Blue Stream Academy Ltd

Blue Stream Academy

Blue Stream Academy is a leading supplier of educational and organisational workforce services, including:

- 140+ CPD certified online courses
- Integrated information management & HR systems
- CQC Health Check system
- Healthcare discussion forum
- Collaboration tools
- Policy & revalidation partnerships

Features

• Access to over 130 CPD certified online courses
• Real-time reporting through a built-in information management system
• Easily organise rotas/staff absences through the integrated HR system
• Track compliance progression with the CQC Health Check System
• Access exclusive policy and revalidation partnerships
• Paperless Care Certificate training and practical assessment feature
• Straight forward DBS checking
• Collaborate via the video-conferencing and diary system
• Network with other professionals through the exclusive discussion forum

Benefits

• Access to certified training suited to a range of professions
• Quickly manage and monitor staff compliance
• Gateway to all features through a single sign-on
• Complimentary system training sessions
• Data secured ISO270001 certified organisation
• Effective time management and cost effective system
• Be prepared in advance for your CQC inspection
• Specialist in-house customer support team
• Transferrable training records across organisations
• A paperless solution to add and store external training records

£10.00 to £48.99 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natalie@bluestreamacademy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

838189428675667

Contact

Natalie Poyner
01773 822549
natalie@bluestreamacademy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Weekly maintenance windows every Sunday between 2200 and 0000. Internet connection required
• System requirements:
  • Internet Connection
  • Modern Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours or on the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A - provided by 3rd party software service
• Onsite support: No
• Support levels: Onboarding training is offered free of charge to all customers.; Phone, email and live chat support is offered to all users free of charge.; Issues can be escalated to 2nd line / technical support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For new customers, Blue Stream Academy would begin by sending across a staff list document for them to fill out with their staff members details such as full name, email address and job role and then ask that they return this to their dedicated Account Manager. The team will then create accounts for all staff members ready for activation. We may also bulk upload any previously completed training so that an organisation may keep this all within the Management of Information System. A document containing login details will then be sent to the organisations manager upon the activation of an account. Following this, Blue Stream Academy's dedicated training team will contact organisation managers to offer complimentary system training and support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: After an organisation ceases to be a Blue Stream Academy Ltd. customer, their data and that of their users is retained for a period of six years; unless a direct and authorised request for deletion has been made.; ; We provide the customer with the ability to download their data within 28 days of termination.
• End-of-contract process: One month prior to the end of a contract, Blue Stream Academy's Retentions Manager will contact the lead of an organisation to see if they would like to renew. Should they wish to terminate their contract, their Account Manager will notify them that they have 28 days to download any documentation they would like to keep from their Management System. Should they wish to gain copies of reports following this, they may do so in writing to their Account Manager.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are available on both platforms
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: System administrators can; customise support contacts, add their organisation logo, configure module settings and create custom courses.

Scaling

• Independence of resources: Our system is designed from the ground up to be scalable, heavy use by customer A has minimal impact on performance for customer B. Our system supports many thousands of concurrent user connections. We also have robust monitoring in place to ensure sufficient resources are in place and allow us to plan for service expansion.

