EVOTIX LIMITED

Evotix Learn

Evotix Learn gives you all the control of an LMS, with the flexibility of an LXP.

We provide a Next Generation Learning Experience by getting your content into the flow of work, the business applications your people actually live in.

Features

• Learning content management
• Content authoring
• Mobile learning and notifications
• Works offline
• Extended Enterprise - authenticate multiple organisations
• Embedded learning - Integrations to business apps e.g. MS Teams
• Multimedia (bitesize) as well as SCORM
• Quizzes to test knowledge
• Deep analytics and behavioural analysis
• Gamification with badging and leaderboard

Benefits

• Efficiently track progress and monitor overall performance
• Identify centres of excellence
• Provide additional training for common knowledge gaps
• Increase sales and reinforce best practice
• Improves productivity across a disunified workforce.
• Train and build knowledge in the field with offline access
• Improved engagement and morale
• Increases sales and reinforces best practice.
• Complete assigned tasks without being confined to the office

£9,750 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@evotix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

670320378367089

Contact

David Coley
03003033657
gcloud@evotix.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The service can provide video support for any intranet, internet site or learning management system.
• Cloud deployment model: Public cloud
• Service constraints: 99.9% service availability, assured by independent validation of assertion
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer different response times for queries for our standard and premium support offering.; ; For standard support, we provide a 4 hour response time; For premium support, we provide a 3 hour response time.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: N/a
• Onsite support: Onsite support
• Support levels: Our customers prize our expert and friendly support both during implementation and ongoing. 95% of our customers renew every year. Our UK based customer services team answer all calls promptly and resolve problems quickly whether they relate to training or configuration. We follow a 6 stage case management process. All cases, issues, or requests for change are, in the first instance, reported to the Help Desk as the central point of contact. As first line support, the Help Desk can be contacted by phone or email Monday to Friday 8:30-17:30. Requests are recorded and monitored in our case management system which ties the request to your customer account to provide a complete history. Where first line support is unable to solve the customer issue, the case is escalated to second line support. Here, our system experts will work to understand the customer issue and diagnose the problem. Once derived, the solution is communicated, by phone and/or email, to the customer in our outlined SLA. If second line support cannot resolve the customer issue, the case is escalated to third line support for root cause analysis and/or data fix.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide any level of service required by the customer. This includes assistance in uploading and customizing the interface, and migrating content from any existing service
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of the contact term we will extract the content and associated metadata and make it available to the customer via media such as DVD or portable HD
• End-of-contract process: As above, at the customer's request the content can be delivered on DVD or portable HD.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no feature differences between the mobile and desktop versions. The service is responsive to different screen sizes across desktop, tablet and mobile
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: There is an administration portal interface accessible by users with the correct permissioning and access. It allows submission, editing and management of content and users and access to the analytics interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Accesible via the desktop and all of the features including submission, editing and management of content and users and access to the analytics interface are available.
• Accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: Data insert using RESTful API.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service allows for complete customisation through drag and drop templating and styling interfaces. Any page can be fully modified, either by the customer or via our professional services.

Scaling

• Independence of resources: Real-time monitoring of server load with alerts on critical components EG. CPU load, memory load, throughput. Application servers are load balanced.

Analytics

• Service usage metrics: Yes
• Metrics types: The service can report video playback information, including the duration of playback on a per-video basis. This information is available per-user or aggregated for the whole service.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data either by downloading it directly (for video files) or exporting the content metadata as XML. The service also provides for content export via the API
• Data export formats: Other
• Other data export formats: XML
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: IP restricted access

Availability and resilience

• Guaranteed availability: 99.9% uptime, scheduled and notified maintenance schedules, clawback in contract
• Approach to resilience: Environmental Controls are implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters. ; ; The Datacentre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Datacentres use generators to provide back-up power for the entire facility.
• Outage reporting: Dedicated 24/7 monitoring at service centre. Real-time dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: The user can integrate with their own SSO provider.
• Access restrictions in management interfaces and support channels: For environment administration, access can only be provided via VPN from a whitelisted IP address to authorised users confirmed by MFA.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Whitelisted IP address and SSO.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISO Quality Services Limited
• ISO/IEC 27001 accreditation date: 20/06/2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: A full suite of information security policies and processes is in place as required by ISO 27001.; ; Internal auditing checks take place to ensure that all security controls are being observed. This includes policies

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our hosting provider maintains documented operational procedures for both infrastructure operations and customer-facing support functions. Newly provisioned infrastructure undergoes appropriate testing procedures to limit exposure to any hardware failure. Documented procedures and configuration version controls provide protection from errors during configuration. Changes to an existing infrastructure are controlled by a technical change management policy, which enforces best practice change management controls including impact/risk assessment, customer sign off, and back-out planning.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patches to solution every 2 weeks unless critical, then immediate.; Penetration testing and internal code testing (peer reviewed and deployment testing services); Employ best practice to mitigate against known issues (e.g. SQL Injection); Regular automated vulnerability testing with risk based timescales for remediation if any issues are found.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Evotix uses AWS GuardDuty firewalls to protect the Learn systems, this includes the following protections: Access Control Lists, DDOS, Intrusion prevention, threat detection, API monitoring, log analysis and VPC analysis; One of its functions is checking for unusual events, based on a common baseline. ; When alerts come in these logs \ areas are checked. Manual reviews are also carried out. These are done ad hoc to avoid pattern forming; Virtual firewalls (security groups) are used to restrict ingress between the layers of the platform in the VPC.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Where an Incident is identified, an Incident Response team is convened, the incident is classified, immediate action taken and an investigation is commenced.; It will be escalated internally to an appropriate level of management.; Following immediate action and investigation, follow up actions will be identified to implement corrective actions to resolve the incident and mitigate the potential for recurrence.; A customer will be notified if their information has been affected as soon as practical.; Whilst investigation is happening, the customer will receive updates. A full investigation will be completed and a report will be issued.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our solution offers the ability to track and report carbon emissions. Using this information customers can identify solutions to reduce their emissions.
• Covid-19 recovery:

  Covid-19 recovery

  Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic.
• Tackling economic inequality:

  Tackling economic inequality

  Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic.
• Wellbeing:

  Wellbeing

  We have a wellbeing toolkit, delivered through GLOW that provides a wellness and wellbeing framework from which to assess and diagnose areas of strength and weakness around mental health and general wellbeing. GLOW contains tools, advice and resources for users to address potential issues and create more resilience in this space, helping them be fit for work.

Pricing

• Price: £9,750 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: - Immediate access to the mobile app; - See how easy it is for anybody to engage in e-learning; - Experience first hand how you can collect more consistent data; - Unlimited access
• Link to free trial: https://learn.storyshare.app/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@evotix.com. Tell them what format you need. It will help if you say what assistive technology you use.