GP STRATEGIES LIMITED

GP Strategies Consulting & Professional Services including Moodle

GP's tools-agnostic approach means that our experts recommend the correct tools and technologies to support your goals. Whether it’s getting the most out of your current tools, selecting new ones or building your learning ecosystem, we can help. Specialists in Moodle, Mahara, LearningLocker, OpenSearch and Alfresco in the Defence sector.

Features

• Capture product requirements
• Evaluate current technology landscape
• Strategy design
• Implementation of bespoke solutions
• Deployment, maintenance and support
• Integration across a range of systems

Benefits

• Market leader in Learning Technology
• Revolutionize your learning technology landscape
• Deliver change at unprecedented speed and scale
• Deliver measurable business results
• Dedicated Defence team

£1,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lxbidteam@gpstrategies.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

816501604620761

Contact

Sean Nugent
020 8694 7120
lxbidteam@gpstrategies.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Constraints might include planned maintenance arrangements or support being limited to specific hardware configurations.
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday UK time, between 9.00 a.m. and 5.30 p.m. excluding Bank Holidays and the week between Christmas and New Year.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: No matter the size or scale of your project, we can offer our very own technical support and maintenance team. GP provides expert technical assistance across a wide range of learning web applications and integrations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: GP can work to varied client requirements, including any necessary training, support and documentation for bespoke learning web applications that can be tailored subject to specification.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We would provide a full site copy for data to be extracted.
• End-of-contract process: Should you wish to transfer your site to another provider for hosting/maintenance/future updates, we will provide all documentation relating to the site and assist in the transfer process. Should we need to provide additional training to the new supplier or the client, this would incur an additional charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: GP can work to varied client requirements, including building bespoke learning web applications and integrations that can be tailored for mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: GP can work to varied client requirements, including building bespoke learning web applications and integrations interfaces that can be tailored subject to specification.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: GP can work to varied client requirements, including compliance with the WCAG 2.1 AA standard for bespoke learning web applications that can be tailored subject to specification.
• API: Yes
• What users can and can't do using the API: GP can work to varied client requirements, including the creation, customisation and documentation of API's for bespoke learning web applications that can be tailored subject to specification.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: GP can work to varied client requirements, including necessary customisations to branding/look and feel, implementation of plugins, gamification, custom reports and enhanced functionality and features. for bespoke learning web applications that can be tailored subject to specification.

Scaling

• Independence of resources: GP can work to varied client requirements, including scaling the team size to meet the demand of our clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Should we provide hosting and support for your platform, we provide reports on performance, support tickets and site availability.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data can be exported in CSV format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Hosting Services under this agreement will provide 24/7 uptime, with a minimum of 99.5% availability per calendar year (excluding reasonable and scheduled maintenance periods). Uptime is defined as the Website being accessible and fully usable from a site that is physically different to the one that hosts the Website. If the Website is unavailable beyond this 0.5 percent period by the cause or fault of GP (or its suppliers) then, by means of the Client’s sole remedy, GP shall provide a service credit of four (4) hours free Hosting Services at the end of the term of this agreement for each subsequent 30 minutes that the Website is not accessible. The maximum service credit in respect of any single 24-hour period of non-availability is 48 hours of free Hosting Services at the end of the term of this agreement. The maximum service credit arising under this contract shall not exceed 12 weeks. A standard server design will not cater for large User Surges. GP has designed the Client’s specific server configurations such that User Surges should not have an impact on user experience, but any foreseeable Website User Surges should be communicated to GP in advance.
• Approach to resilience: Our hosted platforms have a 99.5% availability target as a standard part of our service level agreement.
• Outage reporting: Outages are reported via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: Whitelisted self-registration - e.g. using a specific email domain, such as @gpstrategies.com
• Access restrictions in management interfaces and support channels: Moodle has an extensive and extendable roles and permission system including providing access to specific reports to specific individuals or roles.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Hosting service provided by AWS (subprocessor) who are ISO-27001 certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Our Information Security policy is the responsibility of the IT management team and is carefully monitored on an ongoing basis to ensure compliance with regulations (e.g. GDPR and the Data Protection Act). Key points from the policy and procedures include: ; • Staff must undertake mandatory training annually to ensure they are aware of potential security threats and concerns and are able to support the security policy in the course of their work ; • Any member of staff suspecting an incident involving GP's IT/IS Security must immediately report their concerns to the Systems Manager who will assess any immediate action required to protect both GP/Client data and reputations, and inform the Head of Information Security ; •In order to identify potential Information Security breaches, GP reserves the right to monitor all external and internal communications and access to the GP network, intranet and the internet, where the property of GP is used in the communication or is accessed remotely from outside GP ; • All systems have security products installed to protect against unauthorised entry ; • All systems are protected by passwords, especially those permitting updates to data ; • All servers use encryption technology

