Maxcourse

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: There are no constraints
System requirements: Minimum requirements for devices, browsers, and internet connectivity

Minimum base licence fees are applicable

User support

Email or online ticketing support: Email or online ticketing
Support response times: Support via these channels is provided from 8:30am to 5:30pm (UK time) Monday to Friday, and any queries out of office hours will be responded to as soon as possible the next working day.

Full SLA's are available in our terms and conditions document.

Bespoke, out of hours and weekend support (on-site and remote), are available at additional cost.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Standard support is included in all licences, along with an assigned Project Manager as required.
Additionally, we provide tailored support options, including out-of-hours and weekend assistance, both on-site and remotely, which are available for an additional fee.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Comprehensive implementation and onboarding services are provided and organised by the Project Manager.
During the kick-off workshop, the Project Manager will work with the customer to define success factors, along with agreeing the implementation objectives and scope.
Additionally, they will identify the relevant stakeholders and associated roles, along with agreeing the timelines and necessary training and resources required.
A thorough training programme is available, with bespoke user documentation created to support this.
In addition, professional services such as consultancy are available on request.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: We can provide data at the customers request. Data is provided in a csv format or via system backup as agreed with the customer.
End-of-contract process: At the end of the contract, all customer proprietary data is exported, and then deleted from the Maxcourse system.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Users have access to identical functionality across both the mobile and desktop services.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: Maxcourse offers a 4-level service interface.
1) Organiser - functions relating to creating and managing courses.
2) Operator - functions for creating and managing users and enables the operator to book courses for users over the telephone.
3) Manager - accesses all current course and user issues, communicates with all or sections or the user base, generates reports for administrative purposes, and configures system resources and settings.
4) System Manager - accesses a few additional, high level areas while in manager mode. Only system managers elevate an account to manager mode.
There are also Guest and User interfaces for delegates.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: The service interface is partially conformant with WCAG 2.1 level AAA with the known limitation that users are unable to edit the line spacing, width of characters and the ability to choose the foreground and background colours without the addition of a plugin. The administrative system is logically structured and presents information in the same order to enable Administrators the ability to navigate the site with assistive technologies. The system offers multiple pathways to access information and includes bypass blocks for enhanced navigation. A Voluntary Product Accessibility Template (VPAT) is accessible upon request. We are committed to ongoing improvements to enhance system accessibility.
API: No
Customisation available: Yes
Description of customisation: Branding can be tailored, allowing instances to integrate customer logos and colour schemes to match their organisational branding. Information fields within each instance can also be adjusted.
Additionally, certain features can be enabled or disabled as needed.
Customisation can be performed by managers and system managers.

Scaling

Independence of resources: All customers are provided with their own separate instance or several separate instances each dedicated to their organisation's structural units.
The system implements multilayer performance monitoring through our internal configuration management system. This system continuously evaluates instance availability by accessing it from a different server and network. Performance is monitored internally by our third-party hosting provider (Claranet), offering extensive scalability. Furthermore, the system architecture incorporates internal load balancing mechanisms.

Analytics

Service usage metrics: Yes
Metrics types: Delegate reporting and course reporting are available upon request.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Extensive reporting available including course performance and financial reporting. These can be exported in XLS or CSV format.
Data export formats: CSV

Other
Other data export formats: XLS
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: All Maxcourse instances undergo continuous monitoring, triggering alerts in case of system unavailability. Scheduled updates are exclusively performed during clients' out-of-hour periods.

For instances hosted on Maxinity secure servers, the contract with Claranet ensures a 99.95% uptime guarantee.
Approach to resilience: We mandate full server backups and can facilitate Maxcourse data backups. Should a server failure occur, we have the capability to access your Maxcourse instance on a separate server.

Further information available on request.
Outage reporting: We continuously monitor all Maxcourse instances and promptly notify affected customers of any outages through confirmed communication channels.

Identity and authentication

User authentication needed: Yes
User authentication: Public key authentication (including by TLS client certificate)

Username or password
Access restrictions in management interfaces and support channels: Maxcourse accommodates a diverse array of user types, each with different access levels and permissions. These are applied at every level of data structures.
Site-wide managers can be easily disabled or have permissions revoked as needed. A comprehensive range of roles enables users to access only relevant information at any given time. The system supports anonymising key details, such as delegate names, to maintain impartiality.

