MIND TOOLS LTD

Mind Tools for Business from Emerald Works. Learning and Development Toolkit - Large organisations

Proven learning, training and development solutions for large government departments and public sector bodies. Working with you, we create a learning culture for individuals and organisations to thrive. Mind Tools online resources improve employee performance through real-time, easy-access to digital e-learning content. Our customisable micro-learning/training courses meet specific learners’ needs.

Features

• Digital learning and development tools/functionality for users and managers
• Mind Tools – Online, on-demand interactive toolkit with skill-building resources
• E-Learning – interactive “off-the-shelf” or custom-made courses/training that improve performance
• Access to 54 topic areas, and 2000+ individual resources
• 13 formats including infographics, audio, video, guides, exercises, self-assessments
• Customer Success Team – help to roll-out the best solution
• Account management – ongoing support from a dedicated Account Manager
• Launch support – tech support, help promoting campaigns and training
• Analytics – data on login-frequency, time spent learning and more
• Accredited – fully recognised accreditations by relevant bodies

Benefits

• Reassurance – market leader of learning and development solutions
• Versatility – scalable L&D services in wide range of formats
• Flexible – friendly and experienced teams, by your side throughout
• Expertise – implementation, training, legalities, data security and privacy
• Stability – established 1967, we're a financially secure, global business
• Proven – award-winning resources that improve performance
• Secure – end-to-end control of data, managed in-house
• Reliability - Service available at least 99.5%, 24/7/365
• Client control – add your own content, features and branding
• Bespoke – customised learning and development solutions

£4.50 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shulcoop@mindtools.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

655216871455128

Contact

Simon Hulcoop
0207 788 7978
shulcoop@mindtools.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: HR Management Systems; Employee Benefits Systems; Talent Management Systems; Other internal organisational systems
• Cloud deployment model: Private cloud
• Service constraints: Technical support is available between 8.30 am and 5.30 pm Monday to Friday. Outside of these times support requests can be logged 24x7 via email. Requests will be prioritised as required during business hours and an anticipated turnaround time provided on a per case basis. ; It supports the latest stable releases of Microsoft Edge, Chrome, Firefox and Safari. It is accessible on any device with the latest stable releases of iOS and Android with a modern browser.
• System requirements: Cloud-based

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 0-8 hours (during business hours) for issues classified as high priority.; 48 hours for issues classified as medium priority.; 5 working days for issues classified as low priority.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: High priority: Loss of access for all users or loss of data will be dealt with immediately. Initial contact will be with your dedicated account manager who will escalate to the Technical Director as required. Our service is monitored 24 x 7 and automated alerts issued to key personnel as soon as service degradation is detected. ; Medium priority: Data requests or bugs impacting low numbers of users will be acknowledged within 4 working business hours. Your dedicated account manager will proactively keep you updated. ; Low priority: Low level bugs such as cosmetic or browser specific problems will be acknowledged within 4 working business hours with an ETA provided by your account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide a full implementation and onboarding programme which includes an onsite meeting, remote training, user documentation and a full project plan.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: User data can be exported via CSV and uploaded to new system.
• End-of-contract process: All access is revoked after the end of the contract, all negotiations about renewal of contract will happen before the end date. The data is maintained for 30 days after the end of the contract to comply with our Disaster Recovery Policy.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our Toolkit is an online provision consisting of 54 topic areas, with over 2000 individual resources. The resources sit under the following four topic headings: Leadership & Management, Personal Development, and Business Skills.; The Toolkit consists of 13 different resource formats including infographics, audio, video, key ideas, questionnaires, how to guides, exercises, self-assessments, top tips, surveys, case studies and more.; Our platform is fully responsive – offering a consistently excellent user experience on any device with a modern browser, meaning staff are able to access the resources wherever and whenever they need it.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We work with Abilitynet to audit our software to ensure an end-to-end digital accessibility strategy. Abilitynet have a panel of independent testers who assess our software. Our Quality Assurance team test using a range of assistive technologies, and we maintain an accessibility statement.
• API: Yes
• What users can and can't do using the API: Users cannot make changes to the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform can be customised in many levels:; Logo; Favicon; Mobile tile; Color scheme; Playlists; Contents in general ; Name and order of the folders; Contents inside the folders; Weekly email's sender email address, name and subject; Support contact; Phone number

Scaling

• Independence of resources: Our service should be available at least 99.5% of the time on a 24/7/365 basis.; We provide full contract support to all customers with a range of suitably qualified employees; each customer is owned by designated individuals.; This ensures our customers have a designated person in the business to contact for their specific needs as well as a clear escalation route.

