City and Guilds Kineo Limited

Kineo Totara TXP - Totara Learn and Engage

Kineo Totara TXP is our all-in-one learning management system (LMS) and talent experience platform (TXP) that uses technologies built to work together to close the skills gap and open our clients' learning ecosystem. We provide a fully managed service to take each client’s learning strategy to new heights.

Features

• Personalised user journeys and intuitive progress dashboards
• Highly configurable design and theming to your brand guidelines
• Integration with HR systems and automated learning assignments
• Single Sign On
• Powerful and flexible reporting engine
• Mandatory and recurring compliance training programs and certifications
• Seamless face-to-face and virtual event management
• Integrated Authoring Tool cs
• SCORM, AICC and xAPI compliance
• Native mobile app with offline capability

Benefits

• Includes ongoing upgrades to the latest version of Totara
• Streamlined, rapid implementation at no additional cost
• Tailored training and ongoing access to self-paced training
• Regular service reviews with your allocated Customer Success Manager
• Custom plugins can be developed based on your requirements
• Kineo-developed features and enhancements continually added
• Unlimited support with robust SLAs and JIRA ticketing system
• Secure, cloud-based hosting, via Microsoft Azure
• Fully scalable and supports multi-tenancy
• Business Intelligence analytics provided as standard at no additional cost

£37,500 to £238,600 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kineo.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

931792194841856

Contact

City & Guilds Kineo sales team
+441273764070
info@kineo.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Kineo does not typically offer end user support and the expectation is that Kineo support our clients who in turn support their users.; ; Our support desk operates to standard UK business hours (9am - 5:30pm Monday to Friday excluding UK bank holidays). Kineo currently provides out-of-business-hours support for server outages only. Should an outage occur, our server suppliers will work to resolve the issue immediately, without the need for client intervention.
• System requirements:
  • Internet access from mobile, tablet or desktop / laptop
  • A good internet connection is recommended
  • JavaScript and cookies enabled
  • Standard up-to-date browser such as Chrome, Firefox, Edge or Safari
  • Modern up-to-date smartphone or tablet (iOS or Android)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Whenever you raise a ticket in the Support Portal, a member of the Client Success Team will assess the requirement and check the priority level. Priority levels are used to triage and to manage the response time on a per issue basis.; ; Priority 1 (Critical): Service-stopping issues; Solution proposed: Within 1 working hour;; ; Priority 2 (Major): Time-dependent issues; Solution proposed: Within 5 working hours;; ; Priority 3 (Other): Content amends and routine administrator duties; Solution proposed: Within 1 working day.; ; Our support desk operates to standard UK business hours (9am - 5:30pm Monday to Friday excluding UK bank holidays).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Kineo Totara TXP service comes with unlimited support included as standard within our annual costs; our friendly and knowledgeable Client Success team are here to provide you with expert help and advice, backed up by comprehensive SLAs. ; ; Each client has access to their own allocated UK-based Customer Success Manager (CSM). Your CSM will check in regularly via scheduled performance and service reviews to proactively support the deployment of your Kineo Totara TXP platform, ensuring the maximum return on investment.; ; We provide 2nd line support to your nominated administrators who will have 24/7/365 access to Kineo’s online services portal, to raise requests, ask questions and engage with our team of dedicated services personnel. ; Our online self-service dashboard makes reporting very straightforward and it’s easy to track request assistance and track tickets as they are worked on. ; ; Kineo’s UK support desk hours are currently Monday to Friday UK business hours (09:00-17:30 UK time exc. UK Bank Holidays).
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is a fundamental part of the successful delivery of our Kineo Totara TXP service. Our focus is on ensuring that our clients have the necessary knowledge to actively participate in the implementation and configuration of their platform, utilising Kineo’s experience to act as an expert partner to guide them through the process. ; ; The training is delivered in two formats:; • Training consultation with your Implementation Consultant; • Online training resources and workbooks; ; Learning outcomes will vary from client to client, however the overall training objective is always the same – to empower our clients to have the necessary knowledge to truly understand how to make best use of their platform to achieve their business goals. By doing this, we ensure that the maximum return on investment is provided to all of our clients.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of the contractual term Kineo will provide a PostgreSQL database export and a copy of the uploaded files.; ; Additionally clients will have full access to the Kineo Totara TXP Report Builder which they can use to extract data in various formats including CSV.
• End-of-contract process: If the client does not wish to renew their contract, they are free to move to another Totara provider or alternate solution. Included within the price of the contract we will help to export user / database data for the client, to help with this move - for example by providing the PostgreSQL database exports and uploaded files. Running of individual reports from the Report Builder functionality would be the responsibility of client, however if additional help was required this could be provided as a paid service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Kineo Totara TXP is device responsive so will work when accessed from a mobile or desktop device for standard end users. For smartphones and tablets we recommend using the native iOS and Android Totara app. NB For admin tasks (i.e. logging in as an administrator to configure Totara) we strongly recommend using a desktop or laptop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We provide a JIRA-based online Client Services Portal - a web-based ‘ticketing system’ for tracking issues and queries and reporting against the KPIs and SLAs. It can be accessed by Kineo Customer Success staff as well as your Named Site Administrator/s.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A - Interface testing completed by Supplier
• API: Yes
• What users can and can't do using the API: Web services allows for integrations with external systems such as triggering actions in third party systems or triggering actions in Totara such as create users, update users, enrol users and get course completion status. Where an existing API does not match a desired use case, Kineo can develop custom APIs at additional cost.; ; Authentication is token-based. You can generate a unique token for any users in the system - this is the only way to generate tokens for admin users. ; ; Totara has moved to using GraphQL for Web Services but does have some legacy support for AMF, REST, SOAP, and XML-RPC.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Kineo Totara TXP is highly configurable. Using a combination of the audience and dashboard functionality, tailored user experiences can be created for different users at different points in their user journey, for example a new starter might be shown a completely different set of options on their dashboard compared to a normal user. Kineo have added a highly configurable theme tool that enables a granular level of control over the look and feel of the platform including images, colours, fonts, font sizes and a range of other configurable options. We provide full training so that clients can make further layout and design amends.; ; Users themselves can control their own dashboard, typically through adding, removing or docking the rich array of Totara blocks. The full range of dashboard editing options can be provided to users, however typically an administrator would define these for end users.; ; Kineo can also develop client-specific plugins (which we call bolt-ons) to the core product, which would incur a development and ongoing maintenance fee to ensure they stay fully functional as we upgrade you to the latest version of Totara.

