CDSM Interactive Solutions Ltd

Thinqi LMS

A world-class Learning System that makes modern learning programmes easy to create, curate, organise and find. Fully xAPI compliant, it allows you to deliver and track formal/informal learning and effectively manage your organisations' talent management, providing data-driven learning analytics to inform future learning requirements.

Features

• Digital content repository with powerful search and retrieval tools
• Events booking and management system, including Virtual Classrooms
• Xapi E-learning authoring tool – Playlists
• Assessment learning pathways
• Talent management and succession planning
• Forums and discussions for communities of practice
• User profile and e-portfolio with Badges/Gamification
• Management of compliance programmes
• 3rd Party Interoperation with productivity tools (Google & Office 365
• Performance Management tools to support OKR models

Benefits

• Provides the best of an LMS and an LXP
• Can support formal, informal, blended and flipped modalties
• Reduced cost of producing high quality e-learning
• Reduction in administration overhead
• Promotes social constructivist learning approach in organisation
• Publish to and access from anywhere via any device
• Manage organisation talent and success planning pipelines
• Improve Learning self-efficacy through reward and recognition
• Insightful learner engagement analytics
• An AA accessible and multilingual learning system

£1.50 to £40 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Nick.Davies@cdsm.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

741181229494937

Contact

Nick Davies
07762 420964
Nick.Davies@cdsm.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements:
  • Customer can bring their own LRS license (optional)
  • Access to Modern Browser versions (Chrome, IE, Edge, Safari, Firefox)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 09:00 to 17:30 hours UK Time Monday to Friday (excluding; UK public holidays; ; Priority one tickets are responded to within -1 working hour; ; Priority two tickets are responded to within - 2 working hours; ; Priority three tickets are responded to within - 4 working hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have provided representative assistive technology groups with test and feedback opportunities to ensure that our service is accessible with modern assistive technology.
• Onsite support: Yes, at extra cost
• Support levels: Standard - Inclusive of license cost; Silver - £5,995 (+VAT) Per Annum; Gold - £7,995 (+VAT) Per Annum; Platinum - £9,995 (+VAT) Per Annum; Enterprise - On request; ; A technical support engineer will respond to tickets that can not be resolved by the user, or our customer success team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The system has been designed to be highly intuitive and accessible to maximise uptake and engagement.; ; For all customers, user documentation and online help videos are provided to assist orientation and provide initial guidance.; ; We provide both on-site and online training sessions tailored to the needs of the customer. Often we will provide 'train the trainer' sessions to devolve onboarding in the larger organisations we work with.; ; For implementation our customers receive support from a Customer Success Manager to ensure that you get all the help needed to set-up the most effective digtial pedagogy.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can contact the Thinqi helpdesk and request a copy of their data. The data will then be extracted from the system and provided in a common machine readable format.; ; In addition, CDSM can provide AWS Machine Images (AMIs) of the Learner Record Store (LRS)* and transfer these to an account of the buyers choice.; ; The collection of all other data (non-assessment data) will be taken from the Learning Management System’s database(s) and will be transferred and stored on an encrypted hard drive that will be securely couriered to the buyer. Unless CDSM is instructed by the buyer to destroy the data in accordance with data protection good practice guidelines and CDSM data security policy.; ; All latest versions of content objects* will be packaged and delivered as ZIP files and transferred to the buyer in line with exit agreements.
• End-of-contract process: At the end of the initial contract, we are naturally left with two options; to extend, or to exit the contract.; ; CDSM will make a commitment as part of the project terms to provide the purchasing organisation with easy access to relevant learning data.; ; If applicable, we can export the purchasers “Learning Record Store” that contains every learning statement generated by their users.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system has been designed using HTML5 and open web standards. This means that the it is optimised for cross-device usage, including tablets and mobile.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Thinqi has benefitted from extensive research by our user experience (UX) consultants. This work has been nourished by extensive feedback; from representative groups from Welsh Government, a project which has been delivered to over 500,000 learners across all education departments and Local Authorities in Wales. The lessons that have been learned from constant, diverse end-user feedback has led to re-development and quality enhancements being iterated in to the product.; ; This has optimised the user experience and interface by reducing barriers to access and providing a digital environment that is engaging to use.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The interface has been tested with a range of assistive technology devices and representative stakeholders. Feedback has been iterated in to the system at regular intervals. CDSM is fully committed to regular testing and updates, and will continue to do so.
• API: Yes
• What users can and can't do using the API: High-trust API can be made available to customers to read LMS data such as event or assignment data or to write data such as updating user properties. This is useful for integration with HR systems.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Thinqi can be customised by the purchaser to show only the features that are relevant to their users, and the required workflow. Branding and system language can also be customised to meet the specific requirements of the purchaser. The system provides features for the purchaser to easily control and manage this through an administration panel.; ; Users have the option in Thinqi to personalise their experience to be unique to their learning requirements. A user can set their preferences through their user profile, which will automatically push relevant learning resources, communities, courses and events that match their needs.

