Ledidi AS

Ledidi Core

Ledidi Core is an end-to-end SaaS solution that supports research study design, data capture, statistical analysis, graphical presentation in a simple, intuitive user interface, that is secure and made for collaboration.


  • Advanced do-it-yourself study design features
  • Data capture from surveys, forms, file import and API
  • Real-time descriptive and comparative statistical analysis
  • Real-time graphical presentation of results
  • Optimized for multi-center studies
  • Control the privileges and access rights of project collaborators
  • Easy-to-use web interface
  • Security and privacy by design and default
  • Confidental computing
  • Enterprise self-service user management


  • Collaborate throughout the entire research project lifecycle
  • Real-time collaboration across institutional and national borders
  • Get insights from data faster
  • Ability to perform analysis without exposing underlying raw data
  • Do everything yourself (start a project in hours, not months)
  • Work and collaborate on unlimited projects with no additional costs
  • Keep data safe and structured
  • Compliance with GDPR and other privacy legislation
  • Effortlessly manage your collaborators' privileges
  • All-in-one solution; no more switching between many softwares


£30 to £60 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andreas.landsverk@ledidi.no. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 0 0 8 2 4 5 7 2 8 9 2 3 0 4


Ledidi AS Andreas Dierkes Landsverk
Telephone: +4542678809
Email: andreas.landsverk@ledidi.no

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
There are no constraints. Ledidi Core requires only an updated browser and an authenticator app to set up an account.
System requirements
  • Any updated browser
  • Two-factor authentication app

User support

Email or online ticketing support
Email or online ticketing
Support response times
Ledidi's target response is within 1 hour between 9-16 CET on business days. Our current average time to first response is about 30 minutes.
User can manage status and priority of support tickets
Phone support
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users can communicate directly with a Support Agent from a web chat that is accessible when users click the "?" icon in the upper-right corner of Ledidi Core.

Ledidi Core leverages Freshdesk, which complies with WCAG 2.0 AA as of August 2021.
Web chat accessibility testing
No specific tests have been performed with assistive technology users in the web chat.
Onsite support
Yes, at extra cost
Support levels
Ledidi offers several forms of support to all our customers and users. Our primary support channel is email (support@ledidi.no). Support inquiries are handled through the Helpdesk. Inquiries are assigned to a Support Agent, who is responsible for handling the case throughout the support process. Bugs and incidents will be assigned Ledidi's technical team, and user inquiries will generally be assigned Ledidi's Science team.

Ledidi provides technical account managers or cloud support engineers for institutional accounts, but not for single user or team accounts.

Advanced scientific support for study design and methodology is available upon request and generally at extra cost.
Support available to third parties

Onboarding and offboarding

Getting started
Ledidi's user-friendly and intuitive interface allows users to use Ledidi Core immediately. Ledidi do, however, have a self-service onboarding program with how-to-guides, videos and webinars that can be accessed free of charge for all users.

Ledidi may also provide on-demand 1:1 sessions with our experts, generally at extra cost.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There are export options in Ledidi Core that will allow users to export their content in user-friendly formats like CSV and SVG at any time, including when the contract ends.
End-of-contract process
You can terminate the agreement for any reason by providing us notice, by failing to renew your subscription, or by deleting your account.

You can delete your account from your user account settings. Your account is set inaccessible at the time you delete it, but any remaining data that you have not deleted is kept so that it can be restored for 90 days after you deleted your account. This is a security measure in case unintended actions led to the deletion. After 90 days, all data is deleted including backups. Any subscriptions connected to your account will run until the end of term, independently of the deletion.

It is possible to make arrangements for other end-of-contract procedures upon request to Ledidi Support prior to ending the contract.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Ledidi Core is accessed from the browser on any device with no limits to the functionality. Ledidi Core works on mobile and tablet, but it is recommended to use Ledidi Core on a desktop or tablet for the best overall user experience.
Service interface
User support accessibility
None or don’t know
Description of service interface
Ledidi Core’s user interface is accessed through any updated browser.
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
What users can and can't do using the API
A customer can get the API through the subscription management page, and Ledidi can either provide a system integration user or federated authentication.
All functionality in the app is supported as APIs.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The customers can easily configure their projects' study designs, invite and manage collaborators, manage user privileges, and more in Ledidi Core.
Ledidi Core has APIs at all levels of the architecture. This allows support for most integration scenarios.
Ledidi Core cannot be customized at the application level.