Maxinity maintains a secure super user access to swiftly address any critical issues that may arise.
Access restriction testing frequency: At least every 6 months
Management access authentication: Public key authentication (including by TLS client certificate)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Our organisation is committed to adhering to the foundational principles outlined in ISO 27001 and is actively establishing an Information Security Management System (ISMS). Currently, we are in the process of transitioning our operational practices into documented policies. This strategic initiative underscores our dedication to protecting sensitive information and ensuring the integrity, confidentiality, and availability of data across all operations. Our goal is to continually enhance this protective layer of our organisational infrastructure against potential cyber threats and vulnerabilities.

Following the ISO 27001 standard, we seek to strengthen our resilience, foster trust among stakeholders, and demonstrate our commitment to upholding relevant standards of information security. We are dedicated to pursuing certification, which will further validate our credibility as a trusted custodian of sensitive information, as already affirmed by our customers.

To ensure adherence to information security principles, we conduct regular risk assessments, with senior management consistently reviewing the company's current infosec posture.

Our cloud services providers are certified to multiple standards, including ISO 27001, SOC 2, and other industry frameworks.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We manage the configuration and change requests within our internal ticketing systems, following our established process. All communication between us and our customers is meticulously tracked to capture request sources, reasons for change, problem statements, expected outcomes, issue type, estimated effort, impact, and reach. Additionally, we document impediments, transitions through our SDLC, assignees, and release versions.
Changes go through the 2-level refinement process where they undergo risk-benefit analysis and get assessed for their potential security impact. Changes are fully auditable, extensively tested and released within a specific version of the software for extended traceability and configuration management.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Our process begins with an initial review to understand the nature of the issue and our level of control. We swiftly address threats, with response times tailored to the issue's urgency and our ability to intervene, sometimes resolving issues in under an hour.

We offer a robust issue tracking and patching system, prioritising the system's continuity.
Resolution timing varies depending on the issue's nature. If necessary, we will implement emergency patch measures.

To stay informed about the latest threats and vulnerabilities, we draw from various sources including cyber essentials threats, security networking, and platforms like OWASP.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: 1.Monitoring and logging systems to track and report suspicious activity to administrators.
2.Codebase and infrastructure security testing.
3.Adhering to secure coding and design principles.
4.Regular risk assessments.
5.Continuous evaluation and enhancement of security practices.
6.Remaining vigilant of emerging security threats.
7.Educating users on best security practices.

In the event of a security incident, immediate action is taken. Support, management, and development teams collaborate to triage the issues and devise an incident response plan. This plan outlines the necessary steps and timeline to contain the incident, minimise damage, restore normal operations, and extract valuable lessons for further enhancing security measures.
Incident management type: Supplier-defined controls
Incident management approach: We have established processes for common events, and users can report incidents through various channels, which are then captured by our support team. These incidents are documented in our internal communications tracker, categorised based on urgency and complexity, and handled accordingly.
Complex issues are triaged and resolved in collaboration with our development team, with any necessary documentation and tracking conducted as a development task.
If needed, help guides are updated upon incident resolution to enhance self-help capabilities for our clients.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Tackling economic inequality
Equal opportunity

Fighting climate change

As a responsible business we are committed to integrating sustainable practices across all aspects of our operations and are currently in the process of finalising our comprehensive sustainability plan, which is being designed to align with the UK's ambitious environmental standards and guidelines. This plan encompasses a wide range of initiatives, including reducing our carbon footprint, enhancing energy efficiency, responsibly sourcing materials, and minimising waste. Our goal is not only to comply with current environmental regulations but to set a benchmark for sustainability within our industry.

Tackling economic inequality

We recognise the diverse socio-economic backgrounds of the candidates and students who rely on our software. In designing our products, we are committed to ensuring equity in both performance and user experience. It is our core belief that access to high-quality technology should not be contingent upon one's financial means. Therefore, we meticulously craft our software to guarantee that no individual is at a disadvantage due to the limitations of their available systems.

Equal opportunity

Maxinity is continuously monitoring its software in accordance with Web Content Accessibility Guidelines and is committed to enhancing user experience. We are dedicated to improving our users experience and ensuring that all user feedback is used to improve our product.

Pricing

Price: £6,000 to £200,000 a licence a year
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Maxcourse

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents