GLOBAL IT FACTORY PTY. LTD.

Curriculum Management System (CMS)

Global IT Factory’s Curriculum Management System, designed for tertiary institutions, offers seamless integration and a highly configurable platform to manage evolving curriculums. Built on Oracle Cloud, it ensures scalability, accessibility, and security. The intuitive and accessible UI enhances user experience, making curriculum management efficient and effective.

Features

• Central repository for all curriculum-related information.
• Streamlines creation, amendment, and review processes for programmes and modules.
• Assures alignment with regulatory and professional standards.
• Enables workflow tracking for enhanced progress visibility.
• Offers version and configuration management with audit trails for accountability.
• Supports micro-credentials with adaptable templates and mapping.
• Curriculum mapping tools assess module contributions to programme outcomes.
• Features a public-facing, online curriculum catalogue.
• Seamless integration with SISs, portals and LMSs.
• Advanced BI tools and APIs for in-depth data analysis.

Benefits

• Centralises curriculum data, enhancing administrative efficiency
• Speeds up curriculum development and revision, increasing agility.
• Maintains curriculum accuracy and reliability, protecting institutional reputation.
• Improve student retention with adaptable, market-driven curriculum.
• Increase staff efficiency: reduced data entry, improved integrity & re-use.
• Use curriculum mapping to align curricula with regulatory standards.
• Foster curriculum innovation with micro-credentials and collaborative sandboxes.
• Adaptable to specific institutional requirements, offering tailored solutions.
• Reduces administrative workload, freeing up resources for core activities.
• Provides detailed reports, aiding strategic decision-making.

£43,400 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sarah.Beresford@globalitfactory.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

995919769181576

Contact

Sarah Beresford
+44 151 327 4233
Sarah.Beresford@globalitfactory.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None. Curriculum Management System is an enterprise-grade SaaS.
• System requirements:
  • Supported browsers: Chrome, Edge, Safari and Firefox - latest versions
  • Authentication services using: SAML2.0 or LDAP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Formal support requests are managed via Atlassian Jira Service Management portals, where response time targets vary depending on Severity/Priority of a ticket as well as the Support Tier a customer has selected (we offer Bronze, Silver, Gold and Platinum tiers). In addition we provide engagement contact points for each customer who would typically respond to any informal enquiry same day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: We provide four tiers of Support, which cater for a range of customer needs and budgets. Each tier contains all elements of any lower tier, and also supports higher availability levels.; ; Bronze: our standard support tier which includes a 24X7 service desk, monthly reports and business hours coverage; ; Silver: an uplifted support tier, sometimes chosen for key customer periods, it includes a support phone line for P1 incidents, and improved response and resolution targets; ; Gold: an elevated support tier for customers who need even more improved targets, including a support phone line for all incidents with return calls, increased 24 X 7 response coverage for P1s; ; Platinum: enterprise level support tier with the best response and resolution targets, including 24 X 7 support phone line
• Support available to third parties: No

