Cornerstone OnDemand

Cornerstone Guide for Public Sector

Organisations expect digital transformation projects to improve productivity, reduce search and support costs, and boost innovation across the board.  Cornerstone Guide is a robust simple-to- use Digital Adoption and automation platform to onboard users, roll-out changes, enhance productivity, and improve performance with real-time and interactive guides and VR learning

Features

• Adoption Guides:In-app tours, how-to guides, assisted automations
• Adoption Guides: Cue-based instruction, searches and chat.
• Pick up& go: No training or engineering required, low code.
• One unified platform covers digital adoption for all enterprise applications.
• User can access key applications, via web, desktop and mobile
• Track usage by device, drill down to user journey data
• Access to user journey data,driving workflow and feature adoption
• Create instructional guides with multimedia support, automation updates one-click publishing

Benefits

• Productivity improvement attributed to technology use, process adoptions, task completion
• Reduction in time spent searching for content, answers internally/externally
• Reduction in training times for system deployment, features,change processes.
• Decrease support calls with availability of tours, guides, learning, automation-aids.
• Easy to build, measure, change and maintain interactive, immersive content

£26,000.00 to £26,000.00 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

596993409176788

Contact

Stuart Smith
07534853811
spsmith@csod.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: TBC
• Cloud deployment model: Public cloud
• Service constraints: Cornerstone Guide customers have access to an online reference library and support site with basic and advanced help content.
• System requirements: As a SaaS Service - there are no hardware requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Guide customers have access to an online reference library and support site with basic and advanced help content.; ; Cornerstone provides a Guide Help Center to customers that contains release notes, product documentation, and other useful resources. A Help icon within the Guide interface will lead users to the Help Center.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support options include: - OnDemand’s self-service resources is available 24/7 through the web interface within the Cornerstone application. ; Case Management Tools:Available 24/7 via self-service portal. ; Live Emergency Phone Support:24/7 S1/S2 Emergency Support.; Included Support - provided as standard. 2 Named Admins ; Phone Support (M-F):Available Monday through Friday, 24 hours. ; ; Choice Support Includes: - 5 Named Admins - Live Emergency Phone Support:24/7 S1/S2 Emergency Support - Access to shared Customer Service Manager (CSM). ; ; Preferred Support Includes: - 5 Named Admins - Phone Support 24/7/365 Shared GPS Guru: Dedicated GPS Subject Matter Expert ; ; Elite Support Includes: - 10 Named Admins - Phone Support 24/7/365 - Prioritized Case Handling: Enhanced case review and resolution. - Elite Support Performance Scorecard - Named GPS Guru: Dedicated Global Product Support Subject Matter Expert. - Weekly Guru Call: A scheduled time to discuss upcoming business projects and/or needs. - Release Weekend Support: Live support during release weekend.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Guide is a simple, yet immensely powerful, digital adoption tool that perfectly complements the EdCast Learning Experience Platform. EdCast provides your own MyGuide environment for you to create support modules that learners can use to better navigate the LXP. EdCast will also provide standard support packages for guidance on how to navigate the first time, how managers can assign learning to their teams, how users can create content, and many other key elements to help you to effectively onboard your population of learners.; ; Once you decide on the modules you would like to use, we will work with you to customize and align them to your unique environment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: TBC
• End-of-contract process: TBC

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Guide is available via web browser, mobile, and desktop. Each provides a slightly different experiences for content delivery.; ; Our offline player allows users to complete online courses on their phones and tablets while not connected to the internet. ; Online classes behave as though they are being used online: bookmarks are kept, progress is saved, etc. ; After reconnecting to the internet, the results of the training can then be uploaded to Cornerstone.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Please refer to the following link for further detail: https://docs.edcast.com/docs/apisintegrations
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The ability to customise the system is available to users with Creator or Administrator licenses. Customisation options include:; ; Step-by-Step Demos: Turn off/on audio; configure demo (colours, layout, etc.); ; Segmented System Settings: Apply global settings (colours, logos, font, messages, etc.); ; Tool tips: Ability to upload custom tool tip icons, ability to change colours, etc.; ; Ability to hide/show certain elements based on roles

Scaling

• Independence of resources: The SaaS solution has no theoretical scale limits.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes. All MyGuide data is reported in the MyGuide Insights portal. This data can be exported to a third-party app, if necessary.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data-at-rest protection, Optional TDE Encryption at rest; Physical access control, complying with CSA CCM v3.0 and ISO27002 Standards.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data from MyGuide Insights can be exported as PDF or CSV.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data in transit, which includes when data is exported, is fully encrypted with TLS 1.2.