Independence of resources
Ledidi uses projections, volume testing and tracking of actual numbers to monitor scale-up-needs for its applications - across all customers. Ledidi is using a strict template for this and configurable volume test scripts, combined with AWS Cloudwatch.
In the customer-closed-VPC-scenario Ledidi ensures scale-ups using the same framework, and in addition based on agreements with the customer.
Ledidi monitors the performance of its systems using AWS Cloudwatch, and tunes the components using e.g. API throttling, preprovisioned AWS Lambda instances, AWS RDS cluster node configurations and additions, AWS Opensearch cluster node configuration and additions.


Service usage metrics
Metrics types
The only relevant metric for Ledidi Core is the number of users and subscriptions on a subscription owner's account, as Ledidi Core has a fixed price per user per month.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users with user privileges enabled to allow export data on a given project can export data (CSV), statistics (CSV) and figures (SVG) from that project.
Data export formats
  • CSV
  • Other
Other data export formats
  • SVG
  • CSV
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Ledidi guarantees 99 percent uptime, and can accept higher SLAs on a case-by-case basis.
Approach to resilience
This information is available upon request.
Outage reporting
Ledidi's business continuity plan include a communication plan with stakeholders (employees, customers, vendors, media and regulatory agencies) on different media based on the severity of the outages.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
All accesses in Ledidi Core are logged.
Only specially trained and appointed back-end developers have access to customer content. Ledidi has processes to ensure that no unauthorized access to customer content is made.

Project owners need to provide written consent for Ledidi's Support Agents to access customer's content. Support Agents only has access to subscription- and account information.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Ledidi has initiated the ISO-27001 certification process.
Ledidi's Internal Control System that manages security governance, privacy governance, and health and environment governance. Ledidi's Core's technical architecture are specified and implemented according to requirements and templates from:
- The Code of Conduct for information security and data protection in the healthcare and care services (Normen)
Ledidi's governance system is implemented and operational to ensure compliance with legislation, regulations, and contracts, and to handle non-conformities.
Information security policies and processes
Ledidi aims to be certified in ISO / IEC 27001: 2017 by 2022.

Ledidi has implemented security policies that support the preservation of confidentiality, integrity, availability of information, and robustness to systems information is processed in by using a risk management process. Deviation management is included. Ledidi ensures that the policies are followed via employees' training, deviation management and regular review of the routines and security policies.
- Acceptable use policy
⁃ Change CodeBuild policy
⁃ Data retention and deletion procedure
⁃ Personal data security procedure
⁃ Internal Audit review to verify that policies and procedures are in accordance with current legislation regulations and statutory
⁃ Non-conformity procedure
⁃ Detection and handling of security incidents policy
⁃ Security testing
⁃ Security Awareness Training & Simulated Phishing to ensure policies and procedures are followed

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Ledidi has a thorough and security-oriented development process, during which each new version goes through code reviews, vulnerability checks, automated testing, architecture assessments, privacy assessments, risk assessments, impact analysis, integration testing, security testing and system testing. After each deployment, each component is monitored according to architectural and technical quality criteria, e.g. performance, scalability, vulnerability and potential and actual security issues.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Ledidi performs annual security audits and reviews, monthly risk assessments and release risk assessments. For each single change on any component, threats are assessed before development, automatic vulnerability checks are run, third-party libraries are checked and code reviews focus on all security issues. Ledidi also performs external and internal penetration testing. For any security issue found in production, Ledidi deploys a patch the same day as the root cause of the issue is found.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Ledidi has a core backend and infrastructure team that monitors all activity continuously in AWS Cloudwatch, and based on Cloudwatch and AWS Guardduty both known security incidents and all abnormal behaviour trigger alarms to the entire team. Ledidi has a detailed business continuity plan and incident response procedure for each incident, which involves assessment of cause and damage, immediate response and long-term response. The immediate response is the same day as cause is found, and if the security issue is above a certain level of severity, we close all potential access to the system until the root cause is found.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Ledidi has predefined procedures for incidents, and the employee who discovers the incident / issue, registers it as a task in Atlassian Jira, notifies the rest of the team, the team lead and the CDO and registers an incident report.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Equal opportunity

Equal opportunity

Ledidi has an Equality, Diversity and Inclusion policy that is an integral part of Ledidi's Internal Control System.


£30 to £60 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Get started with Ledidi Free and see how Ledidi Core fits your needs. Collaborate on one project you are invited to, create two projects of your own (35 entries per project included). There is no time limit.

Convert to a Ledidi Core subscription to work and collaborate without any limitations.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andreas.landsverk@ledidi.no. Tell them what format you need. It will help if you say what assistive technology you use.