SLA Online

Revolutionising Local Authority traded services for schools, academies, and other customers.

Off-the-shelf, fully hosted and instantly deployable, SLA Online will enable you to expand service provision, reduce administration and increase revenue.

Used by over 80 LAs for trading, training bookings, news, blogs, marketing, document-management, communications, forums, newsletters and more.


  • Trading - Online store tailored for each customer
  • Training - Advertising, booking management and CPD records
  • Resources - Document management with automated paywall restrictions
  • Comms - News, blogs, marketing, newsletters, forums, and messaging
  • Shopping basket, quote management and simplified invoicing
  • Provide and manage statutory services/support alongside trading
  • Contracts, services, products and bundles with discounts and subscriptions
  • Reporting through graphs and customisable dashboards
  • Customisable website(s) and simple content management
  • Secure solution with configurable access groups and roles


  • Offer a one-stop-shop to your schools and academies
  • Unify Trading, Training, Comms and Resources in one platform
  • Easily trade with schools outside of your Local Authority
  • Sell services to other organisations all within one place
  • Manage your content from anywhere on any device
  • Quickly understand and analyse customers and transactions
  • Utilise the system for early years and business trading
  • Tailored user experience for the needs of each user role
  • Actively influence the system's evolution through development ideas and voting
  • Membership to the largest traded services network in the country


£17,500 to £40,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 8 0 0 5 4 0 5 8 0 5 0 3 0 1


Telephone: 03300245601

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Planned hardware/software maintenance will be conducted out of working hours, monthly, or as the need arises.
System requirements
Modern Internet Browser (Chrome, Edge, Firefox, Safari, etc)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our target is to reply to all tickets within 30 minutes, during working hours.

Tickets logged outside of working hours or at weekends will be actioned first thing the next working day.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
As standard for all tickets, and for all our clients, we aim to reply within 30 minutes and resolve any queries within an hour.

This applies to general 'how do I?' type queries and reports of suspected errors/security incidents. Any identified errors are prioritised, and most problems have fixes published immediately, or that evening if any downtime is expected.

At the start of the contract, you will be introduced to the Customer Success Manager who will be with you all the way, and our experienced, in-house Customer Success team. You will always be talking to one of our team, whether through the helpdesk or at live/virtual training courses. We don't use automated responses or outsource our support to third-parties or international agencies.
Support available to third parties

Onboarding and offboarding

Getting started
With over eighty local authorities already using the system we have a thoroughly tried and tested onboarding process. The system can be made available within hours, and we have a customisable 'Launch plan' which includes client actions, our actions and training courses that will be rolled out during the first few weeks.

As part of the initial launch each client will have 30 hours of virtual training support with our Customer Success team. This aligns with the launch plan and will take you through all the necessary functions to prepare your central administrative team and service users for going live to your schools/customers.

This is backed up by numerous videos, attendance at live, weekly 'Community sessions' where you'll be able to talk with existing users, and a comprehensive knowledge base.
Service documentation
Documentation formats
End-of-contract data extraction
At the end of the contact, we can provide a single copy of all client data, in raw form, through Microsoft Excel. Information can be delivered on USB memory sticks or through a secure FTP.
End-of-contract process
Included in the contract price, we will provide a single copy of all client data, in raw form, through Microsoft Excel. Information can be delivered on USB memory sticks or through a secure FTP. Any other consultancy or migration support would be charged at an additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Some of the report options, which are displayed in tabular/grid form, are limited on mobile devices, but all functionality is available regardless of the device or screen size.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Customisation available
Description of customisation
Appointed system administrators are in control of the following customisation options.

- Branding and colour scheme
- All images throughout (inc. 'alt' text)
- Public website layout templates
- Service listing/brochure templates
- Training brochure templates
- Service profile pages layout and styling
- Resource pages layout and styling
- News and Blogs layout and styling
- All email alerts (triggers and content)
- Newsletter branding, content, and layout
- News roundups (automated emails)
- Security options (password complexity, expiry, etc)
- Primary website URL
- Direct URLs to Services, Training, News and Resources
- User roles and access groups
- Homepages can be customised based on customer/role
- Dashboards for reporting with over fifty widgets.

