Skip to main content

Help us improve the Digital Marketplace - send your feedback

CoSector Limited

CoSector Managed Applications

CoSector - University of London's Managed Applications service is based on stable releases of popular digital learning and research applications. CoSector offers support and management for services that support teaching, learning, administration and assessment, also services that support custody and discovery of research outputs.

Features

  • Moodle's established VLE / LMS platform
  • Mahara's established ePortolio platform
  • Digital Assessment via Janison (including remote proctored exams)
  • Student/Tutor Business Intelligence via IntelliBoard
  • Secure E-Mail Data Protection via Zivver
  • Hosted on Microsoft Azure or our private cloud
  • Full customisation (via plugins) supported
  • Integration with popular student record systems
  • Data safe-guarding and preservation via Arkivum
  • Repositories via Cayuse, EPrints or Samvera

Benefits

  • Combine open-source flexibility with enterprise level assurances
  • Tailor the VLE / LMS to suit your institutional priorities
  • Access a thriving community of users and practitioners
  • A service that can grow as your institutional usage grows
  • Runs on Public Cloud to support user needs
  • Accessible from any device
  • 24/7 Enhanced support option available

Pricing

£7,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cosector.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 7 7 3 2 0 2 5 1 8 7 5 9 3 5

Contact

CoSector Limited Dave Kenworthy
Telephone: 020 78631300
Email: info@cosector.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
None
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 Business Days. Within 30 minutes for critical incdents (24/7/365)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
A Technical Account Manager is provided for all services. Support levels can be tailored to support different institutional needs but all services benefit from 24/7/365 Incident Support combined with optional additional time (with SLA) for guidance, assistance, customisation and any other support required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Online training and user documentation provided
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data is readily extractable in open formats. Assistance can be provided for more complex data transfer needs (at extra cost)
End-of-contract process
As data is readily extractable by users, all additional assistance with data extraction and transfer is at additional cost

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
HTML interface accessed via web browser
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
All managed applications have been tested with both automated accessibility testing tools and users of assistive technology
API
Yes
What users can and can't do using the API
All application functionality is available via the API
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Where the application is open source, users may work with us to extended or customise the application itself. Our support levels, volume and SLAs can be customised.

Scaling

Independence of resources
CoSector - University of London's overall acrchitecture is a hub and spoke where each customer resides in a separate and segregated spoke, underpinned by independent cloud infrastructure. Communication between the hub and spokes is managed by resilient firewall devices that prevent any intra-spoke traffic.

Analytics

Service usage metrics
Yes
Metrics types
Hosting usage (CPU, RAM, Storage etc.) Support Time Consumption
Reporting types
Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Janison, Zivver, IntelliBoard, Microsoft, Brickfield Labs

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data through the main service interface.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% (24/7/365). Users are provided support hours credits if guaranteed levels are not met.
Approach to resilience
Available upon request
Outage reporting
Email alerts
Support portal alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All management interfaces are protected with multi-factor authentication. Support channels are only accessible to known users and can be optionally linked to institutional identity/authentication.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bsi
ISO/IEC 27001 accreditation date
18/03/2022
What the ISO/IEC 27001 doesn’t cover
No exclusions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Es IMS Overview IMS Objective Tracker IMS Internal Audit Procedure IMS Internal Audit Plan IMS Improvement Procedure IMS Management Review Agenda & Minutes Template Enterprise Risk Log & Information Asset Register Information Security Risk Assessment Process Information Security Policy IMS Communication Policy Asset Management Procedure Document Control and Records Management Procedure Supplier Management and Supplier Information Security policies (with supporting procedures) Laptop & Mobile Device Policy Teleworking Policy Acceptable Use Policy Information Classification Policy Media Handling, Disposal & Transfer Policy Logical Access Control Policy Password Policy Cryptography Policy Physical & Environmental Security Policy Clear Desk & Screen Policy Backup & Restore Policy Vulnerability Management Policy Secure Development Policy Secure Engineering Principles Information Security Incident Management Process Project IS Considerations Checklist Patching Policy BIA, BCP & DR Plan Review Process BCP Test Schedule Change Management Policy & Procedure Application Services on Public Networks Policy Register of Legislation Capacity Management Process Record of Processing Activities (ROPA) Privacy Notice/Policies (for Data Subjects) Subject Access Response (SAR) Procedure Subject Access Response (SAR) Register Privacy Complaint Procedure Data Protection Impact Assessment (DPIA) Register DPIA Template Controller/Processor Legal Agreement/Contract Template(s) Our Managing Director is responsible for Information Security and ensuring policies are followed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
CoSector operates ISO27001 accredited Asset Management Procedures and Change Management Policy and Procedures.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All systems are scanned with a reputable vulnerability scanning tool at least monthly and classified according to their severity. Any Critical or High vulnerabilities shall be assessed and one or more of the following shall take place: - Vulnerability marked as a false positive - Implement mitigating protection against the vulnerability - Identify and take appropriate corrective action(s) – rescanning where possible to confirm resolution. Where we become aware of a vulnerability through any other channel, we log the vulnerability, assess the severity and if considered comparable to a Critical/High vulnerability from the tool, take one of the above actions.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
CoSector operates monitoring, logging and analysis of events across its systems. If potential compromises are detected, operational support teams are notified 24/7/365, enabling a response within minutes for the most critical incidents.
Incident management type
Supplier-defined controls
Incident management approach
CoSector operates a ISO9001 and ISO27001 approved Incident Management procedures including standard operating processes for common events. Most incidents are detected by monitoring systems but users can also report incidents via email, web portal or telephone (24/7/365) Our ticket systems enables root cause analysis reports to be promptly provided in written form.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Joint Academic Network (JANET)

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Tackling economic inequality

Covid-19 recovery

CoSector's focus and expertise in digital forms of education and research continues to be instrumental in helping institutions navigate the post-pandemic world.

Tackling economic inequality

CoSector and University of London's core mission to improve educational standards around the world is fundamental and drives every part of our activities.

Pricing

Price
£7,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cosector.com. Tell them what format you need. It will help if you say what assistive technology you use.