Scaling

• Independence of resources: We partner with Azure, a market leader in cloud hosting and work on high-capacity, scalable servers. Our Totara Kineo TXP service comes with a burst concurrency of 2 times our standard concurrency rate for times of high demand. We monitor site usage and can work with any client that has a requirement for higher usage rates.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are embedded throughout our Kineo Totara TXP service. Your Customer Success Manager will provide regular reports that include overall service metrics such as site usage, load latency and concurrent usage stats.; ; At an application level, Totara Kineo Edition features full site logging for audit purposes as well as a suite of embedded reports and a powerful, flexible report builder. The report builder includes a variety of sources that cover user details, learning completion, resource engagement and much more. Reports can be configured to display as graphical reports and can then be embedded into reporting dashboards.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Kineo Totara TXP allows for users to extract their own data, in line with GDPR regulations.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Service shall be available, excluding any scheduled downtime and non-qualifying service breaks, for 99.5% of time during Working Hours in the Territory, calculated by Kineo on a calendar month basis as stated in the Statement of Work (SOW) / Managed Service Agreement (MSA).; ; If a dispute arises under or in connection with the Agreement or the performance, validity or enforceability of it (Dispute), then the Parties shall follow the procedure set out in the MSA.; ; Either Party may give to the other Party written notice of the Dispute, setting out its nature and full particulars (Dispute Notice), together with relevant supporting documents. On service of the Dispute Notice, the Executive Director (or equivalent) of each Party shall attempt in good faith to resolve the Dispute.
• Approach to resilience: Kineo operate a 99.5% SLA utilising Azure's resilient hardware. Our data centres are in the UK - UK South or UK West. Production and back up servers are based in opposite data centres. Kineo use the Azure platform and its geographical services to provide a Recovery Time Objective (the maximum time before the platform will be operational post a failure) and Recovery Point Objective (the point in time that the platform can be recovered to) of 24 hours to our clients.; ; Highlights of our hosting service include:; • Web Application Firewall as standard; • Resource and vulnerability monitoring with 24/7 automated alerts; • HTTPS SSL (Secure Sockets Layer) encryption as standard; • Geo-redundant daily incremental backups (held for 30 calendar days as standard) ; • Performant, secure UK data centres with Microsoft Azure; • Monthly vulnerability scanning ; • Annual penetration testing of the core service; • Encryption at rest
• Outage reporting: The Client Success team has an internal dashboard and receives email alerts, which automatically create support tickets; these tickets are also reported immediately to the Client Success Managers so that customers can be informed and kept up to date with progress. Major System Outages are also announced through the hosting company's publish status pages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: LDAP
• Access restrictions in management interfaces and support channels: Credentials for customer and infrastructure systems (eg. support and backups services) are stored and controlled using a third-party password management service. These credentials will only allow access to a system when accompanied by the correct alphanumeric token generated by a hardware security device (“multi-factor authentication”). By default, support staff are only granted non-privileged-level access to any system and if a member of the support team needs privileged access to a system, they must request this through the established procedure. Additional procedures cover the granting and revocation of all accesses based on circumstances such as: new employees and employees leaving.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 09/08/2023
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers all Platforms operations
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • ISO 14001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff in Kineo operate under the Electronic Information Security Policy (EISP), which is based upon the International Standard ISEC/ISO 27001 the Code of Practice for Information Security Management and ISEC/ISO 27002 the Code of Practice for Information Security Controls. These standards have been adapted by Kineo to reflect the business operations performed. The policy provides an overarching framework (and a commitment) to apply information security controls throughout Kineo, through a variety of controls and measures.; ; This policy applies to all Users and includes:; - all staff employed by, or working for, or on behalf of Kineo; - third party contractors and consultants working for, or on behalf of Kineo; - all other individuals and groups who have been granted access to Kineo’s internal network or hosting network; ; The Kineo Senior Leadership Team (SLT) is responsible for compliance of the policies and procedures in support of the Electronic Information Security Policy and will report non-conformance to the Data Protection Officer of the ultimate holding company (City and Guilds).; ; The manager/leader in each team is responsible for ensuring that adherence to this policy is observed within their respective department and for overseeing compliance by Users under their direction, control or supervision.