Analytics

• Service usage metrics: Yes
• Metrics types: System administrators and managers can perform the following:; ; Measure training compliance, view policy compliance, user access reports, view active/inactive accounts, view audit reports which capture which users have changed which information and when, email reminders and prompts.; ; Insight / group user accounts can view this information over a wider region.; ; Other reports such as user engagement, number of completions completed over a time period etc can be provided on request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users or managers may download their certificates at any time via our Management of Information System alongside their completed training report. Managers may also download any reports/data from our Management section which are downloadable straight to excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Blue Stream Academy offers end-to-end uptime availability of 99.9% for our services during core business hours (identified as 0900 Monday to 1730 Friday). ; ; The following are excluded from this guarantee: ; ; • Inconsistencies and failures of the Internet outside of Blue Stream Academy’s control.; • Failure of 3rd party services.; • Maintenance events as defined below.
• Approach to resilience: This information is available on request.
• Outage reporting: Via the service status page on the website, within the systems notification and alerts section, social media and via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Our system has multiple levels of access which ensures users only have appropriate access to data. System administrators can configure other users to match their organisation's hierarchy.; ; Our system uses support codes to ensure users are identified and only provided support relative to their role and organisation. We do not restrict access to support based on role - all users can access live chat, email or phone support.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 09/07/2019
• What the ISO/IEC 27001 doesn’t cover: A.14.2.7 Outsourced development.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: BarclayCard
• PCI DSS accreditation date: 06/05/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Acceptable Use Policy; Access Control Policy; Anti-Phishing Policy; Backup and Recovery Policy; Clear Desk Policy; Confidentiality Policy; Data Incident Reporting Policy; Data Retention Policy; GDPR Statement; Information Classification and Handling Policy; Information Security for Supplier Relationships Policy; Information Security Policy; Information Security Training Policy; IT Communication and Monitoring Policy; IT Security Policy; Key Holder Policy; Mobile Device and Teleworking Policy; Privacy Policy; Removable Media Policy; Secure Development Policy; Version Control Policy; Workplace Visitor Policy; ; Regular internal and external audits adhering to the ISO 27001 standard ensure that these policies are followed. Non-conformities are addressed by our Chief Information Security Officer.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our internal development system tracks changes to software and systems. Change Management Process:; ; Change Identified > Change Request Submitted > Change Assessed and Evaluated > Change Approved/Declined > Change Scheduled; ; We perform regular penetration testing, including when a significant area of infrastructure or service has changed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our infrastructure is monitored via Azure's built in tools which allows us to preempt and respond to potential threats.; ; We perform penetration testing in the event of a newly discovered vulnerability, as well as regular pen testing. We subscribe to services which alert us to any new vulnerabilities.; ; If there is a vulnerability within our system we will classify the issue as high/medium/low priority and impact. Serious issues would be resolved within 24 hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have automated monitoring and alert tools such as Azure Defender to alert administrators to breaches and potential vulnerabilities. ; ; We have policies in place to respond to potential a compromise. These involve log auditing, security configuration assessment and internal testing. Potentially affected systems are isolated whilst investigations take place, and mirror/backup systems are activated.; ; An investigation will be undertaken by the LIO immediately and wherever possible within 24 hours of the incident being discovered/reported.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Process: Data Incident Reporting Policy; ; Reporting an Incident: Any individual who accesses, uses or manages the organisation’s data information is responsible for reporting data breach and information security incidents immediately to the Chief Information Security Officer (CISO) or one the Information Security Officers (ISO) - James Donaldson-Cass/Terry Godwin.; ; Reports: The CISO/ISO and/or LIO, in consultation with organisation’s Directors, will determine who needs to be notified of the incident. Every incident will be assessed on a case by case basis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  As an organisation, our carbon footprint has remained low over the years due to the nature of our business. ; As we are an online provider, we have assisted organisations to minimise their paper usage due to everything being made available online, at all times of the day, eliminating the need for print outs.; We also stive to make sure that in house, we follow the same pattern by making sure that data is secured safely within a cloud setting. ; Alongside this, we also promote sharing vehicles when possible alongside utilising public transport where appropriate.

  Covid-19 recovery

  During COVID, our organisation tried to help as much as we could by developing a suite of courses that we made available to all healthcare professionals, free of charge.; To help improve and better their knowledge of this virus, we endeavoured to make the training as accessible as possible for all.; ; We now offer training training for Treatments for COVID-19 (Available to Those at Highest Risk) in order to direct individuals to the appropriate care.; ; Alongside this, we have also adapted our way of working to accommodate organisations who are at high risk, through offering meetings virtually and by attending online exhibitions instead of in-person.

  Wellbeing

  Our customers and employees wellbeing is of the utmost priority and we have made sure to create courses that bring specific awareness such as:; - Mental Health Awareness; - Stress Awareness; - Anxiety Awareness; - Confidence Building Awareness; - Depression Awareness; - Equality and Diversity; - Suicide Awareness; ; We encourage all to undertake these courses.

Pricing

• Price: £10.00 to £48.99 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: An organisations manager may trial our service for 30-days and sample 2 of our accredited eLearning modules. They may also undertake a live demo with a member of our team.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natalie@bluestreamacademy.com. Tell them what format you need. It will help if you say what assistive technology you use.