Skip to main content

Help us improve the Digital Marketplace - send your feedback


Ellucian Quercus

Quercus is a comprehensive SaaS Student Information System, specifically designed for Higher Education providers that delivers a full range of functions to manage the student lifecycle from admissions to graduation.


  • Intuitive registration tools
  • Designed specifically for HE
  • Integrated attendance tracking tool
  • Mobile access for students, faculty and staff
  • Single page access to critical student information
  • Real-time and comprehensive student visibility
  • Modern architecture
  • Ability to be integrated with 3rd party systems
  • Comprehensive regulatory reporting capability including UCAS, OfS and SFE
  • Powerful ad-hoc reporting tool reporting on data across the lifecycle


  • Deliver the academic experiences your students expect and want
  • Improved engagement with students
  • Nimble curriculum management for faculty and administrators
  • Workflow helps to automate and streamline operations
  • Better collaboration between academics and administration teams
  • Supports data driven decision making processes
  • Integrated accounts receivable for accurate and timely student finance management
  • Improve accuracy and quality when interacting with UK statutory bodies
  • Standardise and streamline student support services with Case Management
  • Provide a holistic view of the full student journey


£58,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 9 6 1 1 6 2 0 5 9 4 4 6 2 6


Ellucian Matt Searles, Vice President
Telephone: +447890 627355

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Quercus software licences
  • Latest browers installed

User support

Email or online ticketing support
Email or online ticketing
Support response times
• P 1 - Critical - 1 hour or less -
A ‘production down’ situation where you are experiencing a full system or software failure preventing you from performing critical processing.
• P2 - High - 4 hours or less -
Situations where you experience a partial failure preventing you from performing critical processing
• P3 - Medium - 1 business day or less -
An intermittent failure or a problem that causes a considerable delay in non-critical processing
• P4 - Low - 3 business days or less -
General questions, or problems that do not appreciably affect processing
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our customer support website, available 24/7, is where customers can access a variety of information, including product news, case updates, bug reports, and enhancement requests. Customers can also take advantage of our Knowledge Base, a searchable database of resolved support cases. Ellucian can provide answers to the many routine daily questions users have via the Ellucian Action Line. The Action Line is a telephone support system for users, allowing them to speak with an Ellucian consultant on functional or technical issues. Users may also report apparent product defects using the Action Line. Action Line uses an automated answering system to receive and record initial Action Line calls. The answering system allows Action Line staff to be prepared before returning calls. Action Line staff can classify, prioritise, record basic details, conduct research, and assign the most appropriate consultant for resolution of your question. There is no additional cost to provide this service.
We provide both working day support and 24x7 support options.
Hosted customers have a named Cloud Assurance manager.
All customers have a named Customer Success Manager.
Support available to third parties

Onboarding and offboarding

Getting started
During the Project Initiation phase the project team members – from both Ellucian and your institution - meet to review customer high level goals, objectives and KPI’s for the project. The team aligns expectations and agrees an initial project plan.

As part of this phase, you can expect to help create the Resource Schedules and Initial Project Plan, as well as review the Project Scope Statement and the Project Charter.

The Project Charter summarises the scope of work to be executed, tactical and strategic business objectives, project stakeholders, and includes:

•Mission and goals
•Implementation approach
•Communication plan
•High-level schedule
•Escalation and decision procedures

Ellucian Professional Services guides and supports your project team both through the use of pre-defined delivery material and more bespoke enablement depending on requirements. We can provide training which is directed toward a specific audience and designed to meet specific purposes. Training will be structured to enable your Teams to gain specific insight into the capabilities of each solution.

Formal training is delivered either
1.Directly on campus in a classroom setting
2.Remotely by a consultant using screen sharing software and VOIP
3. On Demand product training from a suite of self-service packages.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We will provide you a copy of your data in our possession upon contract termination or expiration if you provide us a timely request. We will provide you a copy of all your data then in our possession, in a commercially reasonable format, at no additional charge. This will be done in accordance with the terms of the underlying agreement.

We will securely delete such data in accordance with our then-current data security, retention, and disposal policies.
End-of-contract process
If at any time you decide to make a commercial decision to cease your use of Ellucian Cloud Software, you will be entitled to a copy of your Client Data at no additional charge – see Section 14.3 of the Ellucian Supplier Terms and Conditions.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The entire interface is accessed through a Web browser.

Ellucian develops new modules with a ‘mobile first' strategy. This means that the responsive design is applied to automatically adapt the page layout to the size of the screen of the rendering device. The page layout is natively built and tested for small screens and can scale up on larger screens.

Functions are ‘point and click’ with use of graphics, promoting a visually appealing interface.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
What users can and can't do using the API
Quercus Live Link (XML) API is a RESTful API that allows developers to pull data from a Quercus database into dynamic websites and information portals using standard REST integration techniques.
Live Link provides:
• A consistent interface to all existing and future services
• A standard model for returned data
• Facility to query services for an individual student
• Fast performance.

Quercus can also exchange data using Quercus Message Link. Quercus Message Link allows the retrieval and posting of event driven XML messages from Quercus using standard REST techniques, including:
• SOA-based, event-driven online integration platform for enterprise corporate systems (e.g. HR, Finance, CRM, VLE, etc).
• RESTful API for transactions/events.
• Message queues, bi-directional, receipting, error handling
• Students, Programmes/Courses, marks and standards, enrolment, and sponsorship and curriculum.
Quercus Message Link provides the ability to send, receive and delete messages in Quercus message queues. An optional two-stage acknowledgement process ensures messages that are received by the user are not deleted until a receipt acknowledgement is returned to Quercus. Quercus includes a Message Link Monitor to monitor inbound and outbound messages. It also allows users to configure the Message Link system.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
Environments hosted by Amazon Web Services (AWS) are segregated to prevent customers from accessing resources not assigned to them.

