Blue Stream Academy Ltd

Blue Stream Academy

Blue Stream Academy is a leading supplier of educational and organisational workforce solutions.

We have a comprehensive library of training, built in to our Management of Information System. Alongside this, we offer HR services, a CQC Health Check system, discussion forum, diary management, policy library, and revalidation.

Features

• Access to over 120 CPD certified eLearning modules
• Real-time reporting through a Management of Information System
• Easily organise rotas/staff absences through a fully-integrated HR system
• Integrated CQC Health Check System
• Access to a generic policy library of over 600 documents
• Paperless Care Certificate solution with all 15 standards
• Straight forward DBS checking through Blue Check
• Stay connected with the Blue Connect video-conferencing system
• Network with other professionals through the Blue Voice discussion forum

Benefits

• Access to training suited to a range of professions
• Quickly manage and monitor staff compliance
• Gateway to all features through a single sign-on
• Complimentary system training sessions
• Data secured ISO27001 accredited organisation
• Effective time management and cost effective system
• Be prepared in advance for your CQC inspection
• Specialist in-house customer support team
• Transferrable training records across organisations
• A paperless solution to add and store external training records

£10.00 to £35.00 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natalie@bluestreamacademy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

986438738518605

Contact

Natalie Poyner
01773 822549
natalie@bluestreamacademy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Weekly maintenance windows every Sunday between 2200 and 0000. Internet connection required
• System requirements:
  • Internet Connection
  • Modern Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours or on the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A - provided by 3rd party software service
• Onsite support: No
• Support levels: Onboarding training is offered free of charge to all customers.; Phone, email and live chat support is offered to all users free of charge.; Issues can be escalated to 2nd line / technical support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For new customers, Blue Stream Academy would begin by sending across a staff list document for them to fill out with their staff members details such as full name, email address and job role and then ask that they return this to their dedicated Account Manager. The team will then create accounts for all staff members ready for activation. We may also bulk upload any previously completed training so that an organisation may keep this all within the Management of Information System. A document containing login details will then be sent to the organisations manager upon the activation of an account. Following this, Blue Stream Academy's dedicated training team will contact organisation managers to offer complimentary system training and support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: After an organisation ceases to be a Blue Stream Academy Ltd. customer, their data and that of their users is retained for a period of six years; unless a direct and authorised request for deletion has been made.; ; We provide the customer with the ability to download their data within 28 days of termination.
• End-of-contract process: One month prior to the end of a contract, Blue Stream Academy's Renewals Manager will contact the lead of an organisation to see if they would like to renew. Should they wish to terminate their contract, their Account Manager will notify them that they have 28 days to download any documentation they would like to keep from their Management System. Should they wish to gain copies of reports following this, they may do so in writing to their Account Manager.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are available on both platforms
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: System administrators can; customise support contacts, add their organisation logo, configure module settings and create custom courses.

Scaling

• Independence of resources: Our system is designed from the ground up to be scalable, heavy use by customer A has minimal impact on performance for customer B. Our system supports many thousands of concurrent user connections. We also have robust monitoring in place to ensure sufficient resources are in place and allow us to plan for service expansion.

