Cornerstone OnDemand

Saba Learning - Learning Management System, LMS, Compliance & Development for Public Sector

Reinvent learning and development to realise employee potential. Saba Learning LMS, a cloud-based SaaS learning management system, is configurable to your exact needs, with rapid implementation, for organisations of all sizes. You can go beyond delivering training and compliance, to developing an engaged, collaborative and skilled Public Sector Workforce.

Features

• LMS, Learning Management, Mobile learning, Social Learning
• "My Plan", intuitive, personalised hub for an engaging learning experience
• Manager "My Team" Dashboard, Team Development activities, Manager actions
• Automated Compliance & Mandatory Learning Management & Audit
• Instructor Led Training, Instructor Dashboard, Attendance Management
• Learning Assessments, Training Evaluations
• Machine Learning: training aligned to interests, skills and development goals
• Learning Assignment, Learning & Classroom Administration, Learning Content Management
• SCORM, AICC, xAPI, TinCan, eLearning, digital learning, blended learning
• Integrated Dashboards, Reporting, Analytics

Benefits

• Deliver modern, prescriptive and mobile-ready training to every employee
• Ensure compliance and support organisational goals
• Deliver an engaging learning experience and drive employee engagement
• Empower employees to learn anytime, anywhere with Saba mobile apps
• Enable Learning in the flow of work with powerful integrations
• Develop skills for a future ready workforce
• Empower your people to learn with AI-recommended content
• Accelerate employee performance and create leaders at all levels
• Simplify content aggregation and content curation
• Leverage actionable insights with built-in dashboards, custom reports, real-time analytics.

£5.00 to £20.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ebarratt@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

674665255550914

Contact

Elaine Barratt
07805 779520
ebarratt@csod.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Cornerstone Unified Talent Management is a fully integrated, self-configurable talent management system. All our solutions, including Recruiting, Learning, Performance, and Careers are tightly integrated.
• Cloud deployment model: Public cloud
• Service constraints: No, Cornerstone is a Software-as-a-Service. Users can access the application at any time and from anywhere through the internet. In addition, Cornerstone has broad experience in developing highly stable single sign-on linkages with its clients. End users will be able to access the infrastructure seamlessly with one login and from a specified location on the client’s network.
• System requirements:
  • As a SaaS Service - there are no hardware requirements.
  • Minimum Desktop Requirements: Recommendations upon request
  • Supports Mobile Device Enablement: Recommendations upon request
  • There are no software maintenance, and no network administration requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cornerstone provides an SLA for all customers that guarantees initial response and resolution in regards to defined priority and severity levels. SupportCentral enables named client administrators to access Global Care knowledge assets, solutions, and self-service support tools online at any time. SupportCentral is powered by a case management system and interface that provides the ability to submit, update, track and manage questions, issues, and other requests. Customers can download a support performance scorecard at any time.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support options include:; - OnDemand’s self-service resources is available 24/7 through the web interface within the Cornerstone application.; - Case Management Tools:Available 24/7 via self-service portal.; - Live Emergency Phone Support:24/7 S1/S2 Emergency Support.; ; Included Support - provided as standard.; - 2 Named Admins; - Phone Support (M-F):Available Monday through Friday, 24 hours.; ; Choice Support Includes:; - 5 Named Admins; - Live Emergency Phone Support:24/7 S1/S2 Emergency Support; - Access to shared Customer Service Manager (CSM).; ; Preferred Support Includes:; - 5 Named Admins; - Phone Support 24/7/365; Shared GPS Guru: Dedicated GPS Subject Matter Expert; ; Elite Support Includes:; - 10 Named Admins; - Phone Support 24/7/365; - Prioritized Case Handling: Enhanced case review and resolution.; - Elite Support Performance Scorecard; - Named GPS Guru: Dedicated Global Product Support Subject Matter Expert.; - Weekly Guru Call: A scheduled time to discuss upcoming business projects and/or needs.; - Release Weekend Support: Live support during release weekend.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once the contract has been executed, Cornerstone will assign the client a dedicated Implementation Consultant. The Implementation Consultant will be the primary point of contact during implementation. In addition, they will be supported by a project team that includes a Program Sponsor, Engagement Manager, Integration Consultant, and Training Consultant.; ; We deploy our solution in significantly less time than required for similar deployments of legacy software. Our SaaS model eliminates the need for complex technical requirements such as code customisation, equipment deployment, and unique delivery models.; ; A typical implementation takes approximately 6-8 weeks for an initial module based on scope and complexity.; ; With years of experience and hundreds of deliveries across various industries, we’ve learned what it takes to ensure our clients can make a successful leap to impact.; ; Our Cornerstone University Services team provides consulting, training, and performance support tools to enable clients to learn and use our talent management solutions successfully. We offer a blended training approach to accommodate different learning styles.; ; This approach is designed to meet individual learning needs, whether the trainee has five minutes or five days. The self-regulated learning approach supports heavy interaction or independent learning.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: In the event that a client does not renew their contract, Cornerstone will return the client’s data via their secure FTP site in the same format in which the data was originally inputted into the software. Alternatively, the client’s data can be returned in a mutually agreed format at a scope and price to be agreed. Cornerstone will maintain a copy of the client data for no more than six months following termination of the agreement, after which time any client data not retrieved will be destroyed.
• End-of-contract process: Our agreements are for a term lease period, and software fees are paid in annual installments over that period, during which time Cornerstone recovers costs. Accordingly, during that lease period (as with, say, a rental or car lease), there can be no termination for convenience. Effect of Termination. Immediately following termination of this Agreement, Client shall cease using all Products. Client may retrieve Client Data any time prior to termination or expiration of the Agreement. If requested, Cornerstone will assist with such data retrieval at a scope and price to be agreed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Cornerstone Learn is our native mobile app that helps organizations boost completions and engagement by providing a fast, intuitive, and thoughtfully designed LMS mobile experience. Content conforms to SCORM 1.2, SCORM 2004, and AICC standards and is supported for maximum content interoperability and reusability.; ; Our offline player allows users to complete online courses on their phones and tablets while not connected to the internet. Online classes behave as though they are being used online: bookmarks are kept, progress is saved, etc. After reconnecting to the internet, the results of the training can then be uploaded to Cornerstone.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Through our Edge API Explorer, customers can browse and learn about product specific APIs (web services) to easily help connect their systems to Cornerstone and design data driven applications and external reports. Client developers have access to a code repository and all the API technical documentation needed to create custom integrations. Cornerstone’s API was designed to simplify how clients can connect their applications with our system. With ease in mind, Cornerstone has developed our API based on the REST protocol. Our library of web services can be reviewed online: https://apiexplorer.csod.com/apiconnectorweb/apiexplorer#/
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Cornerstone provides unique flexibility in how G Cloud clients can deploy the system to different groups of users. Customisation in the form of different branding, business rules, and functionality can be established for any Organisational Unit (such as Division, Location, Position, custom group of individuals, etc.). The end result is an unparalleled level of personalisation for the user.; ; Cornerstone was designed to be administered by the client and not the vendor. G Cloud Clients have complete control to configure the look and feel of the application to your specific business units with specific functionality and branding. Client administrators are presented with an extensive set of web-based controls which enable them to easily configure graphics, colors, key words, layout, and business rules.; ; Clients can make configuration changes on their own without any assistance from Cornerstone or for any additional costs. Not all vendors can make this claim. The high configurability of the Cornerstone system is one of the distinct advantages that we offer to our customers.

