Think Learning Record Store (LRS) xAPI Platform
Store, manage and display learning data from multiple platforms and sources with our Learning Record Store (LRS). Can be integrated with client learning architectures and configured for xAPI tracking, reporting, xAPI statements and metrics. Also available with our Totara TXP product range. Healthcare, NHS, and Government specialist experience.
Features
- Store and display learning data from multiple platforms and sources
- Process and store xAPI statements and learning results
- Define the metrics and outcomes that your learners achieve
- Highly configurable learning reporting and tracking
- Can integrate with multiple LMS, LXP and learning platforms
- Any content or application can use the Experience API
- Organise learning data from multiple different sources
- Improve learner engagement and outcomes with the xAPI standard
- Securely hosted and maintained
Benefits
- Capture learning interactions from mobile apps and webpages
- Store learning experiences flexibly with the xAPI format
- Track real-world experiences as well as formal learning
- Collate multiple sources of learning data for rich analytics
- Significant scalability compared to an LMS
- Real-time data access and updates
- Sophisticated catalogue search and browse
- Skills Passport and transfer between organisations
- Badges and micro-credentials
Pricing
£8,308 to £26,153 an instance a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 7 8 8 1 5 6 5 5 8 9 2 3 8 7
Contact
Think Learning
Think Learning Commercial Team
Telephone: 01273 025078
Email: hello@think-learning.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Totara TXP Learn LMS (Learning Management System), Totara TXP Performance (Talent Management Platform), Totara Engage LXP (Learning Experience Platform)
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- Planned downtime for scheduled updates/upgrades, pre-agreed with clients for maximum convenience/efficiency, and minimum disruption to end-users.
- System requirements
-
- PC or Mac: Windows 7+, Mac OS X 10.5+
- Client-side JavaScript required
- Tablet or Smartphone: Android, iOS
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our standard response time within UK business hours:
- Critical: 1 hour
- High: 4 hours
- Medium: 8 hours
- Low: 16 hours - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Standard online 2nd and 3rd line support to client administrators (£90-£110/hr dependent on issue complexity). This covers off-site support, helpdesk responses, booked webinar appointments, and other activities requested by client (e.g. site configuration, user guide creation, etc). We track time used against the Support budget in our timesheet system at our standard rates of £110/hr (£825/day) for problem-solving and consultancy, or £90/hr for administration tasks, explanations, and straightforward configuration work via our helpdesk. 20% of the overall support budget is not formally tracked by our teams, and is accounted for by quick, adhoc query responses, access to our online Helpdesk, and further Support-based reporting and analysis. We take a proactive, collaborative approach to Support, working hard to ensure that support queries receive long-term solutions (with detailed responses designed to prevent issue recurrence). We track/report Support budget usage for clients, so that you can make informed, timely decisions about whether or not extra budget is required during the contract. You do NOT pay anything for us to fix confirmed bugs with the system or confirmed technical issues with our hosting services. We offer client portal/forum access, and involve clients with roadmap development and platform strategy. Premium support services are available.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Prior to launch, as part of our robust Implementation Service, system administrators go through rigorous training and hands-on familiarisation programmes which are delivered via live, interactive online training sessions (which can be recorded for refresher training purposes). Additional cost where onsite training/workshops are specifically required. In business-as-usual, system administrators have ongoing support via the Think Learning Helpdesk (utilising their Client Services & Support budgets), and via optional further training and consultancy from our Operations and Development Services teams. We also facilitate client networks (sector- and topic-specific), events, and forums to promote networking, sharing and collaboration.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Administrators are able to run and export a range of reports in order to extract user/activity data. In addition, we provide you with a copy of all site user data and records. We not provide copies of code created by Think Learning for/with our clients, which is for use by our client community only. We can provide additional help in migration, either using remaining support budget or for an additional support fee.
We purge all client data from servers and all historic backups. - End-of-contract process
- The off-boarding process is included in the price of the contract (provide client/new supplier with all data, purge client data at agreed timescale), any additional actions would be at additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Applications are written in-line with industry web standards including XHTML, HTML5, and ECMAScript 5.1 (commonly referred to as JavaScript). Application displays in the latest browsers that supports these standards. We aim to ensure that the product is equally usable both on desktop and mobile devices. Areas such as navigation, expandable/collapsible sections, and actions should all work with both desktop and mobile controls.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Application relies on xAPI statements. Others APIs created by Think Learning on request (scoped and costed individually)
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Our user interface provides administrator options to configure platform features, elements, reports, settings, theming, user journeys and permissions. Users with the appropriate level of permission can make the customisations.
Scaling
- Independence of resources
- Our platforms are hosted on scalable cloud servers that are monitored 24/7 using performance monitoring software.