Onboarding and offboarding

• Getting started: To ensure the smooth adoption of our Curriculum Management System, we work with the University to configure the system in accordance with their needs and integrate it with existing university systems, including thorough testing and validation. We migrate approved templates and workflows to the production environment and undertake batch loading of legacy data to ensure continuity.; ; Our comprehensive 'train the trainer' program empowers core users with the necessary knowledge and skills to support the wider user base, facilitating effective knowledge transfer and system utilization.; ; During the go-live phase, we provide hypercare support to address any immediate issues, ensuring a seamless transition for users. This proactive support allows for real-time system adjustments, enhancing reliability and user satisfaction as the university transitions to our Curriculum Management System.; ; By combining effective training, and dedicated support, we ensure that universities can leverage our Curriculum Management System to its full potential, meeting their evolving needs and enriching the educational experience.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the contract's conclusion, we ensure a smooth transition of your data through a structured data migration strategy. This encompasses:; ; - Data Extraction: Exporting all customer data in a universally accessible, documented, machine-readable format, such as CSV, adhering to industry standards for ease of use.; - Data Schema Documentation: Providing detailed documentation of the customer's data schema, facilitating a clear understanding of the data structure and content.; - Integration Documentation: Ensuring all integrations, including adaptors, security protocols, and APIs, are documented, allowing for seamless data transition to alternative systems.; - Migration Support: Offering comprehensive support during the data migration process, including assistance in interpreting the data schema and integrating data with new systems.; ; Our approach guarantees that your valuable data remains intact, interpretable, and easily transferable, ensuring no disruption to your operations post-contract
• End-of-contract process: These services are considered additional costs, charged on a Time and Materials basis according to an agreed rate card, ensuring transparency and fairness in post-contract support.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our Curriculum Management System service offers a browser-based, responsive interface accessible on mobile devices. However, due to the complex nature of curriculum data, mobile use for management tasks is not recommended. Experience suggests actions like approvals need thorough attention, challenging to ensure on mobiles. The Online Curriculum Catalogue is mobile-friendly, designed for accessible viewing on such devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Curriculum Management User Interface is meticulously designed for ease of use, featuring a clean, intuitive layout that ensures seamless navigation and operation. It is browser-based, embracing responsive design principles for optimal functionality across devices. The interface facilitates efficient curriculum management, offering tools for creating, reviewing, and modifying programs and courses with precision. Enhanced with dynamic dashboards and robust reporting capabilities, it provides real-time insights into curriculum progress, aiding in informed decision-making. Tailored to meet the demands of educational administrators, the interface combines aesthetic simplicity with comprehensive functionality to support effective curriculum management
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: CMS testing with users of assistive technology includes screen readers such as JAWS, NVDA (NonVisual Desktop Access), code scanning tools such as WAVE, Axe as part of accessibility standard verification. ; Our customers who use the product with assistive technology such as screen readers work directly with us to provide feedback. Our customers also perform independent accessibility testing with various assistive technology tools including screen readers, code-scanning tools as mentioned above.
• API: Yes
• What users can and can't do using the API: The following APIs are available: Publishing, Business Intelligence reporting, User Account management.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Curriculum Management System (CMS) offers extensive customisation options. Institutions can modify key system terminology and branding elements like logos, colours, and background images via a user-friendly management interface.; The interactive GUI-based Template Designer facilitates the creation of curriculum templates using drag-and-drop functionality with various components (text fields, checklists, dropdowns, tables with validation), enabling the adaptation to specific curriculum data needs without requiring external vendor support. Additionally, workflows, review processes, and automated notifications within the CMS are fully customisable.; The system also supports flexible configuration of curriculum structures (such as degrees with nested qualifications for alternative exit and entry, stackable micro-credentials, credit and non-credit bearing courses or units, degrees offered in multiple campuses with variations, and more) in a way that supports logical dependencies and curriculum integrity. Institutions can manage these settings independently, with guidance available on best practices.

Scaling

• Independence of resources: Our CMS, hosted on Oracle Cloud, is designed to provide a seamless experience for users:; ; 1. The CMS is provided using a dedicated instance resulting in increased security and enabling a higher level of solution tailoring; ; 2. We over-dimension our resources, preparing for peak demands without compromising performance.; ; 3. Continuous performance monitoring allows for real-time adjustments, maintaining operational stability.; ; 4. Advanced caching techniques and Oracle Cloud's data management systems enhance access speed and efficiency.; ; As such, we ensure that our service remains robust and responsive, offering uninterrupted quality and reliability to users, regardless of the varying demands across the network.