Scaling

• Independence of resources: The Cornerstone application, as per the Software as a Service model, is designed to scale horizontally. It is multi-tenant-efficient, offering a load balanced farm of identical instances known as swim lanes. When additional server equipment is added, the application capacity scales to fill the available hardware.; ; This allows virtually unlimited growth capacity.; ; As opposed to a classical behind the firewall or hosted architecture, our application and our hardware platforms are designed to:; ; • Efficiently support a high number of users and customers; ; • Redistribute load easily; ; • Add additional capacity easily and quickly

Analytics

• Service usage metrics: Yes
• Metrics types: Clients can leverage the Cornerstone’s Trust Site, a client-facing dashboard that provides system status by swim lane. It contains both live and historical information on server operations and system availability. The site is accessible to clients via the Cornerstone Success Center.; ; Cornerstone provides an SLA for all clients that guarantees initial response and resolution in regards to defined priority and severity levels. ; ; Cornerstone’s SLA also guarantees 99.5% uptime (excluding reasonable and scheduled maintenance periods) per month.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data-at-rest protection, Optional TDE Encryption at rest; Physical access control, complying with CSA CCM v3.0 and ISO27002 Standards.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export their data from the Cornerstone application through a variety of methods: ; · The reporting & analytics tool lets customers easily export reports at any time. ; · The Reporting API (REST-based) allows customers to make OData-based queries against our Real Time Data Warehouse. ; · The Data Exporter enables customers to schedule batch exports of defined data sets
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: TLS (Version 1.2 or above), VPN, restricted access (SSO) and dedicated lines.

