Kallidus Limited

Kallidus Off-The-Shelf eLearning Content - Public Sector Edition

Kallidus Off-The-Shelf eLearning Content - Public Sector edition is a suite of e-learning courses courses covering topics including: health & safety, legal compliance, equity/diversity/inclusion, wellness, management training, customer service, presentation skills & leadership.

Kallidus is used and trusted by 22 NHS trusts, 6 police forces and 12 UK government organisations.

Features

• AA accessibility: close captions, speed control, multiple formats, screenreader compatible.
• eLearning designed for mobile or desk-based learning.
• Customise courses to meet your organisational needs; embed policy documents.
• Course editor to add graphics, video, text, and configure branding
• Courses translated immediately into over 100 languages.
• Each course comes with a downloadable eBook and resources
• Pre-course assessment accounts for learners’ prior knowledge.
• Post-course testing and interactivity to maximise learner knowledge retention.
• User certificates once a user passes an assessment.

Benefits

• Engage learners with well-designed, interactive, and enjoyable eLearning courses.
• Make compliance training easy to learn and maximise knowledge retention
• Kallidus eLearning is inclusive, accessible and mobile-friendly for all learners.
• Address all learning preferences with animation, e-books, and micro-learning formats.
• Courses assured by industry bodies including: RoSPA, CPD and IATP.
• Courses are continually updated to reflect the latest legislation.
• Support a diverse workforce with translation into 100 languages.
• Content is easily deployed to Kallidus/3rd party learning management systems.

£1 to £200 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kallidus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

965244302348396

Contact

Philip Pyle
01285 883900
sales@kallidus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Kallidus Off-The-Shelf eLearning Content is a standalone eLearning content solution which can be deployed on any SCORM compliant Learning Management System, including Kallidus Learn - Public Sector Edition (additional licensing costs apply).
• Cloud deployment model: Public cloud
• Service constraints: As part of Kallidus’ continuous delivery approach, there is a scheduled maintenance window every Thursday 6-8am (BST/GMT). During this period, maintenance may include; ; ; • application deployments, ; • system maintenance; • server maintenance. ; ; During these times clients may experience short periods of service unavailability or reduced performance. Under exceptional circumstances, Kallidus reserves the right to change the time and duration of the window, but will notify the customer in advance of any proposed change.
• System requirements:
  • Access to Kallidus content is browser based via HTTPS only.
  • There are no hardware requirements for the client PC

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are typically within 30-60 seconds Monday - Friday, excluding bank holidays and weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Kallidus provides both telephone and onsite support to every customer at no additional cost.; ; Each customer is assigned the following named resource:; ; * UK Customer Account Manager - responsible for ensuring the SLA's are delivered and responding to commercial aspects of the contract.; ; * UK Customer Success Manager - responsible for providing ongoing training & knowledge transfer to help you configure and use the application(s) so that it supports and optimises your business processes.; ; * UK Cloud Support Engineer - responsible for working with you and your company to resolve any application, performance or data integration issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Kallidus Off-The-Shelf eLearning Content is a eLearning content offer only. As such, customers simply load the SCORM manifest file into their chosen learning management system (including Kallidus Learn) from where eLearning content can be provisioned to the employee/user populations.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Kallidus Off-The-Shelf eLearning Content does not store any learner/user completion data. As such when a customer no longer wishes to use Kallidus OTS eLearning Content , they simply remove the SCORM manifest files from their learning management system.
• End-of-contract process: At the end of the Initial Contract Term, the client has the option to renew for a further period. The standard period is another 2 year term with a 1 year term as a minimum.; Your account manager will coordinate with you and provide a quote for the successive term. If you renew the annual licence fee for the year ahead will be invoiced but no other charges apply.; ; If you decide to leave Kallidus at the end of your initial term, the SCORM manifest files must be removed from your LMS.; ; No further charges apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is adaptive so the screen layout for the end user screens will change to offer optimum usability for the size of device in use.; ; The features and functions do not differ.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: With our easy to use course editor you can brand content in your style and easily insert your own content pages.; ; Add your logo and company graphics; Choose brand colours and background images; Add company policies, procedures, checklists or updates; Embed PDFs, presentations and other documents; Add links to videos and web content; Include your own content

Scaling

• Independence of resources: Sufficient capacity and overhead are already built-in to our applications to handle expected loads. Our applications are designed and architected to be automatically scalable which allows for the rapid provision of additional resources such as CPU, memory or disk space. Our environments are load balanced for best performance and high availability for both web applications and data stores. We carry out performance monitoring to ensure user demand does not adversely affect services to other users.