Analytics

• Service usage metrics: Yes
• Metrics types: System administrators and managers can perform the following:; ; Measure training compliance, view policy compliance, user access reports, view active/inactive accounts, view audit reports which capture which users have changed which information and when, email reminders and prompts.; ; Insight / group user accounts can view this information over a wider region.; ; Other reports such as user engagement, number of completions completed over a time period etc can be provided on request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users or managers may download their certificates at any time via our Management of Information System alongside their completed training report. Managers may also download any reports/data from our Management section which are downloadable straight to excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Blue Stream Academy offers end-to-end uptime availability of 99.9% for our services during core business hours (identified as 0900 Monday to 1730 Friday). ; ; The following are excluded from this guarantee: ; ; • DNS issues, inconsistencies and failures of the Internet outside of Blue Stream Academy’s control.; • Failure of 3rd party services.; • Maintenance events as defined below.; • Customer requested or instructed actions, whether performed by Blue Stream Academy, or a third party, that impacts the availability of Services.
• Approach to resilience: This information is available on request.
• Outage reporting: Via the service status page on the website, within the systems notification and alerts section, social media and via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Our system has multiple levels of access which ensures users only have appropriate access to data. System administrators can configure other users to match their organisation's hierarchy.; ; Our system uses support codes to ensure users are identified and only provided support relative to their role and organisation. We do not restrict access to support based on role - all users can access live chat, email or phone support.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 09/07/2019
• What the ISO/IEC 27001 doesn’t cover: A.14.2.7 Outsourced development.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: BarclayCard
• PCI DSS accreditation date: 06/05/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Acceptable Use Policy; Access Control Policy; Anti-Phishing Policy; Backup and Recovery Policy; Clear Desk Policy; Confidentiality Policy; Data Incident Reporting Policy; Data Retention Policy; GDPR Statement; Information Classification and Handling Policy; Information Security for Supplier Relationships Policy; Information Security Policy; Information Security Training Policy; IT Communication and Monitoring Policy; IT Security Policy; Key Holder Policy; Mobile Device and Teleworking Policy; Privacy Policy; Removable Media Policy; Secure Development Policy; Version Control Policy; Workplace Visitor Policy; ; Regular internal and external audits adhering to the ISO 27001 standard ensure that these policies are followed. Non-conformities are addressed by our Chief Information Security Officer.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our internal development system tracks changes to software and systems. Change Management Process:; ; Change Identified > Change Request Submitted > Change Assessed and Evaluated > Change Approved/Declined > Change Scheduled; ; We perform regular penetration testing, including when a significant area of infrastructure or service has changed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our infrastructure is monitored via Azure's built in tools which allows us to preempt and respond to potential threats.; ; We perform penetration testing in the event of a newly discovered vulnerability, as well as regular pen testing. We subscribe to services which alert us to any new vulnerabilities.; ; If there is a vulnerability within our system we will classify the issue as high/medium/low priority and impact. Serious issues would be resolved within 24 hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have automated monitoring and alert tools such as Azure Defender to alert administrators to breaches and potential vulnerabilities. ; ; We have policies in place to respond to potential a compromise. These involve log auditing, security configuration assessment and internal testing. Potentially affected systems are isolated whilst investigations take place, and mirror/backup systems are activated.; ; An investigation will be undertaken by the LIO immediately and wherever possible within 24 hours of the incident being discovered/reported.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Process: Data Incident Reporting Policy; ; Reporting an Incident: Any individual who accesses, uses or manages the organisation’s data information is responsible for reporting data breach and information security incidents immediately to the Chief Information Security Officer (CISO) - Stuart Walsh and/or one the Information Security Officers (ISO) - Sian Ratcliffe/James Donaldson-Cass/Terry Godwin.; ; Reports: The CISO/ISO and/or LIO, in consultation with organisation’s Directors, will determine who needs to be notified of the incident. Every incident will be assessed on a case by case basis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our organisation recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods, with regular review points. We will encourage customers, suppliers and other stakeholders to do the same.; ; Policy Aims; ; We endeavour to:; ; • Comply with and exceed all relevant regulatory requirements.; • Continually improve and monitor environmental performance.; • Continually improve and reduce environmental impacts.; • Incorporate environmental factors into business decisions.; • Increase employee awareness and training.
• Equal opportunity:

  Equal opportunity

  Our organisation is committed to the idea of equal opportunities for all. Our policy is to make sure that no customer, or person involved or associated with our organisation receives less favourable treatment on the grounds of: ; ; • Religious belief or political opinion ; • Race (including colour, nationality, ethnic or national origins) ; • Disability ; • Gender reassignment; • Sex; • Marital or civil partnership status ; • Having or not having dependants ; • Sexual orientation ; • Age. ; ; Our organisation is opposed to all forms of unlawful and unfair discrimination. We believe in human rights for all those connected with this organisation and all members of society. No action shall be taken against them by any person connected with our organisation which would devalue their contribution to society and to this organisation, or lead to a loss of their own self-respect, or respect for them from others.
• Wellbeing:

  Wellbeing

  Our organisation believes that the mental health and wellbeing of our employees is key to organisational success and sustainability.; ; Goals; ; • To build and maintain a workplace environment and culture that supports mental health and wellbeing and prevents discrimination (including bullying and harassment).; • To increase employee knowledge and awareness of mental health and wellbeing issues and behaviours. ; • To reduce stigma around depression and anxiety in the workplace.; • To facilitate employees’ active participation in a range of initiatives that support mental health and wellbeing.

Pricing

• Price: £10.00 to £35.00 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: An organisations manager may trial our service for 30-days and sample 2 of our accredited eLearning modules. They may also undertake a live demo with a member of our team.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at natalie@bluestreamacademy.com. Tell them what format you need. It will help if you say what assistive technology you use.