Cognisco Ltd.

Compliance, Capability and Competence Management

Assess the capability and competency of an organisation’s workforce to make complex decisions in work-based situations.
The platform gives a unique insight to identify and address knowledge and understanding gaps and mitigate/pre-empt risk.
Provides the tools to measure, monitor and evidence capability and identify training needs to achieve full potential.

Features

• Robust assessment and competency management diagnostic tool
• Customisable and ready-to-use assessments assessing confidence/knowledge
• Permission-based views
• Dashboards
• Integration with existing platforms (via API or Web hooks)
• SaaS based service MS AZURE hosted (London North & South)
• Offers flexible assessments suitable for examination purposes
• 360˚ feedback from employees, colleagues, peers, also self-evaluations
• Can be linked to learning assets or other resources
• Biometric invigilation and identification management

Benefits

• Understand your workforce competency when mission critical insight matters
• Mitigate people risk in safety-critical workforce reducing risk/costs
• Provides an audit base and demonstrates due diligence
• Assess the application of knowledge in real-life scenarios
• Reduce the cost and risk in litigation
• Patch knowledge gaps with targeted interventions to maximise people potential
• Identify key performers/specific weaknesses, to prioritise mentoring and training
• Eliminate identity fraud and cheating during assessments
• Career development/progression paths
• Culture shift/change

£15.00 to £60.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aknight@cognisco.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

786468586357541

Contact

Amanda Knight
01234 757520
aknight@cognisco.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Civil Service Learning and other Learning Management Systems.; HR/Workforce Management and Employee Engagement processes.; Risk and Regulatory Compliance systems and processes.; Certification and examination systems.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No.
• System requirements:
  • Chrome latest version
  • Safari latest version
  • Edge (Chromium) latest version
  • Opera latest version

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Office hours only, Monday to Friday 9-5:30. SLA levels to be agreed individually in contract.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Can be delivered if required.
• Onsite support: Onsite support
• Support levels: This is a web-based application with Technical/User support provided by phone and email.; For new clients face to face training of Tenant Administrators as part of induction is often provided onsite, or via webinars, videoconferencing and phone as required.; We build strong relationships with clients and have frequent meetings to develop projects at inception, with quarterly meetings to maintain continuous improvement.; Relationship management is vital to the bespoke nature of our business and we work hard to make it highly effective and retain clients.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For new clients face to face training of Super Admins as part of induction is often provided on-site, or via webinars, videoconferencing and phone as required. Users are supported both via their own Super Admins and directly by Cognisco via our Support Team as needed.; We focus on building strong relationships with clients and have frequent meetings to develop projects at inception with key users, with quarterly meetings to maintain continuous improvement.; We provide on-going support and training through our highly expert team to current and new users which is included as part of the overall service. We use a helpdesk ticketing system to ensure we tag every request, and then support with email, on-line, phone, videoconferencing, webinar or face-to-face support as required.; Relationship management is vital to the bespoke nature of our business and we work hard to make it highly effective and retain clients.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Microsoft Office formats
• End-of-contract data extraction: Clients have multiple options for extracting data including:; Data can be retrieved from the system via the administration function;; Data can be downloaded as extracts which can be standard format or customised;; System and data can be maintained for live access if required;; Archive database and system to be accessible for audit purposes;; Remove personal data and retain anonymised results;; Securely destroy data and back-ups as requested.; We are GDPR compliant and all our data is stored within the UK.
• End-of-contract process: End-of-contract process can include to retain system and/or data, or to provide documentation. We can provide whatever handover service is requested at an additional cost. We support clients to ensure that all user access is managed effectively and shut down client applications appropriately.; If the client does not wish for the data to be stored, the data will be securely destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Application and User Interface has been optimised for mobile devices and tablets. E.g assessments broken into bite-sized learning.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: APIs will be configurable to allow clients to provide and receive notifications from the system . These will be REST based Web APIs that use JSON payloads and will be authenticated using OAUTH.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: System is highly customisable which is a key feature and benefit to create and support bespoke applications for each client, and multiple applications within clients. The following can all be customised:; Subject and content of all assessments to include application of knowledge, behaviour, and culture to client;; Customisation of off-the-shelf assessments for specific client environments and contexts; ; Benchmarks, standards, competencies, regulations and compliance applications; ; Approved Authors can write, edit and customise assessment content; ; Client Super Administrators/Managers can customise user-access, reset assessments, manage and approve competencies; ; Team Leaders can approve evidence for competency, approve competency and allocate assessments.; Assigned assessors can award competencies.