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to live Kineo Business Systems follow a change management process to ensure that activities are undertaken in accordance with stringent change control processes. All development work undertaken by Kineo will be subject to test prior to implementation in production and live systems. Code changes are tracked via version control (Gitlab) and peer reviewed by case-managed ticket before being tested in a non-live environment. The development and review process follows OWASP guidelines and live deployments are subjected to regular internal penetration testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform monthly vulnerability and web application scanning. Regular bulletins from third party sources are collated and reviewed weekly for issues that need a response). Response actions are divided into Hotfix requirements ('immediate action') and general mitigations which are ticketed for deployment (after internal testing) during future, scheduled patch cycle. Information is received from OS and application vendors/suppliers, Qualys, https://nvd.nist.gov, Hacker News and various security mailing lists.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: There are several layers of proactive and responsive monitoring. Sites are monitored through external services - for example, Pingdom - to detect anomalies in performance and presence. Threat assessment and log collation and automation can be incorporated at a level to meet customer requirements - these are typically tailored according to individual needs to balance cost Vs performance and can comprise front-end UTM appliances, installed applications (such as tripwire, snort, OSSEC and other HIDS tools. Incident response is confirmed by contract and will be a balance of immediate automated and timed manual response.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Management is governed by internal process and Kineo's Electronic Information Security Policy. All events are treated as unique in order to not make any assumptions. Where an electronic security incident is believed to have happened, then the relevant operational manager should report the matter to the Data Protection Officer and the management process is followed accordingly. Users may report incidents in person, via telephone or email. Incident reports are provided via PDF, sent through an encrypted method as requested.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Kineo is deeply committed to sustainability, aligning with the values of our parent company, City & Guilds (C&G). Since 2009, we've been dedicated to integrating sustainable practices into every aspect of our operations, from the materials chosen for offices to the ecological processes integrated throughout our business. This commitment ensures we maintain an eco-conscious approach to business and interactions within our community.; ; C&G has embarked on a significant journey towards achieving our 'Net Zero by 2040' target. Our carbon reduction plan, accessible via our website, introduces innovative initiatives and establishes targets to enhance sustainability and mitigate our impact on climate change. Our Environmental, Social, and Governance (ESG) strategy prioritises comprehensive, attainable targets, supported by world-class reporting standards such as GRI, Net Zero Action Plan and TCFD, to foster low-carbon skills and accreditations. Our strategic 18-month roadmap revolves around core principles of Planet, People, and Products.; ; In pursuit of excellence, we regularly scrutinise our business practices to identify opportunities for enhancing energy efficiency, reducing packaging, and minimising water usage/waste generation. Extensive measures have been taken to curb single-use plastics, promote recycling and optimise energy consumption through LED lighting and low-energy TVs/Smart Boards. Moreover, we are reducing our carbon footprint by transitioning our vehicles to electric / hybrid models as leases expire and new employees join.; ; Recognising the importance of sustainable supply chains, we ensure subcontractors and suppliers adhere to environmental policies consistent with our own. Every supplier must endorse our Supplier Code of Conduct, rooted in the principles of the UN Global Compact, which underscores our commitment to ethical business practices. Furthermore, our rigorous evaluation process for potential suppliers includes assessing their social value proposition and adherence to anti-bribery policies, as outlined in our Handbook for Sustainable Procurement, published last year.