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to systems within the development lifecycle are controlled by: * Ensuring changes are submitted by authorised users. * Ensuring authorised users accept changes prior to implementation; * History of all events is maintained and old versions retained for reference purposes. Most systems are also configured using Puppet, and Continuous Deployment services (Jenkins) which provide a standard way of delivering and operating software, no matter where it runs. This automated solution provides visibility and reporting when we need to make decisions and prove compliance.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Most systems are configured for Automatic Security Updates and patch deployment. GP periodically carries out a vulnerability assessment of our corporate offices as part of the Cyber Essential PLUS certification process. We use an automated patch management system. Patching is done 3 times per week. This includes operating system and application support.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Depending upon need, we can set up web application firewalls and enhanced protective monitoring tools to block potential attacks to a site. We also regularly apply released security patches to keep the platform up to date against known vulnerabilities. In the event of a compromise our estimated maximum time to restore is 1 day.
• Incident management type: Supplier-defined controls
• Incident management approach: We have monitoring tools that pick up whether a site is likely to become or has become unavailable. We then investigate this after we receive an alert. Users can also report incidents by phone, ticketing system, or email depending upon the support services supplied. Communications are sent via our support service desk to the confirmed client contact(s), including incident reports to an agreed SLA.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  GP Strategies is committed to fighting climate change and reducing the direct environmental impacts of our operations. We follow best environmental practices, reducing our carbon footprint, and supporting our clients' efforts to minimise their impact on the environment.; ; We incorporate sustainable thinking into our business and working to deliver solutions that reduce environmental impact for both GP Strategies and our clients. Taking a responsible approach to the environment is one of our core values and we aspire to achieve this by controlling and minimizing our environmental impacts, driving continuous improvement, and evaluating new opportunities for environmental stewardship that improve our environmental performance. Our Environmental Management Program guides our strategies and actions to reduce greenhouse gas emissions, which include these five priorities:; ; 1. Reducing our physical office footprint through reductions in square footage of office space by promoting more virtual work environments, where feasible; 2. Leveraging renewable energy, where feasible; 3. Minimizing GHG emissions related to business travel; 4. Reducing consumption and promoting recycling of electronic equipment; 5. Reducing consumption and promoting recycling of consumables, including paper; ; To help our clients reduce their carbon footprint we delivery effective learning experiences using a mix of modalities. Our approach includes digital content and virtual instructor-led training, which helps reduce Scope 3 emissions. When in-person training is necessary, we prioritise local resources and regional trainer pools to minimise travel.; ; To ensure transparency, we publish our objectives and targets on CDP and EcoVadis. We periodically evaluate the progress of our environmental performance goals to ensure our environmental management program is on target.

  Covid-19 recovery

  For one global client, the corporate standard virtual meeting environment quickly proved to be grossly inadequate for virtual learning sessions. Audio and video reliability and quality were poor, and the tool lacked common features that enable virtual learning sessions to succeed. Through GP’s enterprise license agreement with a well-known and highly capable virtual learning platform, we quickly (in four business days) arranged 12 licenses for our client’s use. We also provided virtual session administration and delivery process flows and procedures to ensure all aspects of the sessions, from scheduling to closeout, were professionally handled.; ; For another global client, GP was engaged to support the design, development, and in-person delivery of their “New Horizon” content globally (a strategy that outlines how the client will focus on their people, their customers, and their shareholders.) With the onset of COVID-19, a drastic change in approach was required. Everything regarding the rollout had to be reimagined. The GP team had to quickly pivot and create an engaging solution that could be delivered virtually by our client’s leaders and supported by GP staff. ; ; GP can help organisations stabilize in times of disruption. We can help you navigate any disruption and can offer support in many ways, including:; ; • Emergency preparedness - includes support through strategic planning, response, training, and staff augmentation.; • Change support and enablement strategies to help you adapt to new ways of working together.; • Learning continuity strategies to ensure learning continues and your employees remain up to date.; • Learning and collaboration tools and technologies.; • Converting face-to-face training into virtual experiences.; • Instructor training to help your instructors become effective virtual facilitators.; • Virtual design thinking and collaborative sessions to give you the thought leadership you need to succeed.; • Access to virtual moderators and facilitators.