Scaling

• Independence of resources: The Thinqi architecture scales horizontally across multiple servers/containers and across multiple data centres in a geographic region. The application code is iterated regularly to ensure that it is performant and optimised. AWS Cloudfront is utilised enabling Thinqi to scale massively. Files are served from S3 via cloudfront which allows regional caching for fast user download time and large burst capacity. All servers site behind elastic load balancers (ELBs) that scale for traffic load. Microservice design – the application is built as distinct dedicated services, allowing scaling of individual parts and resilience against failure of a single piece of the application

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics we provide include (but are not limited to) user logins, resource views and breakdowns, tag usage and breakdowns, search metrics, tool usage.; ; As we are fully xAPI compliant, we can track and report on all significant pedagogic interactions in the system. These are made available in a data lake which the buyer can plug in their own BI tools.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Key reports and workflows can be exported via CSV. We can also provide access to all data via a data lake for use with a business intelligence tool.; ; For full data exports, user can request export of their data via the Thinqi helpdesk.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: CDSM prides itself on an excellent level of uptime for its hosted systems. We can confirm that the system will be available 24/7/365 except for planned maintenance that has been previously agreed.; ; For similar size applications over the last 12 months, CDSM have achieved >99.99% uptime.; ; We understand that a failure of service can have a fundamentally detrimental effect on customers’ and end users’ perception of the provision. Because of our engagement with national providers CDSM; will ensure that availability and continuity of service is be a primary focus for CDSM.
• Approach to resilience: Microservice design – the application is built as distinct dedicated services, allowing scaling of individual parts and resilience against failure of a single piece of the application; ; This includes all traffic being routed through load balancers with a minimum of two servers, scaling up as necessary to handle the traffic load.; ; The servers used include Windows 2016 and Ubuntu Linux.; ; The application itself consists of ASP .NET 4.5.2 and NodeJS REST APIs with a Backbone JavaScript application layer for the website. A high availability Varnish reverse proxy layer ensures high performance website speeds.; ; The data layer for the application is a high availability MongoDB sharded database. It also uses a high availability Elasticsearch cluster to provide fast search capability.; ; Specific AWS services are leveraged to increase system scalability, resilience and reduce network latency for users. These include:; S3 – highly redundant and available storage; CloudFront – highly scalable content website caching; SQS – highly redundant and available queues to insure against single points of failure and ensure integrity of internal system procedures
• Outage reporting: Uptime monitored in real time through online monitoring services. The application automatically switches to an offline page providing information to end users in case of an outage. In case of outage customers are contacted directly via phone or email as per company incident management processes.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All actions in Thinqi are managed through a granular permissions system aggregated into clear pre-defined user roles. Users are provided access to management interfaces through these roles and can be managed by the Thinqi support team or a customer administrator.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 07/02/22
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 08/02/2021
• What the PCI DSS doesn’t cover: No electronic cardholder data held.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Infosec policies and processes set out in company security, data processing and BCDR policies. Chief Information Officer is responsible for managing and implementing policies and processes and reports directly to board of directors. Security team reports to the CIO and provides guidance, auditing and training to the wider company.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All components are managed through semantic versioning. Components versions included in the application are tracked via source control and tightly versioned in immutable packages. Configuration managed through "Infrastructure as Code" tools. Change to live application follows ITIL change management process and involves pre and post change reviews.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Rolling schedule of patching in place for all systems. New threats assessed through communication from Internet sources such as security mailing lists and podcasts (including CVE and CSA). Any emerging threats are assessed for severity and risk. Depending on the outcome of this risk, exceptional patching is scheduled and validated by the security team.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Logs from different elements from the application are scanned in realtime and the security team has threats flagged immediately. Threats are reviewed and response assigned based on severity.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident responses for common events set out in company security policy and training conducted with security team and other company staff members. Users report any incidents to the helpdesk. If incident is security or safeguarding related then support staff are trained to escalate directly to security team. All incidents are assessed in an objective post-mortem report conducted by senior staff members post incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  On request
• Covid-19 recovery:

  Covid-19 recovery

  On request
• Tackling economic inequality:

  Tackling economic inequality

  On request
• Equal opportunity:

  Equal opportunity

  On request
• Wellbeing:

  Wellbeing

  On request

Pricing

• Price: £1.50 to £40 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A trial sandbox version of the site can be made available for 1 week following a facilitated demonstration from one of our consultants.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Nick.Davies@cdsm.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.