Services which provide virtualised operational environments to customers ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

Ellucian continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. Ellucian maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.


Service usage metrics
Metrics types
We can provide cloud application availability and uptime reports upon request
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
AWS adheres to independently validated privacy, data protection, security protections and control processes.

AWS is responsible for the security of the cloud; Ellucian is responsible for security in the cloud. AWS enables Ellucian to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).

AWS offers key management options and dedicated hardware-based cryptographic key storage.

Data, including backups, is encrypted at rest using a combination of Amazon Web Services (AWS) Elastic Bock Store (EBS) and Simple Storage Service (S3) storage with AES-256 encryption.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Most screens have an option to create a .CSV file, and the embedded reporting capability has a file export capability.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Ellucian gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.
Ellucian enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wishes to use.
API calls can be encrypted with TLS/SSL to maintain confidentiality.

Availability and resilience

Guaranteed availability
Please see SLA in the attached Ellucian Supplier Terms and Conditions document.
Approach to resilience
AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: The Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximsing the effectiveness of the recovery and reconstitution efforts and minimising system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Ellucian is responsible for implementing contingency planning, training and testing for our systems hosted on AWS. AWS provides Ellucian with the capability to implement a robust continuity plan, including the utilisation of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting
Notification of outages is provided in the form of e-mail alerts from Ellucian and a public dashboard.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
AWS IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.

API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM).
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • ISO 27001:2013
  • SOC 1 and SOC 2 Type II Audit and Report
  • Educause HECVAT Audit and Report

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cloud security at AWS is the highest priority.

Ellucian benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.

In addition to this, Ellucian maintains an Information Security Policy (ISP) and related standards that are based on the ISO 27001 framework and are defined, approved by management, published, and communicated to employees and relevant external parties.

Our Information Security Programme, and policy, ensures we continually improve Information Security controls, policies and practices and comply with applicable law, regulatory and industry requirements, and contractual obligations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to review and authorisation.

Teams set bespoke change management standards per service, underpinned by standard AWS guidelines.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), and final approval by the authorised party.

Emergency changes follow AWS incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
AWS performs vulnerability scans on the operating system, web applications, and databases in their environment.

Approved 3rd party vendors conduct external assessments. Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

Ellucian maintains a Threat and Incident Management Programme to respond to security incidents. We deploy network threat monitoring tools, rapid response technology, antivirus/antimalware and endpoint protection tools, network Security Groups, DDoS protection, and a Security Information and Event Management (SIEM) solution.

Patches are applied based on severity and their required planning and resolution timeframes in accordance with the Ellucian Vulnerability Management Standard.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage.

Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds.

In addition to this, Ellucian maintains a Threat and Incident Management Programme to respond to security incidents within the cloud environment. It captures, indexes and correlates real-time data to identify potential threats and security events in the Ellucian environments.

In the unlikely event of a security breach, Ellucian’s Information Security Response Team assumes ownership of the security incident response. A team is assembled on a per-incident basis.
Incident management type
Supplier-defined controls
Incident management approach
AWS adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase.

AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes.

Ellucian employs an Information Technology Service Management (‘ITSM’) tool which provides service incident management, according to ITIL framework best practices.

Users can report incidents to the Action Line support service. The Action Line support desk is available 24/7 to respond to reported issues.

The Ellucian Customer Centre provides a direct line to instant response and feedback pertaining to service requests.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Ellucian is committed to improve our impact on the environment and increasing the efficiency of our services and operations. We acknowledge the impact our facilities, travel, data centres and suppliers have on the environment and are taking actionable steps to reduce any negative effects.

Toward this end, we have and will continue to establish initiatives aimed at reducing carbon emissions and waste throughout our operations.
Covid-19 recovery

Covid-19 recovery

During the COVID-19 pandemic, our commitment to employee health and safety was vital and we navigated important decisions about our workplace, such as office access and safety protocols. Measures to protect employees from COVID-19 infection in the workplace included but were not limited to closing offices worldwide in March 2020 and encouraging all employees to work from home.
As we move into recovery, we are opening offices with a small number of employee volunteers. COVID-19 vaccinations are required of all employees and contractors working in our offices.
Equal opportunity

Equal opportunity

The Ellucian Environmental Social and Governance (ESG) Policy formalises our commitment to offering a safe, ethical, and inclusive workplace, supporting success for all students, making a positive impact in our communities, and reducing our environmental impact – all which have been a long part of Ellucian’s culture.

We are committed to offering an ethical and inclusive workplace where everyone can thrive. We embrace our employees’ differences in age, disability, race, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique.

We provide educational sessions and training that explore biases, their impact in the workplace and how we can influence behaviours to drive greater inclusivity. Our initiatives encourage and reinforce:

• Respectful communication and cooperation between all employees
• Teamwork and employee participation, permitting the representation of all groups and employee perspectives
• Work/life balance through flexible work schedules to accommodate employees’ varying needs
• Employer and employee contributions to the communities we serve to promote a greater understanding and respect for diversity.


Ellucian is committed to offering a safe and healthy workplace that supports the well-being of our diverse workforce. Our commitment is demonstrated through workplace policies designed with employee health and safety at the centre and a comprehensive benefits portfolio for employees, their children and spouses or domestic partners.
Our commitment to employee well-being also guides the benefits portfolio we offer to employees and their families. Ellucian offers a rich set of benefits supporting diverse employee needs including but not limited to parental leave at the birth or adoption of a child, access to on-demand mental health services, reimbursement for activities like gym memberships, and remote working support. These benefits are in addition to comprehensive medical, dental and vision benefits for employees, dependents, spouses, and domestic partners.


£58,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.