  Covid-19 recovery

  Whilst Covid presented us with multiple challenges we were able to adapt. Key achievements included:; ; • Our rapid response. We quickly mobilised to ensure our customers had the support they needed to tackle training under remote working, restricted budgets and the need to adapt quickly as businesses. This included a free Covid safety course, free resources to support virtual delivery, rapidly deployed Totara LMS and content, and priority services to key industries. All this whilst tackling our internal challenges of home working, furlough and the need to mobilise quickly as a business. ; ; • Continued delivery BAU throughout COVID. We:; o Delivered content and platforms to 1,000 businesses globally; o Won major industry awards, including Best Learning Technology Project with Barclays in both the UK Learning Technologies Awards and Learning & Performance Institute Awards; o Were listed on 3 top 20 provider lists (customer learning, authoring tools and compliance); o Competitively won and successfully delivered one of our largest bespoke content projects ever ; ; • Maintained high levels of customer satisfaction – as one significant customer put it, “We can honestly say we've dealt with a lot of people and companies but this has been a whole new experience for us. It's been brilliant ... on all fronts".; ; • Wellbeing support for staff – during COVID, senior leadership placed an emphasis on staff wellbeing. We signposted staff to our wellbeing services, and ensured we had online social events in place of face to face. We continue supporting individuals' mental health resilience through educational content and resources.; ; • Hybrid working: Our offices now operate in a hybrid manner, with staff able to choose to work from home or in the office, providing flexibility to employees whilst continuing to provide our clients with a high-quality service.