Scaling

• Independence of resources: The system benefits from the use of elastic IP addressing to enable fail over in the case of data centre failure. Data is geo-replicated across datacentres and each web service supports seamless scaling up and out dependent on load. All data is held in the UK.

Analytics

• Service usage metrics: Yes
• Metrics types: System usage can be reviewed at multiple levels by System Administrators and Team Manager roles.; System Administrators can have access to metrics for all users, whilst Team Managers only have access to their team's metrics. Multiple levels of team can be set up.; Metrics include current usage, last access, changes made and new data added etc.; Metrics are a primary feature of the system to enable current, past and future status of users to be managed and monitored, and whether they are compliant, competent and up-to-date with qualifications.; Additional service metrics can be provided on request.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard reports can be downloaded and/or printed as required on any device.; A full reporting and data extract service can be provided by Cognisco on an on-going basis or when requested.; Data can be delivered in multiple formats.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • Microsoft Office formats
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% Up time guaranteed over the course of a year to exclude planned maintenance.
• Approach to resilience: System is designed to be highly resilient to government standards. Available on request.
• Outage reporting: We monitor and record availability of the service and alert support of any unavailability.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Biometric recognition and identification validation if required.; 2-factor authentication can be provided if required.
• Access restrictions in management interfaces and support channels: The service defines a complete set of roles that control and restrict access to the various parts of the system.; Access to Internal Management Systems which set access are controlled using corporate identities and roles at multiple levels. This enables degrees of access for different personnel within each client application.; Users can access via a login or access directly via one-time-use url link without login access.; Access requiring biometric validation can be enabled to ensure identification validation as required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Management access can be restricted to specific IP addresses if required.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification/IASME
• ISO/IEC 27001 accreditation date: 25/01/2024
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001:2015; Cyber Essentials
• Information security policies and processes: ISO 27001 standard processes and policies are followed.; ISO 9001 2015 standard processes and policies are followed.; Cyber Essentials standard processes and policies are followed.; We have a dedicated QA who reports to Head of Operations, reporting to the CEO and Board.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All components of our service are maintained within a software development lifecycle management tool including a software versioning control system. Changes identified from various parts of the business are documented and lodged within this tool and allocated to developers to implement. All changes are considered from a security impact and tested via our dedicated testing team.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our service benefits from advanced auto threat detection on our SQL servers and databases including SQL injection. The auto threat detection service maintains details of all current and new potential threats and applies these to our service automatically. All system operating systems are auto-patched by our provider.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our service runs a number of monitoring services that automatically notify us of any potential issues. Any issue requiring manual intervention will be assigned a priority ticket, triaged and remediated as soon as possible. All such tickets are responded too within 24 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users report problems either by phone or via our support desk email. Issues are triaged and responded too within our standard SLA. Incidents are logged in our support management system and responses provided to the User.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce. ; ; Demonstrate action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

  Equal opportunity

  Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract.

  Wellbeing

  Support the health and wellbeing, including physical and mental health, in the contract workforce. ; ; Influence staff, suppliers and customers through the delivery of the contract to support health and wellbeing, including physical and mental health.

Pricing

• Price: £15.00 to £60.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trial options depend on the type of service of interest to the user.; We can provide demo versions of off the shelf assessments, access to demo apps, Free trial periods, indicative reports and user experience and other options.
• Link to free trial: Www.cognisco.com/test-drive

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aknight@cognisco.com. Tell them what format you need. It will help if you say what assistive technology you use.