PEOPLEPLUS GROUP LIMITED

LearningPlus

The LearningPlus Learner Management System enables businesses to manage all their training records, site procedures, E-learning and external training records together. From onboarding and induction to compliance, CPD and appraisal. LearningPlus also offers over 400 accredited, compliance and personal development courses to choose from. One portal, one place, no hassle.

Features

• Real time reporting
• Assigning and tracking of e-learning ‘off the shelf training’
• Digitalisation of clients own training
• Assigning and tracking of site operating procedures and external training
• Uploading documentation against individual profiles

Benefits

• Accessible and inclusive e-learning
• Learning pathways to support with individuals progression
• Learning Platform is accessible via tablet, phone and computer
• Learning Management System accessible via tablet phone and computer
• Account management team answering training/system queries, including system mobilisation/monitoring
• Consultative approach. Conducting training needs analysis and tailored offerings.

£14 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bmb@peopleplus.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

773827859816867

Contact

Michael Clark
07515191004
bmb@peopleplus.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Nil
  • Nil

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Responses are answered within a 2-hour SLA between the hours of 08.30 – 17.00 Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Each client will have access to a dedicated account manager and 9-5 access to the admin support team. The queries can be dealt with via email, phone or teams depending on client preference. The support services are included within the membership price.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: 1. PeoplePlus takes a consultative approach with new LearningPlus clients. A dedicated Account Manager will support you throughout the contract. We conduct a training needs analysis for clients to produce tailored options to support your wider training strategies; 2. LearningPlus conducts initial training sessions with system users and provides after support with user documentation and regular client check ins. LearningPlus likes to have fortnightly sessions with clients and quarterly face-to-face meetings, however these can be more or less frequent depending on your preference; 3. Support with user guide, process and policy documentation for wider company.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: On the Learning Management System there is extract functionality which allows the users to extract all records, including documents associated with the individual users in a excel/PDF or word format.
• End-of-contract process: At the end of the contract, the LearningPlus Account Manager will work with the client to extract any files associated with the user on the system. The account manager will also discuss the turning off of access for any users associated with the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Individuals will have login access to both the portal and Learner Management System. The level of access will be determined on the hierarchy structure of the clients setup. Allowing restricted access for individuals who require it.; Both the Learner Management System and portal are accessed through web browsers, accessible through computer, tablets and mobiles.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The learning portal and Learner Management System is accessed through web browser, either on computer, tablet or smart phone. The content displayed is either video based, PDF or SCORM files ; If the user requests admin access, this will allow the individual to upload and remove content displayed for individuals. The video content is available with subtitles to support with accessibility and the PDF documents have read out loud functions and the e-learning content has multiple accessibility features such as subtitles in multi languages, background colour changes to support with dyslexia. The background colour of the portal itself cannot be changed.
• API: No
• Customisation available: No