Availability and resilience

• Guaranteed availability: Cornerstone provides an SLA for all clients that guarantees initial response and resolution in regards to defined priority and severity levels. ; ; Cornerstone’s SLA also guarantees 99.5% uptime (excluding reasonable and scheduled maintenance periods) per month. ; ; In the event that Cornerstone has not complied with its "Resolution" obligations set forth above, then, for each calendar day (or portion thereof) that Cornerstone has not so complied, Client shall be entitled, as its sole and exclusive remedy therefor, to a credit against Client's next invoice equal to 1/365th of the annual fees for Software set forth in the Agreement.
• Approach to resilience: Cornerstone’s Disaster Recovery/Business Continuity Plan defines plans, procedures, and guidelines for the Company in the event of disaster. Specifically, this document establishes procedures for recovering business operations, internal data; systems, and critical internal functions to maintain Cornerstone as an on-going concern in the face of unexpected events.; ; The plan has the following primary objectives: ; •Identify critical systems, services, and staff necessary to maintain and/or restore Cornerstone business operations and internal functions. ; ; •Provide guidelines for the communication of activities and status to both Cornerstone staff and client personnel during the recovery period.; ; •Present an orderly course of action for restoring critical computing capability to Cornerstone and for maintaining and/or restoring client service and support. ; ; Cornerstone performs site-to-site replication of data to protect client data in the event of a disaster. There are two dedicated disaster recovery sites distant from each of the production data centers. Disaster recovery testing is performed semi-annually at each DR site.
• Outage reporting: Outages occur during scheduled maintenance/releases. Otherwise, the system is not likely to experience any outages, however in the unlikely event of an unexpected outage, clients will receive email alerts.; ; Downtime is scheduled for planned quarterly releases at least 4 months in advance and deployed during off-peak hours, typically 8:30PM EST Fridays to 1AM EST Saturday (4.5 hours). Patch fixes typically occur every two weeks between 8:30PM EST and 12:00AM EST. The typical downtime for a patch deployment is approximately 10 minutes.; ; Client administrators can access a calendar of upcoming release and patch dates at any time through our client portal, Success Center. In addition, multiple email reminders are sent in advance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Best practice with regards to Multi-Factor Authentication is to use our SSO integration which allows clients to use their own two-factor authentication mechanism. Cornerstone is able to integrate with SAML-based SSO or Identity Providers used by the client already. This way, customers provide to their users the same authentication procedure that their users already use several times per day
• Access restrictions in management interfaces and support channels: Users need a unique username, password to access the application. Alternatively, clients can be authenticated using security tokens, utilising a symmetric algorithm, passed by the client’s local authenticator for Single Sign-On functionality.; ; Passwords represent a fundamental and significant security mechanism at Cornerstone. Passwords are required to access the production network (via Active Directory) and applications (SQL Server). User accounts are created that employ individual user ID and passwords to identify and authenticate a given user. Users cannot access any Cornerstone system without a valid user ID and password. The SQL server logon groups are each configured to use Windows authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register
• ISO/IEC 27001 accreditation date: 04/11/2021
• What the ISO/IEC 27001 doesn’t cover: Please note that our IT service management policies and procedures are informed by many sources, including the cohesive set of best practices covered by ITIL, as well as other standards and best practices such as SSAE 16, ISAE 3402, ISO 27001, and FISMA. These certifications cover all the main security requirements.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 07/05/2015
• CSA STAR certification level: Level 5: CSA STAR Continuous Monitoring
• What the CSA STAR doesn’t cover: The result of our STAR self-assessment is publicly available via https://cloudsecurityalliance.org/star/registry/cornerstone-ondemand
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecureTrust
• PCI DSS accreditation date: 31/01/2022
• What the PCI DSS doesn’t cover: Cornerstone is categorized as PCI Level 4 SAQ D under the Payment Card Industry Data Security Standards. Standards include: building and maintaining a secure network, protecting cardholder data, and maintaining an information security policy.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18, ISAE 3402 Type II, SOC 2 Type II
  • FDA 21 CFR Part 11
  • ISO 27001:2013, ISO 27018:2014 & 27701 for Privacy
  • FDA 21 CFR Part 11
  • Equinix SSAE16, ISO27001, ISO22301, ISO9001 ISO14001 ISO50001, OHSAS18001, PCI DSS