Most customisation is done through the system, but image or PDF templates may require third party tools.


Independence of resources
Active monitoring and alerting are in place on the hosting platform. As required, and as usage grows, the hosting platform allows for almost instantaneous upgrades of the server specifications to accommodate the increased usage. The database/server has dedicated, industry leading, performance monitoring tools and alerts, which our database manager actively monitors, and plans query updates and performance tuning with the development team.


Service usage metrics
Metrics types
SLA Online administrators can view real time dashboards and reports within the system. Google Analytics can also be embedded within the solution for the client to provide further detail and reporting.
The information available would cover: User logins, page views, record updates, purchases/transactions and more. Information is available 24/7 and exportable for further analysis.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
All user passwords are encrypted
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Microsoft Excel and PDF are common options through the system.
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • XLSX
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XLSX
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Working with our hosting partners, the system will be live 99.9% of the time, excluding planned maintenance and updates. Our SLA will be tailored and aligned with the needs of the Local Authority.
Approach to resilience
Continuity and resilience - Due to being hosted in a virtualised software environment, there is no reliance on any one unit of hardware. Applications can be moved and run from any unit if necessary, creating high data availability. Your data is protected and backed up as standard, allowing continuous, secure access and ensuring you don’t experience any downtime.

Security and reliability - Our server hosting partners operate an ISO 9001 & ISO 27001-certified UK Tier 3+ data centre with the following features to ensure your data is held in the most secure environment possible: Full network monitoring, firewalls, Anti-virus protection, Generator backup, IP-CCTV, Fire suppression measures.

Our application is taken care of with 24/7 real-time monitoring, built in operational resilience, nightly backups of servers and comprehensive SLAs. Eliminate the risk of hardware failure or data loss with our automatic failover as standard.
Outage reporting
A dedicated, separate 'Customer Success' website with email alerting for any reported incidents.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
System/support access is via a username and password.

Within the system the user belongs to an Access Group which controls the information they can see and the reports and functions available to them.

The Access Groups are completely controlled by the client and there can be any number of permutations to suit the organisation.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Cloud Hosting is ISO 27001 certified
  • Cloud Hosting is ISO 9001 certified
  • Cloud Hosting is Cyber Essentials certified
  • Cloud Hosting is Cyber Essentials Plus certified

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Our server hosting environment/providers are certified to ISO 27001 and its security governance framework, policies and processes are developed in line with this standard. The server hosting security governance framework is managed by the dedicated Cyber and Information Security team. Our team are trained and aware of our obligations under data protection law as a data processor. Our management and development processes are built around this.
Information security policies and processes
We ensure that our hosting environment/partner is ISO 27001 and ISO 9001 accredited and has appropriate policies and processes in place for information security and governance. Within our organisation the Technical Director, working closely with the Development Manager have responsibility for information security, data protection and governance.

All staff are appropriately trained during induction and on at least an annual basis to ensure policies and procedures are well known. Data protection training is carried out by a separate organisation on an annual basis. Information security is a core part of all development projects and we have built in processes to verify and record compliance.

All policies are available to all staff through our intranet and within their employee handbooks. Any changes are communicated to the teams through regular meetings.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our ISO 27001 accredited server hosts have a specialist team of engineers based on-site at the data centre for 24/7 support and provide a fully managed service up to and including the operating system. Infrastructure, operating system, anti-virus, and back-up tools are managed and tracked through their lifetime with any potential security implications for updates being assessed. In addition to the hardware/software, Frontline Data’s development team manage all system changes through Microsoft’s DevOps platform and assess each update for any security impact. All updates go through a testing process that covers accessibility, security, and user acceptance testing.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We work closely with our server hosts to monitor threats, scan for vulnerabilities, and ensure the server operating system and other tools are maintained and patched regularly. Our server hosts coordinate and communicate patching and update schedules with our in-house team and confirm if/when critical updates need to be applied. This is provided as a core part of the server hosting service.