Scaling

• Independence of resources: Scales to usage

Analytics

• Service usage metrics: Yes
• Metrics types: PowerBI dashboards are accessed through the Portal to allow clients to review data. The data can be set up with a hierarchical structure to allow restricted access to data. Clients can requested tailored reporting, however basis reporting includes data on training (started, completed, passed, failed and expired), licences used, job role progression and time reports on the interaction with training.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: On the Learning Management System there is extract functionality which allows the users to extract all records, including documents associated with the individual users in a excel/PDF or word format.
• Data export formats: Other
• Other data export formats: Multiple formats depending on what data is exported
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.00% for unplanned outages
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is controlled by unique User sign-in ID; security controls underpinned by application and RBAC. Access and Authentication controls are in place using passwords and Single Sign On with AD accounts to control access. Multi-factor authentication is used for our systems in line with our Cyber Essentials Plus. Staff only granted access to applications, computers and networks required to fulfil their roles, with segregation in place. Access to data is provided on a 'need to know' basis with the minimum amount of data provided.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Socotec
• ISO/IEC 27001 accreditation date: 19/05/2022 – 13/06/2024
• What the ISO/IEC 27001 doesn’t cover: No part of the business
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: PeoplePlus have comprehensive security policies and procedures that meet ISO 27001 and Cyber Essentials Plus standards. The Information Security Policy commits us to safeguarding the confidentiality, integrity, and availability all information assets. It identifies the security goals, roles and responsibilities of staff and is reviewed annually.; ; The Governance Director is responsible for the maintenance, review, and implementation of this Information Security Policies and all its supporting documents. They delegate the implementation and maintenance responsibility for information security to the Head of Information & IT Security and Group DPO working through the Information Security Working Group (ISWG), which comprises the Head of Information & IT Security and Group DPO and representatives from the key business functions. The ISWG will implement the Information Security Policy documents throughout the Company. The Head of Information & IT Security and Group DPO has direct responsibility for maintaining the Information Security Policy framework while providing advice and guidance with the support of the ISWG.; ; All systems have assigned owners and administrators. Every employee completes annual mandatory information security training that is monitored by line managers and division directors. All users are responsible for complying with the Information Security Policies and any associated procedures and regulations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: LearningPlus is tracked and changes are assessed for potential security impact by our IT Security and Group DPO.; ; A business requirements document details the change/configuration needed. This is used to create user stories that UI/UX developers use to create a prototype. ; ; We create a branch-off uat for the feature request, writing code and release notes. The branch is pushed to remote where CI Trigger deploys automated tests: End-to-end tests, Unit tests, Coding standards (linter and Svelte- for code quality), Security tests (using ZAP to identify/address vulnerabilities in web applications by actively scanning/testing for potential security threats), Accessibility tests
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Systems are penetration tested by independent assessor, accredited by CREST and CHECK, annually and after any significant change to system architecture. We have a SOC team and utilise Sentinel for continuous discussions around good practice. ; ; Our Head of IT Security is a member of NCSC CiSP Group.; ; Devices within network and Database applications are subject to appropriate security patching when available. Software updates are obtained from trusted sources and be tested in a separate environment before implementation. Patches are sent within a week of release, critical patches would be assessed and released sooner.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have an MDR system in place and a 24/7 SOC team that monitor the environment, effected parties will be notified within 2 business days.; ; For Disaster Recovery, we have a RPO (Recovery Point Objective) of 24 hours and RTO (Recovery Time Objective) of 24 hours.; ; The platform is built in Microsoft Azure which employs a comprehensive data sanitisation process for data-bearing devices that aligns with the NIST SP-800-88 guidelines. The process is designed to prevent unauthorised access to data and includes three main categories: Clear, Purge, and Destroy.
• Incident management type: Supplier-defined controls
• Incident management approach: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402; Supplier-defined controls

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  LearningPlus offers your organisation the opportunity to reduce you carbon footprint by making your staff training digital and holding all your digital training in one place, whether designed in-house, purchased from PeoplePlus or from a third party. Further, the courses on Environmental Sustainability will help your organisation fight climate change by developing your staff’s environmental knowledge.

  Covid-19 recovery

  LearningPlus offers your organisation the ability to improve home working conditions. It will help you ensure your staff meet mandatory training standards through digital compliance courses; support those working flexibly and/or retraining after reconsidering their careers; and courses focused on physical health and mental wellbeing will help colleagues affected by Covid-19.

  Tackling economic inequality

  LearningPlus offers your organisation courses that can upskill your staff to better support your customers who face economic inequality. Training in areas including compliance, employability (i.e. supporting others to find work), social value and personal development. As Investors in People’s Social Responsibility Organisation 2024, we also provide Social Recruitment Advocacy and Social Value consultancy that can help your organisation tackle economic inequality for your customers and communities.

  Equal opportunity

  LearningPlus offers your organisation courses that improve understanding on equality, diversity and inclusion. This includes for company compliance, recruitment and sector-specific training. Digital learning, 24/7 access and AA accessibility standards also makes training more accessible to all of your workforce, giving everyone equal opportunity to develop and progress in your organisation. As Investors in People’s Social Responsibility Organisation 2024, we also provide Social Recruitment Advocacy and Social Value consultancy that can help your organisation provide more opportunities for your customers and communities who face disadvantage.

  Wellbeing

  LearningPlus offers your organisation courses that improve wellbeing, both empowering your staff and increasing their knowledge to support others. Courses including healthy lifestyles, mental health & wellbeing, emotional resilience and awareness of addictive behaviours/substances, plus sector-specific training such as oral hygiene for care workers, management training and health & safety qualifications.

Pricing

• Price: £14 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Clients are offered demos of the content available on LearningPlus which allows individuals to get a feel for the portal and the content available. ; ; Trials of the Learner Management System can be requested and result will be decided after initial consultation.
• Link to free trial: Please contact us for access

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bmb@peopleplus.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.