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Cornerstone’s security procedures and controls provide assurance that processes maintain the confidentiality, integrity and availability of data for our customers. The policies and procedures cover the breadth and depth of IT operations, and infusing security by design through these processes. The information security policy and procedures apply to all Cornerstone employees, consultants, and contractors; and is intended to safeguard data and information technology for Cornerstone. Cornerstone does not publish these documents. However we can provide a secure online account, where you can access and view.Upon joining Cornerstone, applicable security policies and procedures are assigned to personnel to complete within a period of time. In addition, personnel complete updated training every year to ensure they understand and review the policies.; ; There is a dedicated IT Security & Compliance department, overseen by the CISO, that drive security oversight and initiatives across the organizations. Security responsibilities are also shared with the IT operations team that perform the day-to-day processes, and overseen by the CISO, who works in concert with our AVP of Technology Operations and Chief Technology Officer. The CISO is responsible for securing information in accordance with industry best practices and for implementing the recommendations of the various 3rd party audits

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cornerstone follows a defined SDLC that contains a number of important quality steps. The change management/application development process at Cornerstone is designed to ensure that standardized methods and procedures are used for handling all system changes and application development ("changes"). Changes are applied to production environment as either part of a "release", "patch", or “hot fix”. Formal quarterly release cycles are used for major enhancements: patches (bi-weekly) are utilized for mid-release updates. Unanticipated changes, “hot fixes”, follow the standard change control process. Using a planned release and patch schedule, minimizes impact of change-related incidents on service quality and day-to-day operations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Cornerstone contracts independent CREST-certified third parties to run external penetration tests on a quarterly basis. Additionally, monthly external vulnerability scans validate both the patch level and protection from known attacks. Results are provided to Cornerstone IT personnel for review and remediation. There are also various RSS feeds that Cornerstone is subscribed to, including US-CERT, the National Vulnerability Database (NVD), and vendor specific feeds for major software / hardware that Cornerstone uses within the environment. Clients can access the patch schedule at any time through our client portal, the Client Success Center. Clients can request copies of penetration reports as needed.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Quarterly application penetration tests are performed by independent third-party companies upon Cornerstone’s application. Cornerstone performs internal vulnerability scanning on a monthly basis. Internal and external penetration test is performed yearly by an independent third-party company.; Cornerstone has implemented a specific Data Breach Incident Management SOP which details the procedures to be followed in the event of a data breach.; Cornerstone has never had a security breach.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cornerstone maintains a Security Incident Response Plan in order to organize resources to respond in an effective and efficient manner to an adverse event related to the safety and security of a computer resource under Cornerstone’s management. An adverse event may be malicious code attack, unauthorized access to Cornerstone managed networks or systems, unauthorized utilization of Cornerstone services, denial of service attack, or general misuse of systems. The plan clearly defines the appropriate steps and processes in communication. Clients will be notified within 24 hours of security incidents impacting their data.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Helping local communities to manage and recover from the impact of COVID-19. ; ; As a provider of e-Learning and Learning management systems, Cornerstone immediately provided (Without cost) a platform and learning catalogues, to help, individuals, companies, communities and charities, deal with Covid and more recently how to manage and recover from its impact. ; ; “Cornerstone Cares” was and is, a non-chargeable, free to use platform, that addressed all aspects of the pandemic including “Working from home” “Mental Health, Wellbeing” & Fitness. Cornerstone Cares is a free platform for anyone looking for timely, essential training resources
• Tackling economic inequality:

  Tackling economic inequality

  The Cornerstone Foundation is our nonprofit arm. We established this foundation so non-profits and Non-governmental Organizations (NGOs) would not have to choose between advancing their cause and developing their people. The goal was to give anyone working in the nonprofit sector access to the same innovative technology and online learning resources that employees at Fortune 500 companies were using to build new skills and maximize their impact. The mission was and is to transform the way; people help people. Through our free online learning programs and pro bono consulting, we build the capacity of non-profit organizations and provide their employees, volunteers, and the communities they; serve the opportunity to learn essential skills at no cost. To date, we have provided the gift of learning to more than 1 million non-profit and NGO professionals to help them develop their skills and expand their; career opportunities.; Cornerstone has a strong commitment to social responsibility. Please visit our home page forinformation:; The Cornerstone Foundation: Transforming the way people help people:; https://www.cornerstoneondemand.org/; CSRHub: https://www.csrhub.com/CSR_and_sustainability_information/Cornerstone-OnDemand-Inc; Building the skills of aid and development professionals around the world:; https://www.disasterready.org/about; Free online training for the nonprofit professional: https://www.nonprofitready.org/; Current Cornerstone Foundation newsletter: https://cornerstone.us.newsweaver.com/16mee8g9ch/; pug3tg7dur2; World Humanitarian Day: DisasterReady Facebook page.

Pricing

• Price: £5.00 to £20.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A “sandbox/test environment” is available upon request during the evaluation period. It can include a multiple number of users (log-ins/passwords) with various roles and permissions—based on your needs. Once the sandbox/test environment is requested/received, Cornerstone will activate it for a pre-determined time period.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ebarratt@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.