  Tackling economic inequality

  GP, as part of LTG, has always supported internships and apprenticeships. We have people in senior roles who came to work with us through these schemes. We have adopted the new apprenticeship scheme and have already used it to hire an IT apprentice for one of our London offices.; ; We always choose interns who are local to the area and with specific interests that we can nurture and they can contribute. For example, we recently had an intern in our Sheffield office for the summer shadowing our Quality, Health & Safety and Environmental Manager. She had an interest in Wellness and we have captured her feedback in relation to integrating aspects of her contribution into one of our Health and Safety policies.; ; In 2021 we took the first steps towards establishing a graduate scheme that aims to recruit a diverse group of future leaders with an apprenticeships programme in the UK, to enable us to reach less fortunate socio-economic groups.

  Equal opportunity

  GP Strategies is committed to creating a culture that embraces and celebrates people’s differences. We believe that organisations should embrace their workforces as they are, and we continually review how we ourselves can best promote and advance a culture in which all our staff feel comfortable being themselves in the workplace.; ; We implemented three goals: awareness (to increase sensitivity and understanding and create a common language around diversity, equity, and inclusion); training (to help employees appreciate cultural differences and equip leaders with greater confidence and competence in taking actions that create a greater sense of equity and inclusion); and engagement (to address cultural and structural barriers). To meet these goals, we developed the GP IDEA (Inclusion, Diversity, Equity, and Accountability) Council. This cross-functional, cross-enterprise Council’s mission is to foster an environment where diversity is not only accepted, but also embraced and valued.; ; Employees are invited to actively participate in monthly, voluntary, employee-led and leadership-sponsored Employee Resource Groups (ERGs) that foster a diverse, inclusive workplace aligned with our organizational mission, values, goals, business practices, and objectives. Our ERGs include Asians & Asian Americans plus Allies; Black plus Allies; LBGTQ+ plus Allies; Allies and People Living with Disabilities (APLD); Women’s Inclusion Network (WIN); Veterans plus Allies; and The Mind & Fitness Café.; ; Our consultancy, facilitation, and programme design options encompass leadership and DE&I programmes, enabling our clients to work towards the common goal of fostering inclusion, equity, and social justice.; ; We also help our clients communicate their ESG priorities through engaging content. Our tailored ESG learning content covers a range of topics, including health and safety, cyber and data security, modern-day slavery, anti-harassment, personal ethics, whistleblowing, anti-bribery, and consumer protection. By providing this content, we aim to enhance the operating resilience, sustainability metrics, and ethical culture of your organisation.

  Wellbeing

  An important part of our Corporate Social Responsibility (CSR) strategy is taking care of our people. This includes the following:; ; Employee wellness programme - the programme focuses on a number of areas: Mental health; Physical health; Health and safety; Personal development; Social connections, and Social contributions.; ; Diversity and inclusion - we believe that the diversity of our workforce is a key point of strength, making the group a more vibrant and dynamic place to work. We continually review how we can best promote and advance a culture in which all staff feel comfortable being themselves in the workplace.; ; Communication and staff surveys - We prioritise measuring the staff’s well-being through our regular engagement surveys. We have peer focus groups who look at the results of the surveys to better understand how we can improve aspects of the working environment including the delivery of training and development interventions. We have made a concerted effort to act on any feedback received and have worked hard this year to listen to our people. For example, in response for better communication, we have introduced regular town halls and monthly newsletters.; ; Employee Assistance Programmes - in the US and UK we provide staff with support in a range of areas, including well-being support, financial advice and legal advice; Professional development - we have in place a talent management system for career development, goal setting and progression at GP.

Pricing

• Price: £1,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lxbidteam@gpstrategies.com. Tell them what format you need. It will help if you say what assistive technology you use.