Analytics

• Service usage metrics: Yes
• Metrics types: In a determined period of time, the manager can see and download:; Active Users; New Users; Total Time Spent in Resources; Usage (Total View) by Date; Resources Accessed by user, date and topic.; ; Individual users can see and download their own usage:; Total Time Spent in Resources; Time Spent This Month and Year to Date; Last Accessed Content and Date; Completed Assessments; ; Your dedicated Account Manager can also provide more detailed analytic information to help you understand your data better.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Encryption at rest using AWS KMS Solution. KMS uses FIPS 140-2 validated hardware security modules to generate and store our keys. Our keys can only be used inside these devices and can never leave them. The security and quality controls in AWS KMS have been certified by multiple compliance schemes.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: By Excel from within the system.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We transmit data via HTTPS and use RSA 2048 bits / SHA256 with RSA TLS 1.2 for message encryption. ; All data flows including but not limited to cloud/application interfaces, API's, authentication information, data transfers/replication, administration and support services and functions including those provided by supply chain members are encrypted using the latest industry standards and high strength encryption mechanisms.

Availability and resilience

• Guaranteed availability: Our Service should be available at least 99.5% of the time on a 24/7/365 basis.
• Approach to resilience: Our platform architecture is deployed by leveraging AWS features. Critical platform components are replicated across multiple AWS Availability Zones, each of them designed as an independent failure zone. All data centres are online and serving customers. No datacentre is "cold". In case of failure, automated processes move customer data traffic away from the affected area. Each availability zone is designed as an independent failure zone.; We leverage this capability by balancing the architecture components between two Availability Zones to keep the system operational even if one stops working.; In case of a failure, the DNS is configured to exclude the unhealthy services from the pool of available services and redirect the traffic to the operational Availability Zone. To cover the increase of traffic in the new zone, the automatic scalability process will begin creating the extra resources needed to keep the service at an acceptable response level. Once the original Zone is back online, the operation team follow a standard procedure to remove the old services that are out of sync. They will then recreate the needed system and link this with the other Zone. The traffic will then start flowing into the original data centre.
• Outage reporting: We have a monitoring team available 24/7. ; The alerts triggered by high level issues come via Slack, Email and automated phone calls. We also work with level of scalonation to decide who should take the front.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: They can be previously added and access via username/password or just-in-time provisioning using SSO.
• Access restrictions in management interfaces and support channels: Minimum access is granted.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: 2FA is enabled to any database or webservice associated with management of the service. ; Access to our internal management application is only possible via SSO.; Any patches or changes are only allowed if connected to the VPN with individual and timestamped credentials.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Supplier held ISO 27001
  • Supplier held ISO 27017
  • Supplier held ISO 27018
  • Supplier held ISO 27701
  • Supplier held CSA STAR CCM v3.0.1
  • Supplier held ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Provided by participating learning organisation with support from Account Manager.
• Information security policies and processes: Policies are reviewed on at least an annual basis.; Procedures have been established in order to set basic rules for building security into the entire HR process to ensure that policies and procedures are in place to address security issues. Our Employee Handbook contain specific guidance about home working, data protection, information security policy, access control, acceptable use, virus prevention and system security, intrusion detection, remote access, server security, etc. ; Personnel are required to complete security awareness training.; Staff are required to undertake compliance training on an annual basis.; All contractors have to sign a written contract we have in place and we hold regular meeting with them to ensure all contractual obligations are being met. ; We ensure that all third parties adhere to our policies, as do internal core employees, and adopt the same level of control, audit capability and industry certification. They are all governed by a GDPR compliant data protection contract.; Minimum access required is practiced, and all access is monitored and recorded to an individual.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A systematic approach is applied to managing change and ensure that changes to customer-impacting aspects of any functionality are reviewed tested and approved. Change management standards are based on established guidelines and tailored to the specifics of each change request. Program change documents and security best practices are documented on Confluence and Jira.; The development environments are accessed only by authorised developers and the testing environments are separated from the production environments.; Changes are tested according to established Change Management standards prior to migration to production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a system called Data Dog for the following: Security Analytics (siem), Intrusion Detection (conjunction with ossec), Log Data Analysis, File Integrity Monitoring, Vulnerability Detection, Regulatory Compliance (such as GPDR and PCI/DSS) . ; In the event that a potential or actual breach is detected the task to identify the cause and remediate the breach is worked immediately. If such action involves patching, patches are tested and evaluated before they are installed to ensure they are effective and do not result in side effects that cannot be tolerated.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Continuous monitoring is performed for recommended critical patches and upgrades in order to mitigate risks resulting from exploitation of published vulnerabilities. Any detected security vulnerability is triaged and remediations are prioritised above and beyond to CVSS score depending on several other factors such as exploit availability, malware availability, social media activity, affected assets value etc.; We perform vulnerability scans every month and whenever a major change is made.; Alerts for high risk processing are monitored in real time and anomalies are followed up immediately. ; We have documented and maintained threat and vulnerability management policies and procedures.
• Incident management type: Supplier-defined controls
• Incident management approach: Documented policies and procedures for reporting security, availability and confidentiality incidents are in place for identifying, acting upon and reporting failures, incidents and other security concerns. Incidents are logged within a ticketing system, assigned severity rating and tracked to resolution. An Information Security Incident Response Team (ISIRT) is in charge for the response and mitigation activities and escalation of incidents.; ; Clients will be notified immediately of the discovery of a security breach or data loss incident and all corrective actions will be communicated and shared with client council. Any preventative controls will be agreed with client council.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Mind Tools has an 'Eco Squad' responsible for identifying opportunities to tackle climate change. Our parent company, Emerald Group, is a participant in the Net Zero Challenge, which encourages colleagues to take actions to balance the amount of greenhouse gases we are putting into our atmosphere with the amount we are taking out.
• Covid-19 recovery:

