloud infrastructure
• Incident management type: Supplier-defined controls
• Incident management approach: Yes, standard incident response processes are defined for Catalyst staff. Users may report incidents using telephone or the online ticketing system. Incident reports and root cause analysis are published to the customer as PDF documents upon completion.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Catalyst's Moodle service enables institutions to plan for both face-face and remote training, so that users can carry out their learning and/or training wherever and whenever is best for them.

Pricing

• Price: £1.30 to £3.66 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited access (user) to a demo instance. Extended access to a sandbox environment with admin privileges can be negotiated on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at businessdevelopment@catalyst-eu.net. Tell them what format you need. It will help if you say what assistive technology you use.