Analytics

• Service usage metrics: Yes
• Metrics types: The following Service usage metrics are available. ; Site Visits:; • Visits ; • Actions ; • Maximum actions in one visit ; • Actions per Visit ; • Average Visit Duration (in seconds) ; • Bounce Rate ; ; Performance: ; • Average network time; • Average server time; • Average transfer time; • Average processing time; • Average completion time; • Average page load time
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Oracle Cloud Infrastructure (OCI) has policies, procedures, and mechanisms established for effective key management to support encryption of data in storage and in transmission for the key components of the OCI service. OCI supports strong cryptography using standards and validated formats including AES-256, IPSec, and FIPS-140-2. Oracle uses Transparent data encryption (TDE) on database table-spaces to encrypt.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their curriculum data from the user interface, or they can send it to other systems via the Publish mechanism. At the end of the contract, curriculum data can be extracted in CSV format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The System Availability Service Level is underpinned by a number of things, including Oracle Cloud Services' target service uptime of 99.95%, and what if any DR solution a customer chooses to implement. Fundamentally the Application availability target is determined by which Support Tier a customer chooses:; Bronze: 95%; Silver: 98%; Gold: 99.5%; Platinum: 99.72%; ; Customer engagements vary according to individual circumstances and priorities, but where compensation is contractually outlined typically takes the form of Performance Rebates, capped at 5% of the monthly SaaS fee.
• Approach to resilience: Global IT Factory's Curriculum Management System is hosted on Oracle Cloud Infrastructure. Oracle Cloud Infrastructure is hosted in regions and availability domains. A region is a localised geographic area, an availability domain is one or more data centres located within a region. A region is composed of several availability domains. Most Oracle Cloud Infrastructure resources are either region-specific, such as a VCN, or availability domain-specific, such as a compute instance. Availability domains are isolated from each other, fault tolerant, and designed against failing simultaneously. Because availability domains do not share infrastructure such as power or cooling or the internal availability domain network, a failure at one availability domain is designed to not impact the availability of the others. All the availability domains in a region are connected to each other by a low-latency, high-bandwidth network, which makes it possible for the customer to provide high-availability connectivity to the Internet and customer premises, and to build replicated systems in multiple availability domains for both high-availability and disaster recovery. Regions are completely independent of other regions and can be geographically separated. Curriculum Management System can be deployed using geographically diverse disaster recovery architecture in cold, warm or hot standby mode.
• Outage reporting: Our service employs comprehensive monitoring tools to ensure robust oversight of system performance and reliability. These tools alert our team—comprising support staff and engagement managers—about any issues, categorising them by severity (e.g., warnings, critical alerts).; ; In the event of an outage, we primarily notify customers via email alerts. For significant disruptions, we may also reach out directly through phone calls or organise meetings to discuss the incident in detail. ; ; All outage events are comprehensively documented and included in our monthly operational reports. These reports are presented and reviewed during scheduled customer meetings, ensuring all stakeholders are well-informed of past incidents and the steps taken to mitigate any future occurrences.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We use isolated Cloud network environment accessible only via secure VPN connection by authorised admin users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV Business Assurance Australia Pty Limited for JAS ANZ
• ISO/IEC 27001 accreditation date: 22 April 2022
• What the ISO/IEC 27001 doesn’t cover: Our certification is valid for the following scope:; The certificate scope covers Global IT Factory Information Security Management System (ISMS) supporting the operations underlying Global IT Factory's Cloud offering the Curriculum Management System (CMS). The ISMS covers design, development, operation, maintenance and customer support of the SaaS products in accordance with the latest Statement of Applicability; version 2.0. All listed services are in scope for this certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 30/09/2023 Attestation by EY
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Attestation covers UK-based Oracle Cloud Infrastructure, which is used to provide Global IT Factory Curriculum Management System services. Other service aspects are not covered by this attestation.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27001:2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: GITF operates an Information Security Management System (ISMS) which complies with and is independently certified to the ISO/IEC 27001:2013 Information Security Management System international standard. ; As part of the ISO/IEC 27001:2013 certification maintenance, GITF performs an independent internal audit and external audit annually to certify ongoing compliance to the ISO/IEC 27001:2013 international standard which underpins GITF’s commitment and compliance with this standard. ; GITF’s ISMS has a set of policies for information security which are approved by management, and published and communicated to employees and relevant external parties. These policies for information security are reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness. The ISMS policies and processes cover:; - Organisation of information security ; - Human resources security; - Asset management; - Access control; - Cryptography; - Operations security; - Communications security; - System acquisition, development and maintenance; - Third party relationships (i.e., suppliers to GITF); - Information security incident management; - Information security aspects of business continuity management; - Compliance

