VERIFYED LTD

Digital Blockchain credentials, certificates, and badges

VerifyEd helps organisations issue blockchain-backed digital certificates, credentials, and badges. From degrees to Continued Professional Development training, VerifyEd is revolutionising the way credentials are issued, stacked, shared, and verified around the world

Features

• Blockchain secure credentials and digital badges as standard
• Unlimited credential issuance to your learners
• Lifelong Learning Ledger to manage continual professional development
• Credential and Certificate designer for branded qualifications
• APIs to automate credential issuance from CRMs, SIS, LMS/VLEs
• Real-time analytics and administrative dashboard for easy management
• Environmentally friendly blockchain for a sustainable and scalable solution
• Data interoperability, Comprehensive Learner Record 2.0, W3 Verifiable Credentials compliant
• Skills mapping of verifiable skills and competencies for enhanced certification
• WCAG 2.1 AA web accessibility standards throughout site for inclusivity

Benefits

• Automate and scale digital credentials in a click
• Blockchain credentials to stop certificate fraud
• Promote your learning opportunities from socially share their credentials
• Easy integration with existing systems, e-assessment and workflows
• Mobile first and inclusive web interface for accessibility
• Skills mapping evidencing and articulating learners employability
• Instant and free verification of your learners qualifications by employers
• Auditable trail of credentials for compliance requirements
• Design your own brandable credentials and digital badges
• Manage and monitor CPD and training needs in your workforce

£0.70 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at yaz@verifyed.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

710466634423958

Contact

Yassein El Hakim
07595170358
yaz@verifyed.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Buyers can issue unlimited credentials (fair usage) to an individual learner within a 12 month period.; ; Self-service buyers will receive email support, but not named account support
• System requirements: Subscription to VerifyEd Service hosted in the cloud

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets are acknowledged and recorded upon receipt. Response takes place within 2 working business days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Self-service clients will receive email / ticketing support along with FAQs to manage their onboarding and use of the platform / issuing of credentials to learners.; ; Enterprise clients in addition will receive named account management, onboarding training and enhanced customer support beyond email ticketing.; ; All clients will be able to access on-going learning materials, webinar training sessions and in-person events as and when offered.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For self-service clients there is user documentation, walk-through videos and online ticket support to set up an account and get started issuing credentials.; ; For enterprise clients there is an onboarding service that includes some or all of online training, onsite training and the above support services issued to self-service clients
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Institutional users can export their data securely in JSON format that complies with IMS Global Standards pertaining to Open Badges 3.0 and Comprehensive Learner Record 2.0.; ; End users (learners) can import / export their credentials to/from a VerifyEd Lifelong Learning Ledger (wallet) on account of using the OB and CLR standards to other services that make use of this global standard.
• End-of-contract process: The institutional user at the end of the contract can extract their data at no additional cost and will be provided customer support to achieve this. They will have access to the administrative dashboard and services for a grace period of 3 months and could extend access at notional cost.; ; End-learners will be notified of the change in relationship between the institutional user and VerifyEd. They will receive on-going support and a free Lifelong Learning Ledger to host their accumulated credentials at no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences in terms of features or service experienced on mobile compared to laptop view
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users from the administrative log-in can access API documentation and generate a secure key to enable the use of the APIs.; ; APIs enable users to:; 1. Automate issuance of credentials based on trigger event activities from SIS, CRMs and / or VLEs/LMS; 2. Host credentials and Lifelong Learning ledgers within their user platforms; 3. Create, edit, and manage courses and credentials; 4. Get a specific course or credential by its ID; 5. Get a list of all courses that exist; 6. Get all certificates for an institution in the Open Badge format
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise the credentials and digital badges that they wish to issue to learners to ensure corporate branding is consistent.; ; Customisation of credentials is done through our credential creator within the platform and can be performed by anyone who has administrative rights to do so within the clients secure area.

