AXIA DIGITAL LTD

Digital Evidence Gathering and Assessment

A rounded platform used by NHS England, universities and professional bodies. Used to collect evidence which can be assessed for an individual or an organisation. Can deliver ePortfolio, Foundation Year Assessment, Organisation Compliance, Skills Passports, CPD, Digital Badges and Logbook solutions. Solution userbases from 100's to 1 million users.

Features

• One platform underpins all our solutions
• Scalable largest deployment has over one million users
• ePortfolio implementations
• Dental and Pharmacist Foundation Year implementation for NHS England
• Digital Badges
• Skill Passports for London and nationally
• Performance Management and Career Progression
• Logbooks for student workplace experience and assessment
• Accreditation of Practice by NHS England and UK Professional Bodies
• Organisational Compliance evidence and assessment

Benefits

• Secure including Security Operations Centre 24/7 monitoring
• Dashboards to summarise complex data
• Ability to replicate your data and business rules
• Complete customisation of user interface
• Formal and informal assessment relationships
• Complete flexibility in data gathering form design
• User attachments with virus scanning
• Single Sign On supported
• Mobile-first, all modern browsers and devices supported
• Multi-Factor Authentication

£0.41 to £9.10 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard@axia.email. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

695865757762490

Contact

Richard Etheridge
07887954199
richard@axia.email

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Our solutions are accessible via a web browser, built mobile-first we are device, platform, and browser agnostic. If you have a browser and an internet connection you can access our solutions.
• System requirements:
  • Internet Connection
  • Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA is one business day, we have escalation options as well
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is always agreed as part of our contracting however we offer second-level technical support by either email or telephone, our standard service level response time is one business day. We provide an out-of-hours telephone number for critical issues. One of the team will take on responsibility for account management once the solution is live. We provide intensive support with access to the development team during the initial months after service go live.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We find that no two solutions are the same, we use our core platform to deliver your solution. This is normally the configuration and development of the user interface and applying your business rules.; ; It is normal for a short project to take place where we capture your requirements and implement them within our platform to delivery your solution.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We can provide exports to individual service users or we can export your data. This is normally in XML but we are happy to work with our clients to find a suitable data format for the export.
• End-of-contract process: Export of your data in XML is included in the price. Other formats or export requirements would be charged at our standard daily rate, that being £750 excluding VAT. We would agree to a fixed price in advance of any export work being carried out, this would be managed in our standard change control processes.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None, our solutions are built mobile-first, you only need a browser to access them,
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: As part of the delivery we customise the service interface to your needs, we can surface the relevant data to users as you require.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: This is usually carried out on a case-by-case basis as the actual user interface is developed to your specific needs.
• API: Yes
• What users can and can't do using the API: We have developed a REST-based API that can be configured for each client to push and pull data from the solution. Some clients use the service to push additional user data such as relationships between users, and or details of pathways that should be accessible within the solution to them. ; ; Other clients use the REST API to pull data from the solution, we have internal warehouse tables that summarise client critical information about each user's ePortfolio. These are synced via the API to our client's DataLakes where they carry out further analysis.; ; In short, we can create a service that allows you to push or pull the required data between our solution and your in-house systems.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We customise the services to meet your requirements. ; ; We can customise the response data format (json, XML etc) and the data that is returned. ; ; We can customise our solution to accept the data you wish to push to us and consume that data within the solution we deliver for you.; ; The client can customise the request made to our service such as the frequency, the batching of data pushed or pulled and period for which to request data.

Scaling

• Independence of resources: Our hosting environment is shared across our client base with large and small customers benefitting from the collective hosting investment. We can manage resources in several ways depending on the size of the solution being procured, it can be delivered within our shared environment or we can create a dedicated server instance to deliver your solution. With the environment being cloud based it is possible to scale up resources as required.

