Webanywhere Ltd

Learning Management System

Provider of cloud-based learning management systems based on Totara.

Features

• Online collaborative learning
• Team management
• Dashboard reporting of employee performance
• Training management
• Management of compliance training
• Employee development progress tracking

Benefits

• Savings on training and travel costs
• On demand learning
• Self-development of employee skills
• Certificates and achievements
• Easier team collaboration

£1,950 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@webanywhere.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

975620197095149

Contact

Sean Gilligan
01133200750
finance@webanywhere.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements:
  • Totara subscription
  • AWS or equivalent hosting
  • Web browsers

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on the severity of the issue, ranges from 1 hour to 2 days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: P0: High urgency issue, unplanned outage; P1: Urgent issue. Requires resolution in 1 day; P2: Medium importance issue or task. Requires resolution in 1.5 days; P3: Low importance. Standard task. Requires resolution in 2 days.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide 2 days' onsite or remote training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Data backup is handed over to customer and servers are decommissioned.
• End-of-contract process: Licenses, hosting, support, excluded implementation costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile app is designed strictly to be a native mobile app, according to Google and Apple user interface guidelines.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We provide a Client Centre portal with self-service features.
• Accessibility standards: None or don’t know
• Description of accessibility: It is accessible through a website.
• Accessibility testing: Not applicable.
• API: No
• Customisation available: Yes
• Description of customisation: They can customise reports, configurable screens and dictionary settings.

Scaling

• Independence of resources: User matrix restrictions apply and user group roles.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics like number of active users, average users, % of completed courses, other software functionality commonly used.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Totara

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: In CSV format
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA - 99.5% of Production environment availability.; Credit Note is not compliant with SLA.
• Approach to resilience: Available on request
• Outage reporting: Email alerts, unplanned outage notifications, direct call information.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Responsibility and access matrix
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CEO --> Operations Director --> Support / Software Delivery Manager --> Team

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SDLC process, Change management by roles and responsibilities.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats asses - internal procedures, firewall antiCyberThreat rules, external audits, non standard behavior recognition; Patches and services - critical ASAP, high after technical analysis 5 days max.; Information - multiple sources
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring tools. Company driven processes to address isues. response critical ASAP, high 5 days after technical analysis
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Predefined processes for events like outage, unplanned maintanance windows, planned maintenance windows; User reports incidents through JIRA; JIRA analytics, self service portal for the Clients.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Online Learning Management Systems help organisations with their carbon footprint by reducing the need for business travel.
• Wellbeing:

  Wellbeing

  Learning Management Systems can be used by organisations to keep employees engaged and motivated by helping them with their training and learning needs.

Pricing

• Price: £1,950 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@webanywhere.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.