Analytics
- Service usage metrics
- Yes
- Metrics types
- The platform includes an audit trail for site-wide user activity logging. This system data can be displayed on a page or downloaded in text, ODS, Excel. We also provide free site activity tracking reports (from a web analytics application) to provide rich data around platform in-page time spent, bounces, geographical access and device/browser intelligence.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Other
- Other data at rest protection approach
- Encryption at rest for virtual environments is available on request.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Site users (with appropriate permissions) are able to run and export report data based on their activity and site records. We can, on request, create user report export/extract features, at additional cost.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- External system or database integration
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We work to make your System available for use over the internet 24 hours per day, 7 days per week. We commit to no more than 0.1% of the year of unscheduled downtime (total inaccessibility to your production site), with service credits if we don’t meet this commitment (based on additional free weeks of hosting/maintenance service). Planned maintenance is excluded from the calculation. At least 5 working days of notice will be provided for any maintenance taking place between 5pm and 8am. At least 10 working days of notice will be provided, for any maintenance taking place between 8am and 5pm (or as agreed with clients). Your site will be monitored via health checks at the server and application layers.
- Approach to resilience
- We provide clients with access to high performance, secure, entirely UK-based platform services (with ISO27001, ISO9001, ISO27017 certification). A tier 3 data centre in London, and 100% network uptime guarantees. Includes a hot spare blade, so that in the event of a blade failure, a fresh blade is provided and restored. Daily backups are provided and stored on a separate SAN located on a separate physical location. Firewalls are provisioned in a High Availability (HA) pair and are fully managed. The DDoS defence system is based on detection/diversion/verification/forwarding, and inspections are performed in real time, including the provision of IDS server monitoring for any malicious activity.
- Outage reporting
- We report outages through Think Learning Helpdesk notifications, email alerts, and by phone, as relevant.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Platforms utilise role-based access control for named system administrators, and all other role types (i.e. managers, employees, trainers, etc). The individuals, system administration and management roles, and specific configuration access are specified and agreed as part of the Implementation process. The named system administrators also have access to technical support via the Think Learning Helpdesk. This is routinely audited, as part of ISO27001 accreditation.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ISO Quality Services Ltd
- ISO/IEC 27001 accreditation date
- 04/03/2022
- What the ISO/IEC 27001 doesn’t cover
- Our data centre partners have separate ISO27001 certification for the UK data centre. Certificate available on request.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- IT Governance Ltd
- PCI DSS accreditation date
- 24/04/2023
- What the PCI DSS doesn’t cover
- N/A
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
Cyber Essentials Plus
ISO9001 - Information security policies and processes
-
Information Security Management System policies and processes, certificated and audited bi-annually by ISO Quality Services Ltd. Audit reports available on request. The Information Security Manager is a board level Director.
Our Cyber Security and Information Security policies are communicated to, and signed by, all Think Learning employees. Staff training around GDPR is a key element of our onboarding process. We have regular audits of the controls listed above in terms of ensuring that all devices used by staff are fully compliant. All staff are updated at internal company meetings about ongoing cyber and information security requirements of personal devices and internal systems. As consultants, they can also advise on the Infosec capabilities of our cloud-hosted platforms.
Think Learning also has an ICO registered Data Protection Officer (DPO).
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Code is managed by the Technical Services team utilising Git. Service and feature changes follow secure software development practices, and risk reviews prior to launch, including pen test processing. Access to production environments is limited. All changes are reviewed and tested before approval and promotion. Stages include design, documentation, implementation and/or rollback, testing in staging and dev sites, peer review, and approval by authorised parties. Exceptions to change management processes are documented and reviewed. All changes and upgrades are tested within a client specific development environment to ensure functionality and security before moving to the live environment.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Vulnerability management is a control within our Information Security Management System (12.6.1). We monitor for vulnerabilities, and where vulnerabilities are identified, system asset lists are examined to assess the impact of the vulnerabilities on the security of the system. Where a software update is deemed necessary, then the change control process is initiated. Critical patches are deployed as soon as reasonably possible.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our cloud-hosted platforms are monitored 24/7 at the application layer via health checks and performance monitoring. In the event of a potential compromise the technical team are alerted by text to resolve the issue within the stated SLA. Our security suite and defence system is based on detection/ diversion/ verification/ forwarding.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Users report incidents via the Think Learning Helpdesk, which triggers the internal incident management process, involving Classification and initial support; Investigation and analysis; Resolution recording, closure and reporting via the Helpdesk.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Think Learning is a Carbon Audited Organisation, to support ours, and our customers', social and environmental objectives as we move towards a net-zero carbon economy. Audited by https://carbonmanagers.com/. We are committed to carbon reduction in light of the global climate emergency. Through an annual carbon audit we understand the impact of our operations and we minimise this through a long-term investment into carbon offsetting using a combination of ethical carbon removal methods and annually achieving less than 'net zero'. We apply our environmental policies to the activities of all our offices and wherever possible to our consultants when operating on client sites. We will support our clients’ environmental policies when we are operating on their sites. The company applies the principles in a number of ways:
• Our hosting partner is fully ISO14001 compliant at their London data centres, and are very committed to environmental sustainability. They work to actively reduce the impact of all of their data centres on the environment, through energy efficiency programmes.