Analytics

• Service usage metrics: Yes
• Metrics types: We implement Google Analytics to show standard web-based analytics of user interaction. We supply specific reporting on user progress depending upon the solution deployed. We can report on the specific targets for your userbase, this may be simply interaction or progress to defined outcomes.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export is related to the user type and their permissions and end users will have access to export their data, this is normally via a PDF or in some circumstances a zip file.; ; Administrative users have the level of export you define during the build configuration. It could simply allow high-level access to progress against business metrics or an outcome matrix, but it is possible to allow access to full user-generated data or an export of that data in bulk. The format can be CSV, XML, JSON depending on the complexity of the data within the export.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XML
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service level is agreed when contracting for a solution, our standard SLA is 99.9% availability. Penalties are agreed during contracting.; Critical Priority: The application is not available from more than one location /network. Response time within 30 minutes to acknowledge the incident and a fix time as soon as possible, this type of issue would be escalated within the AD team and updates would be provided every hour until a resolution is found and implemented.; High Priority: A major function that is critical to all “end” users of the site. Response time within 1 hour to acknowledge the incident and a fix time as soon as possible, this type of issue would be escalated within the AD team and updates would be provided every hour until a resolution is found and implemented.; Normal Priority: A minor function of the application is not operational. Response time - 1 working day. Fix time would be agreed with the client on a case-by-case basis depending on the severity.; Low Priority: A user has questions about the application. Response time - 1 working day. Fix time would be agreed with the client on a case-by-case basis depending on the severity.
• Approach to resilience: We have a fully redundant environment, every server is either load balanced as in the case of the web servers, or is configured as an active/inactive pair designed to switch seamlessly. Backups are stored locally and off-site for up to 12 months. The following describes our environment: Sucuri Web Application Firewall; 2 Failover Firewalls; 2 Failover Load Balancers; 3 Load Balanced Web Servers; 2 Failover SQL Servers; 2 Failover Domain Controllers; Backup; 16 x SQL 15-minute onsite backups (4 hours); 20 x SQL hourly onsite backups (20 Hours); 30 X Daily all servers off-site back; 12 x Monthly all servers off-site backup
• Outage reporting: Should an outage happen the support team are gathered and the outage is investigated. An email is sent to all clients affected to inform them of the issue. Hourly updates are provided until such time as a resolution is found.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: We can deploy Single Sign On where required, we do this with some of our clients such as the Association of Chartered Certified Accountants, the Royal Pharmaceutical Society, and the College of Radiographers.
• Access restrictions in management interfaces and support channels: Our core platform has roles and groups, roles control "what you are able to do" and groups control "who you can do it to" We build complex user relationships in all our solutions which can include assessor/manager access to users and peer access to users to support the development and authentication of the users' data. Administrators can be limited by the same roles and groups enabling a flexible approach to access management.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: We can deploy Single Sign On where required, we do this with some of our clients such as the Association of Chartered Certified Accountants, the Royal Pharmaceutical Society, and the College of Radiographers.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISOCertification Limited
• ISO/IEC 27001 accreditation date: 28/11/2019
• What the ISO/IEC 27001 doesn’t cover: The whole business is covered by the certification, therefore there is nothing not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have all the policies and procedures in place to achieve and maintain ISO 27001. These policies can be shared. Each month the ISO Audit team meets to undertake an internal audit. The audit is designed to ensure all elements are audited every 12 months and that all Statements of Applicability are audited over a 36-month period.; ; We are externally audited each year, our last audit was carried out on 08/03/2024, we passed with 30 positive observations and the auditors did not identify any non-conformances.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Scope – completed by a member of the technical team in consultation with a client. Analysis – The development team determines the best way to deliver the requirement within the platform. Security and impact on existing functional components are assessed. Development – a developer will then be assigned the task. Testing QA – QA servers have examples of many of the different solutions to allow testing of the new code and possible impact on core functional components. Deploy Production – code is moved from our development servers. Testing Production – code is tested in our production environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A copy of our core build is tested monthly using an automated AppCheck PEN test tool provided by precursor, we have found this more thorough than human PEN testing.; Our Web Application Firewall protects our environment and logs are sent to our VSOC team who not only monitor the logs but monitor our hosting environment 24/7. Our lead developer is linked to various security groups and reports on latest threats and vSOC also informs us of issues we should be aware of.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our Web Application Firewall protects our environment and logs are sent to our vSOC team who not only monitor the logs but monitor our hosting environment 24/7. Our hosting providers monitor the server environment from their network operations centre 24/7. We monitor our environment externally from 7 locations worldwide checking for availability.; Any incident affecting the whole environment or impacting the availability of a single solution is considered a critical event. SLA 30 minute response time.
• Incident management type: Supplier-defined controls
• Incident management approach: Our process has been defined in our SLA, a shortened version has been provided to a previous question.; Incidents are reported using a ticket system to ensure transparency and audit trail of the incident.; Critical incidents can be reported 24/7 via our out-of-hours telephone number.; Normal and lower incidents are reported via the ticket system. Critical and High are reported at regular intervals by email by the incident team dealing with the incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  We believe in people and have provided opportunities for individuals to take on roles where they have demonstrated capability but may not have the qualifications. We therefore have a team who come from various educational backgrounds, some have been our apprentices, some university graduates but many have developed the skills required without formal qualifications but demonstrate and commitment to excellence in all parts of their work.; ; The solutions we develop enable individuals to build portfolios of evidence that allow them to improve their careers in vocational settings.

Pricing

• Price: £0.41 to £9.10 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard@axia.email. Tell them what format you need. It will help if you say what assistive technology you use.