Availability and resilience

• Guaranteed availability: MyGuide notifies customers in advance if we know there will be unscheduled downtime. Security risks or external factors can affect this. Please refer to our SLA for further details.
• Approach to resilience: Cornerstone’s Disaster Recovery/Business Continuity Plan defines plans, procedures, and guidelines for the Company in the event of disaster. Specifically, this document establishes procedures for recovering business operations, internal data; systems, and critical internal functions to maintain Cornerstone as an on-going concern in the face of unexpected events.; ; The plan has the following primary objectives: ; •Identify critical systems, services, and staff necessary to maintain and/or restore Cornerstone business operations and internal functions. ; ; •Provide guidelines for the communication of activities and status to both Cornerstone staff and client personnel during the recovery period.; ; •Present an orderly course of action for restoring critical computing capability to Cornerstone and for maintaining and/or restoring client service and support. ; ; Cornerstone performs site-to-site replication of data to protect client data in the event of a disaster. There are two dedicated disaster recovery sites distant from each of the production data centers. Disaster recovery testing is performed semi-annually at each DR site.
• Outage reporting: Outages occur during scheduled maintenance/releases. Otherwise, the system is not likely to experience any outages, however in the unlikely event of an unexpected outage, clients will receive email alerts. Downtime is scheduled for planned quarterly releases at least 4 months in advance and deployed during off-peak hours, typically 8:30PM EST Fridays to 1AM EST Saturday (4.5 hours). Patch fixes typically occur every two weeks between 8:30PM EST and 12:00AM EST. The typical downtime for a patch deployment is approximately 10 minutes. Client administrators can access a calendar of upcoming release and patch dates at any time through our client portal, Success Center. In addition, multiple email reminders are sent in advance

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: MyGuide supports SSO through SAML 2.0. MyGuide can defer to the customer’s identify provider (IDP) for user authentication.
• Access restrictions in management interfaces and support channels: Users need a unique username, password to access the application. Alternatively, clients can be authenticated using security tokens, utilising a symmetric algorithm, passed by the client’s local authenticator for Single Sign-On functionality.; ; Passwords represent a fundamental and significant security mechanism at Cornerstone. Passwords are required to access the production network (via Active Directory) and applications (SQL Server). User accounts are created that employ individual user ID and passwords to identify and authenticate a given user. Users cannot access any Cornerstone system without a valid user ID and password. The SQL server logon groups are each configured to use Windows authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: HITRUST
• PCI DSS accreditation date: 01/01/01
• What the PCI DSS doesn’t cover: TBC
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18, ISAE 3402 Type II, SOC 2 Type II
  • SOC 2 (Type II)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Guide is SOC 2 (Type II) and HITRUST certified. Guide has also implemented GDPR compliance. Periodic audits are performed regularly.
• Information security policies and processes: Guide is SOC 2 (Type II) and HITRUST certified. Guide has also implemented GDPR compliance. Periodic audits are performed regularly.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Beta, development, stage, and production environments are available.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Penetration tests are conducted at least annually to examine and remediate any potential vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Guide uses Microsoft Defender which performs automatic scans and sends the reports to improve and tighten our security, including installing patches, vulnerability scans, etc.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Alerts are monitored 24/7 by MyGuide’s Security Operations Center Team. Alerts are prioritized and the Security Team is notified in real time. Notifications are escalated according to severity.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Cornerstone strives to have a positive environmental impact, operate in a sustainable and ethical way, and bring a social conscience to all business decisions, with the well-being of people and the planet at the center. We maintain an Environmental, Social, Governance (ESG) Policy that details our commitment to responsible business practices. Cornerstone’s ESG Committee is responsible for the oversight of all ESG matters. Reporting to the Head of Social Impact, Cornerstone has an ESG Manager who manages day-to-day ESG operations. For more details, please see https://www.cornerstoneondemand.com/legal/

Pricing

• Price: £26,000.00 to £26,000.00 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A “sandbox/test environment” is available upon request during the evaluation period. It can include a multiple number of users (log-ins/passwords) with various roles and permissions—based on your needs. Once the sandbox/test environment is requested/received, Cornerstone will activate it for a pre-determined time period.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.