• We undertake an annual company carbon audit.
• We encourage consultants to work from home whenever possible to reduce impact on the environment.
• We encourage our consultants to use public transport when travelling, and we operate a car hire scheme which reduces the need for employees to own cars.
• We conserve natural resources by reusing and recycling materials such as paper and printer cartridges, purchasing recycled materials or with a high recycled content, and using recyclable packaging and other materials wherever possible.
• We use electronic communication such as email, intranets, voice over IP and P2P software to reduce the amount of paper used.
• We undertake regular internal audits to ensure ongoing compliance with this policy, including where they impact our Cyber Essentials Plus, ISO9001 and ISO27001 accreditations. - Covid-19 recovery
-
Covid-19 recovery
During the pandemic, we've strengthened and improved our technological and service infrastructure, and we are able to offer a very robust, entirely virtual service. We’ve responded quickly to pandemic-related pressures, helping Healthcare clients to schedule mass-staff vaccination appointments, creating a Risk Assessment solution, and configuring PPE-related workflows and e-Forms. We've built increased resilience and capacity so that we can continue to provide high quality, uninterrupted services to our (predominantly Healthcare) client base. We're privileged to have been able to support a wide range of public sector organisations during the pandemic, but especially a large NHS Healthcare client base, who have achieved incredible results in very difficult circumstances, and who have been pushed to deliver more, faster, better, with learning technology. Our platforms have allowed the NHS to rapidly onboard thousands of volunteers and medical staff returning to work to deliver the vaccination program during the pandemic. This was achieved not only by the flexibility of the platform, but also with Totara’s waiver of subscription threshold charges to support NHS efforts in the fight against COVID-19. Throughout the pandemic, Totara was adopted by an additional 44 healthcare customers (in 2020 alone) as organisations sought agility in their learning platforms to rise to the challenges posed by COVID-19. - Tackling economic inequality
-
Tackling economic inequality
The majority of our clients are not-for-profit organisations in the public and tertiary sectors. With extensive experience in Non-profit and Health sectors (25% of England’s NHS staff use our Totara Learn platform), we place a high priority on values-based working, and aim to engender a professional culture which recognises and supports the public-spirited ethos of our range of clients.
The company applies the principles in a number of ways:
• We donate to NHS Charities Together, in order to recognise the extraordinary work of healthcare workers.
• We donate to (and sponsor) NHS employee award ceremonies and presentations, to recognise their contribution to society and their communities.
• We support our employees to volunteer in their local community, as part of their Think Learning salaried time. This enables them to donate paid time to charities/community projects up to 8 hours per year. - Equal opportunity
-
Equal opportunity
Think Learning is committed to building an organisation that makes full use of the talents, skills, experience, and different cultural perspectives available in a diverse community, and where people feel they are respected and valued, and can achieve their potential regardless of age, gender, sexuality, disability, religion, race, colour, nationality, national or ethnic origins. We follow the recommendations of the CRE’s statutory Code of Practice on Racial Equality in Employment in all its employment policies, procedures and practices. The aims of our published Equal Opportunity Policy are to ensure that:
• no one receives less favourable treatment, on grounds of age, gender, sexuality, disability, religion, race, colour, nationality, or ethnic or national origins, or victimised for taking action against discrimination or harassment, or instructed or put under pressure to discriminate against, or harass, someone;
• the organisation is free of unwanted conduct that violates the dignity of workers or creates an intimidating, hostile, degrading, offensive or humiliating environment;
• opportunities for employment, training and promotion are equally open to all candidates; and
• selection for employment, promotion, transfer and training, and access to benefits, facilities and services, will be fair and equitable, and based solely on merit. - Wellbeing
-
Wellbeing
We provide integrated health cover for all staff including an Employee Assistance Programme and a trained Mental Health First Aider. To help relieve pressure on NHS services, we provide health insurance to employees, which includes benefits such as: Fast track GP appointments, Counselling through 'Stronger Minds', and the 'Be Supported' EAP portal.
Pricing
- Price
- £8,308 to £26,153 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- The free trial site enables you to explore Platform functionality and try out features. Contact hello@think-learning.com for access. Site configuration and data is refreshed periodically.