  Covid-19 recovery

  Our Coronavirus Advice Team coordinates all internal efforts to recover from the pandemic, including setting direction on travel policies, office working, etc. We have also offered a COVID-19 Support Pack to help learners and businesses adapt to the return to work (https://mindtoolsbusiness.com/resources/blog/emerald-works-launches-covid19-support-pack-version2)
• Tackling economic inequality:

  Tackling economic inequality

  Mind Tools has a 'Charity Squad' to lead on charity activities and makes no use of zero hours contracts. We have also partnered with Working Chance to help women with convictions restart their careers (https://mindtoolsbusiness.com/resources/blog/mind-tools-partners-with-working-chance)
• Equal opportunity:

  Equal opportunity

  We adopt fair employment practices including an anonymised application process whereby hiring managers shortlist based on applications with no personal information, just employment history and skills/responsibilities. We also offer: clear flexible working policy and process; enhanced maternity, paternity and adoption leave; flexible approach to home and office-based working (this began prior to the Covid-19 pandemic); additional paid leave available to carers and for those with significant personal commitments e.g. moving house.
• Wellbeing:

  Wellbeing

  We have 'Social' and 'Wellbeing' Squads set up to promote activities; an Employee Assistance Program accessible to all employees; additional paid leave available to carers and for those with significant personal commitments e.g. moving house; sabbatical leave; support and encouragement of continuous development e.g. encouragement to attend external courses, webinars etc; clear goal setting and review cycle being launched to encourage learning and constructive 1 to 1 conversations. This last item includes time being set aside dedicated to discussing career and growth aspirations.

Pricing

• Price: £4.50 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial is the exact copy of the service. We have a trial site that the client can be added to for a period of time. The free version is not available for anyone. The user needs to be added to the platform.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shulcoop@mindtools.com. Tell them what format you need. It will help if you say what assistive technology you use.