Isotoma Ltd

Sofia Curriculum Mapping Software

Sofia is a powerful curriculum tool that maps even the most complex curriculums simply and beautifully. Developed for real-life use by the team at Imperial College it is now in use by nearly 20 institutions worldwide, providing curriculum mapping and management across a wide range of undergraduate and postgraduate courses.

Features

• Support for all curriculums within an institution
• Define metadata on a per curriculum basis
• Powerful version control tools, with full exportable audit trail
• Assign versions of each curriculum to individual cohorts of students
• Cloud hosted SaaS product, fully browser based
• Easy integration via API with other institution systems
• Upload or link to learning and teaching resources
• Round trip import and export of any curriculum
• Integration with institution SSO
• ISO27001 and Cyber Essentials Plus

Benefits

• Rich graphical interface for both students and adminstrators
• Powerful search and filtering of curriculums using metadata
• Allow learners and educators to view outcomes in context
• Support curriculum governance processes and procedures with ease
• Link institution scheduling tools to see when topics are taught
• Provide read only accounts to external accreditors to evidence teaching
• Robust traceability and provability of teaching and learning
• Support curriculum teams across the entire institution
• Access the application on or offline from any device

£12,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

828155517223989

Contact

Andy Theyers
01904313980
enquiries@isotoma.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: SaaS application

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hours UK working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The application is monitored and managed 24 x 7. All customers receive the same support level. All customers have access to a specialist support team via web, phone and email
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Every customer receives up to 10 days of curriculum consultancy provided by educational specialists from Imperial College. There is a large library of online training videos to assist in using the application.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users may extract their data at any point using the unbuilt export feature
• End-of-contract process: Users are provided with an export of their data in a format that can be used in other systems. We manage the disconnection from customers' SSO systems. No other offboarding is required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users accessing the application via a tablet get the full desktop experience. Those accessing via a mobile phone or similarly small screened device get a cut down version of the application, with key 'at a glance' features made more prominent.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Authorised users can:; - access curriculum data; - access curriculum changes; - update curriculum data; - create and update calendar entries
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users of the software can:; - customise the appearance of the application to match their institution's branding; - customise the structure of the curriculum appropriate to their institution; - customise the metadata the system stores appropriate to their institution

Scaling

• Independence of resources: Sofia is installed in multiple AWS Availability Zones and is configured in such a way that it can auto scale. Customers read from a fluid pool of database read replicas, ensuring that all load can be accommodated.

Analytics

• Service usage metrics: Yes
• Metrics types: If you provide us with a Google Analytics tag we will incorporate this within your instance of the application. Other systems are available at a small extra cost

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported at any time via the inbuilt export feature. Data is delivered in a documented spreadsheet format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim to meet 99.99% availability, measured annually. 2020 and 2021 were both 100%
• Approach to resilience: This information is available on request. Full architecture is available to those institutions wishing to purchase the product.
• Outage reporting: Outages are reported on a public dashboard and via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Available on request
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 25/10/2021
• What the ISO/IEC 27001 doesn’t cover: The entire Sofia service is covered by our ISO27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Sofia is managed under both our ISO27001 and Cyber Essentials Plus certifications. Our ISMS is available to prospective customers on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Available on request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on request
• Incident management type: Supplier-defined controls
• Incident management approach: Available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Our employment decisions are based on the principle of equal employment opportunity.; ; Accordingly, we do not discriminate on the basis of race, colour, creed, gender, national origin, disability, age, veteran status, citizenship, marital status or sexual orientation.; ; To support this policy we do the following:; ; All vacancies within the organisation are advertised both internally and externally, and equal weight is given to internal candidates as to those applying from outside the organisation; ; There is a published career progression pathway for each role within the organisation, and all staff are actively encouraged and supported to progress along their chosen pathway; ; All staff are encouraged to promote the vacancies to any and all social spaces and professional communities - both physical and virtual - that they belong to, to encourage a diverse range of applicants; ; All vacancies are promoted to those professional communities within the York and Yorkshire regions that provide support to sections of the community that do not usually have access to software development (and related) roles; ; The wording of each job advert is assessed to ensure that it does not include unconscious bias in the expectations it sets for applicants; ; Equal weight is given to those applicants with life experience rather than formal qualifications; ; We actively encourage applicants who are undergoing a career change through relationships with local retraining organisations

Pricing

• Price: £12,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can set up a demo instance (time limited to 1 month) for prospective customers

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.