Scaling

• Independence of resources: VerifyEd utilises a pre-mined blockchain ledger that enables scalable issuance of credentials by multiple users. In addition server provision is monitored and spare capacity flexes in line with increased and decreased usage.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics provide insight into how many credentials / Lifelong Learning Ledgers have been accessed by the learners they have issued credentials to.; ; In addition events such as social shares are monitored and reported on
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: - Personally identifiable data is encrypted; - Passwords are hashed; - IP restrictions on who can access our database; - Password manager used across the company to avoid sharing of plaintext passwords
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can extract their data via JSON or CSV export
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: API integrations

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: - Specific IP addresses are allowed to communicate directly with the database, which is behind a specific security group; - Only authenticated users are able to make requests to our service
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: - Personally identifiable data is encrypted; - Passwords are hashed; - IP restriction on access to our databases; - Password manager is used across the company to ensure no sharing of plaintext passwords

Availability and resilience

• Guaranteed availability: Our service is operated on Amazon Web Services (AWS) and enables us to have guaranteed availability of 99.9% and follow the AWS SLA - https://aws.amazon.com/compute/sla/
• Approach to resilience: Available upon request
• Outage reporting: Email alerts are sent to clients to report upon outages and re-establishment of services

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Clients have a super administrator who has the ability to manage the permissions and access of their users into the management dashboard i.e. whether they are allowed to create / edit courses and / or issue or view only credentials.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: GDPR / Hashing of passwords / Password Management / Encryption of email addresses; ; Hashing of immutable of data objects committed to blockchain; IP restrictions to database; Security Certificate for the website SSL
• Information security policies and processes: The COO is the named person responsible for security who oversees training and access for staff to the data. ; ; The principle of access to data is limited to only necessary staff. Data, email and passwords are encrypted and hashed when transacting to blockchain.; ; 6 monthly audits are undertaken to ensure systems and processes are robust, minimise any opportunity for breaches and what steps are to be undertaken should a data brach occur.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Updates and developments to the softward code base undertake QA release to a staging site with testing before being rolled out to production.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Regular internal security audits; ; Utilise latest frameworks and best practices like using Angular to protect against cross-site scripting attacks; ; Patches required are treated as urgent and deployed within hours; ; Internal audits and security professionals are utilised to keep abreast of information on potential threats
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Internal reviews and analytics to identify potential compromises. ; ; Urgent investigation within hours when potential compromises are identified or a response is required to an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined process for monitoring potential common incidents.; ; Users can report incidents by email support ticket / direct contact with named account manager within office hours and outside office hours if issue is deemed urgent by the client; ; Incident reports are summarised in monthly customer updates

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We utilise a pre-mined blockchain ledger that ensures transactions use minimal energy.
• Covid-19 recovery:

  Covid-19 recovery

  VerifyEd is a remote first company and has not needed to place any of its staff on furlough throughout the Covid pandemic. ; ; We are committed to providing a value for money service that delivers to the clients needs, including, but not limited to efficiencies and savings in time and costs.
• Tackling economic inequality:

  Tackling economic inequality

  VerifyEd provides a globally based service that enables secure blockchain credentials to be issued to people from emerging economies or disadvantaged backgrounds to prove with trust their credentials, skills and competencies enabling them to access employment opportunities otherwise not open to them. In turn enhancing their economic prospects and the opportunity to fulfil their potential.
• Equal opportunity:

  Equal opportunity

  VerifyEd is an equal opportunities employer who hires without prejudice seeking out talent where ever it may be found.
• Wellbeing:

  Wellbeing

  We provide employees free access to Spill, a digital service for health and mental well being support.; ; We provide employees with greater than statutory minimum holiday allowance.

Pricing

• Price: £0.70 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A client can have full access to VerifyEd's service issuing credentials up to 50 users in the first 12 months. ; ; As the limit of users or timeframe has been reached the client has the option to upgrade from free to a level of service appropriate for their usage / needs
• Link to free trial: https://www.verifyed.io/pricing

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at yaz@verifyed.io. Tell them what format you need. It will help if you say what assistive technology you use.