  Tackling economic inequality

  Kineo is part of a registered charity - C&G - an organisation committed to making a positive impact on people, society and the environment. We are responsible, ethical and accountable in all areas of our work and in every country we operate. As a charity we do not make profit for shareholders, rather we deploy any surpluses we make to help our partners achieve their social responsibility goals, helping disadvantaged and hard-to-reach individuals gain the skills they need for successful employment, so supporting more skilled and productive societies. We believe in a world where everyone has the skills and opportunities to succeed. ; ; Here are just some of the areas where tackle economic inequality: ; ; • We’ve invested £1.25m to fund 14 social projects that remove barriers and help under-served individuals to develop skills for employment ; ; • We work with 120 prisons, supporting 50,000 learners each year. We launched The Future Skills Commission for Prisons with a £1m fund to reduce reoffending by upskilling prisoners and helping them into employment on release; ; • Our bursary programme funds individuals in financial need to develop skills for jobs; ; • We promote excellence in workplace skills development through our annual Princess Royal Training Awards (PRTAs) which recognise outstanding training that is efficient and inclusive, with a tangible impact on people; ; • We deliver employability workshops to at-risk young people to help them overcome barriers to skills for jobs, such as those in Pupil Referral Units, leaving care and young offenders ; ; We produce yearly Gender Pay Gap Reports and an Ethnicity Pay Gap Reports and have implemented several initiatives aimed at narrowing the gap. We have focused on improving transparency by conducting equal pay audits, and implemented initiatives to facilitate women's leadership and career advancement.

  Equal opportunity

  We continue to work towards a culture that enables colleagues and those we work with to be themselves. Our inclusion and diversity policy ensures fair treatment of all staff, regardless of gender, race, ethnicity, age, or disability. Our clients, customers, partners and suppliers are made aware of this policy and expected to operate within it. We are also a Disability confident employer and part of the Prince’s Responsible Business Network, aiming to transform lives and help the planet and communities thrive.; ; We are committed to improving inclusion and diversity in how we work and how we deliver our purpose - helping people and organisations develop skills for growth. Our commitment to inequality goes directly to our trustee board, demonstrated by our Diversity and Inclusion Initiatives. We are actively implementing and reviewing working practices that enable a diverse and inclusive environment that is truly representative and supportive of our colleagues, customers and communities:; ; • A dedicated Diversity, Equity & Inclusion (DEI) Team; ; • Dedicated DEI company Hub with relevant resources; ; • Dedicated mandatory diversity training for employees; ; • Community support groups for members across all protected characteristics that provide an inclusive environment where our diverse workforce can thrive. ; ; • Neurodiversity Index to review how to support neurodiverse individuals at work; ; • Race in the Workplace Questionnaire, aiming to create a more inclusive workplace; ; • Aligning with the Global reporting Initiative to produce a report to demonstrate our economic, environmental and social performance.

  Wellbeing

  All colleagues have access to The Guild, a user-friendly, informative and regularly updated intranet site where they can find ways we support wellbeing; through diversity, equity and inclusion, smart working, engagement surveys, employee groups and apps/specialist support. This includes regular news items, events, webinars/seminars, internal and external documentation and contact details for any individual in need of immediate support.; ; Internal Mental Health First Aiders have access to support toolkits. All line managers are i-Act Mental Health Awareness trained. We encourage staff to join colleague-led C&G Community Support Groups, safe spaces to share and discuss things they experience, notice or want to change. All staff have access to an employee assistance programme and the Unmind app. ; ; We also recognise the importance of giving a voice to/empowering employees so they are listened to and feel that their contribution is recognised and valued. We manage this in two ways:; ; • Employee surveys – Our annual employee engagement survey (EES) reviews staff’s feelings towards working at Kineo. This feedback is then reviewed at a board level and actions put in place at both an organisational and team level. These are reviewed and followed up periodically.; ; • Local Feedback Groups (LFG). The LFG aims to give employees the opportunity to have their views heard. Representatives are elected for each business area, allowing representatives the opportunity to work at both a local level as part of their Local Feedback Group and also at a Group level within the Group Employee Forum. This allows better collaboration between all C&G business areas. The role of the LFG is to be a trusted group in the organisation which breaks down barriers and gives people a voice, it fosters regular open dialogue.

Pricing

• Price: £37,500 to £238,600 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer a 'sandbox' demo site providing access to a Kineo Totara TXP site instance for evaluation purposes. Access isn't specifically time-limited but please note we don't take backups of our demo sites, so it should only be used for trialling the product.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kineo.com. Tell them what format you need. It will help if you say what assistive technology you use.