We are also members of the NCSC's Cyber Security Information Sharing Partnership (CiSP) to stay informed on new, emerging security issues, with any potential threats being assessed for severity by our Technical Director or hosting partners.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our server solution with our hosting partners is protected by a dedicated firewall with the network and operating systems further protected by Anti-virus scanning / monitoring, intrusion prevention and whitelisting. The dedicated, specialist team of engineers based on-site at the data centre for provide 24/7 support and monitoring. Our development team have also built automated alerting and monitoring tools into the solution allowing us to track and be alerted about any potential threats or incidents. Any incidents are immediately investigated and assessed by our development team and any necessary updates are planned with the Development Manager.
Incident management type
Supplier-defined controls
Incident management approach
Incidents may be reported from our server hosts monitoring tools, from in-house alerts or directly from users. Incidents can be logged by users through our dedicated helpdesk system which is picked up by our customer success team and responded to within 30 minutes. Depending on the nature of the incident this may be assessed, responded to, and closed, or escalated to our development team for further investigation, development, and system updates. All client incidents are alerted to the LA's central administrators, with the current status and response times available live through the helpdesk system.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Since inception, as an online tool, SLA Online has been helping Local Authorities, Schools, Settings, and other organisations to reduce their carbon emissions and reduce waste.

The system has successfully:
• Reduced the use of paper and other materials, as many administrative functions are carried out online
• Enabled LAs to promote their own environmental and waste management services and policies
• Through the new eLearning Module, reduced the need for people to travel to venues to access training and support sessions, and other forms of visits and consultancy

As a company, we have also embraced online delivery, which was part in necessity due to Covid 19, but which has now become part of our practice. At times where we do travel to client sites, our policy is always to use public transport.
Covid-19 recovery

Covid-19 recovery

SLA Online has been instrumental in helping Local Authorities, Schools, and other sectors in managing the impacts of Covid 19.

At the start of the pandemic, we quickly developed a new eLearning Module which enabled Local Authorities to continue to provide training and support to schools and settings. As Covid 19 restrictions ease, this has been a catalyst for highly flexible blended learning programmes.

The communication tools within SLA Online were extremely effective in providing up-to-date reliable information and support to schools.

Our CRM Module is helping organisations manage post Covid 19 remote and flexible working arrangements.
Tackling economic inequality

Tackling economic inequality

SLA Online helps Local Authorities, Schools, Settings and other organisations deliver and promote training and skills, closing skills gaps, and leading to recognised qualifications. The volume and breath of course content is wide ranging and covers topics in the education sector and beyond.

Over the last 12 years, SLA Online has revolutionised Local Authority business to business trading. Initially in the education sector, but now beyond, the system has streamlined the process of trading, using modern e-commerce practices. Additional tools also help manage and monitor delivery and outcomes.

Our User Community, which is open to ever customer, works with us to develop the roadmap for our product. Through regular events (now online due to Covid 19) we engage openly and regularly with our customer base to ensure our products are fit for purpose now, and for the future.
Equal opportunity

Equal opportunity

Our system is designed to be accessible to everyone. Our team ensures that accessibility is at the heart of our development, and we actively work with our clients to ensure the content they deliver to their customers is available for all. We welcome and take on-board feedback. Our virtual meetings support automated real-time transcription and our pre-recorded training sessions have closed captions.

We strongly believe that everyone is welcome in our team. Our workforce is diverse across age, gender, and ethnicity, and we actively support the accessibility needs of our people. Across the business we regularly review our employment and pay policies to ensure they are representative and fair. Opportunities and progression within the team are open to everyone and are based on the individual's goals, skills, and contributions to the company.


Frontline Data are committed to their teams, actively supporting health and wellbeing through flexible working built around family life, home working, and comprehensive health insurance for our team and their families.

We understand that our team and our clients may work hours that best fit with their personal life. We support this and encourage meetings to be booked to accommodate everyone's needs.

We believe that we have built the largest Local Authority traded services community in the country. We support and promote collaboration across our entire user base of other 80 LAs and provide weekly, live, networking opportunities through our complimentary 'Community Sessions'.


£17,500 to £40,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.