Analytics

• Service usage metrics: Yes
• Metrics types: Kallidus provides the following range of service metrics including:; ; * Service uptime; * Number of support tickets raised; * Time to resolve support tickets ; * SLA support compliance ; * Storage consumption ; * Number of active users on the system per month
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data is logically separated between clients using access control or separate databases. Our datastores are not public facing, and the administrative backend of our hosted networks are only accessible through separate privileged accounts and restricted to our system by either source IP or site-to-site VPN connection. All of our clients data is encrypted at rest (by using encrypted storage).
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: No data is stored on Kallidus servers when using Kallidus Off-The-Shelf eLearning Content. All learner/user completion data is stored on the customer's learning management system, where any completion data will be managed , even after the Kallidus Off-The-Shelf eLearning contract has expired.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Kallidus agrees that the Service will be available for a minimum of 99.5% of the time twenty-four hours per day, seven days a week for the duration of the Contract. ; ; If the agreed service availability falls below 99.5% for the duration of any given calendar month, then the Customer will be entitled to a downtime credit for that month. For each two (2) percent or part thereof (below 99.5%) of non-availability in a calendar month, the Customer will be entitled to a downtime credit equivalent to 10% of the pro-rata monthly fee for the Services, subject to a maximum credit of 100% of the fee for the Services payable for that month.
• Approach to resilience: Our environment and applications are designed and architected to be resilient on a load balanced infrastructure with redundant components and services for high availability and minimal downtime for both web applications and datastores. We carry out uptime and performance monitoring to ensure services are available. The datacentres we use are ISO27001 certified and have all of the mitigating controls required to provide a resilient underlying platform; environmental control, redundant power and network pathways, uninterruptible power supplies and backup generators for long term running.
• Outage reporting: Kallidus clients can access a public dashboard (http://status.kallidus.com) 24hrs per day to see the status of the Kallidus service. ; ; The public dashboard provides a clear visual status indicating performance and availability for each of the applications and a detailed description of any application issues, the resolution time and summary of the solution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Users can authenticate using 2-factor authentication (SAML 2) if they use Single Sign-on (SSO) and have already had 2-factor authentication as part of their internal authentication mechanism. Otherwise, username and password credentials are used via our identity provider.
• Access restrictions in management interfaces and support channels: Our application management interface is restricted to customer administrators using in-application role-based access control. All management interface traffic is encrypted in transit using TLS.; The hosted network backend management is restricted to Kallidus support staff who have unique, privileged accounts which are separate from their day-to-day credentials. Access is only via encrypted RDP and through source IP restrictions or site-to-site VPN. Access to our support site (provided by Zendesk) is restricted to named administrative customer contacts only, who are provided with site credentials and authenticated prior to logging or tracking requests.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 13th April 2023 to 31st October 2025
• What the ISO/IEC 27001 doesn’t cover: The Certification covers all goods and services provided directly by Kallidus. Our hosting provision is outsourced to a 3rd party who are ISO27001 accredited separately.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Kallidus is ISO27001 accredited, last audited and re-certified on 13th April 2023 to 31st October 2025. Full ISMS and BCP are in place and available on request. SGS completes regular external audits. We maintain a comprehensive and appropriate suite of Information Security policies and processes in compliance with our ISO27001 certification. We undergo a regular external audit at which these documents and processes are inspected as being suitable for the business and the standard. Policies are reviewed annually, and our ISMS is supported by senior management. All staff are given induction training on these policies and processes, with refresher training every year. Compliance with policies is assessed by an internal and external audit.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have our own formal change management process. This includes all major changes to systems or applications, and includes a process for emergency changes - all are recorded. Change control is always carried out by at least 2 people, requires management approval, and there are documented rollback steps as part of the assessment and also a consideration of risk including security impact. Changes are tracked through our Zendesk portal for historical lifetime reporting purposes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Risk assessment of threats to information assets follows a risk-based methodology. Risks are documented in a register and treated to reduce score using a range of mitigating controls. Our hosted applications undergo monthly penetration testing using a CREST-accredited security testing provider. Any medium or high vulnerabilities found are added to our development backlog for resolution. We subscribe to vulnerability monitoring services (e.g., US-CERT) which provide alerts and information on potential threats. Our applications are updated every two weeks during maintenance windows. Operating System and other vendor patches are deployed during appropriate maintenance windows, once patches have been tested.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All of our environments have boundary security (firewalls). Our datacentre provider (Microsoft Azure) monitors firewall services and report suspicious activity immediately using a ticketing system. Event logs are regularly reviewed for activity by support staff. Customers can view their own application audit logs to monitor changes to data records.; ; Any suspicious activity is treated as an incident and follows our own incident reporting and management process, which includes a management review step and would include timely customer notification if appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: We have our formal incident reporting and management process, which includes a management review step and would include timely customer notification if appropriate. Users can report incidents via email, via telephone call, or in-person. All incidents are recorded in an incident log, are investigated, remedial or corrective actions are tracked to completion and root cause analysis is carried out. Incident reports are communicated to customers if appropriate, typically through email or by a telephone call.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Our content supports tackling workforce inequality by providing in-work progression to help people across all backgrounds, to move into higher paid work by developing new skills relevant to their role.

  Wellbeing

  Our content supports improved community integration by enabling collaboration between users in sharing knowledge to support strong integrated communities.

Pricing

• Price: £1 to £200 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A suite of Kallidus Off-The-Shelf eLearning Content is available to prospective customers to trial for 7-days.
• Link to free trial: Access to a 7-day free trial is available directly from Kallidus.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kallidus.com. Tell them what format you need. It will help if you say what assistive technology you use.