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes within the development lifecycle follow GITF's change management practice as detailed within the Change & Release Management Process using the Issues Tracking platform. Changes are assessed for potential security impact as summarised below:; - Major Changes are changes that can have direct or indirect consequences on information classified as “Highly Restricted” Confidentiality and/or “Absolute” Integrity ; - Moderate Changes are changes that can have direct or indirect consequences on information classified as “Restricted” Confidentiality and/or “High” Integrity; - Minor Changes are changes that can have direct or indirect consequences on information classified “Internal” Confidentiality and/or under “Moderate” Integrity
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: GITF technical owners of each software application, component or library used by the business, are responsible to monitor security advisory announcements that relate to their software to review and mitigate, where appropriate, the disclosed vulnerabilities.; Upon discovery, a vulnerability must be evaluated and mitigated within timeframes specified below depending on its CVSS v3.0 severity (Reference: https://www.first.org/cvss/):; - Critical CVSS score 9 - 10: Patches by 7 days; - High CVSS score 7 - 8.9: Patches by 30 days; - Medium CVSS score 4 - 6.9: Patches by 90 days; - Low CVSS score 0.1 - 3.9: Patches by 180 days
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are identified via detection of:; • Precursors: detecting that a cyber-attack might occur in the future, such as receiving a threatening email or news of a global malware/ransomware attack ; • Indicators: detection that an incident may have occurred (e.g., intrusion detection alerts, file names with odd characters, configuration changes); • Security Monitoring: Referral from a managed security service provider, alerting to the presence of an information security incident.; Once a potential compromise is identified, it is analysed to determine if it is an event or an incident. The incident is then responded according to its severity and/or SLA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: GITF's Incident Management process includes the following key steps and activities:; 1. Detection and Analysis; 1.1 Incident Detection; 1.2 Incident Analysis; 1.3 Incident Classification; 1.4 Activate the Incident Management Team; 1.5 Incident Notifications; 1.6 Incident Management Team Documentation; 2. Containment and Eradication; 2.1 Resolution Action Plan; 2.2 Evidence Preservation; 3. Communications and Engagement; 3.1 Internal Communications; 3.2 External Communications; 4. Recovery; 4.1 Recover; 4.2 Stand Down the Incident Management Team; 5. Lesson Learn and Improvement; 5.1 Reflect and Lesson Learn; 5.2 Update Incident Response Plan; The incident reports follow a standard template which can be provided on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our CMS actively supports universities in their efforts to combat climate change by enabling a significant reduction in paper usage through the digitalisation of curriculum management processes. This not only minimizes the environmental footprint of educational institutions but also aligns with broader goals towards achieving net-zero greenhouse gas emissions. Additionally, by facilitating remote learning and administrative capabilities, our platform reduces the need for travel, further contributing to carbon reduction efforts. We are committed to influencing our staff, suppliers, and the wider university community to adopt sustainable practices, reinforcing the collective fight against climate change.

  Covid-19 recovery

  In response to the COVID-19 pandemic, our CMS has played a crucial role in ensuring continuity in education by enabling seamless remote access to academic resources and administrative functions. This adaptability has allowed universities to maintain operational resilience amidst the challenges posed by the pandemic. Moreover, our platform supports the mental and physical well-being of both students and faculty by providing resources and tools that enhance the remote learning experience. Through these measures, we assist universities and their stakeholders in effectively managing and recovering from the impacts of COVID-19.

  Tackling economic inequality

  Our CMS is strategically developed to support universities in their mission to diminish economic inequality by enriching educational opportunities and career readiness, particularly within high-growth sectors. By streamlining academic and administrative processes, our platform enhances the educational environment, allowing universities to offer more accessible and flexible learning pathways. This accessibility is crucial for enabling students from disadvantaged backgrounds to gain vital skills and knowledge, opening doors to new employment opportunities.; ; Furthermore, our CMS supports universities in launching targeted training programs that directly address prevailing skills gaps. These programs are designed to equip students with industry-relevant qualifications, boosting their employability and economic prospects. By providing a platform that facilitates such comprehensive educational initiatives, we empower universities to play a pivotal role in fostering economic growth and reducing employment barriers within their communities, ultimately contributing to a more equitable economic landscape.

  Equal opportunity

  Our CMS embodies the principle of equal opportunity by ensuring comprehensive accessibility features, making the platform usable for individuals with disabilities. This inclusivity extends to providing support for diverse learning needs, thus enabling all students to fully engage with their curriculum. By promoting an equitable learning environment, our platform helps universities in their efforts to reduce the disability employment gap and foster a more inclusive academic community.

  Wellbeing

  Our CMS aims to contribute indirectly to the improvement of health and wellbeing within the university community. While the core function of our CMS is to streamline and enhance curriculum management processes, its indirect impact on wellbeing comes through its ability to reduce administrative burdens, thereby alleviating stress and workload for academic and administrative staff. This, in turn, creates a more supportive environment that can positively affect the mental and physical wellbeing of both staff and students.; ; Our platform also ensures compliance with data protection and cyber security standards, thereby safeguarding sensitive information and reducing the risk of stress and anxiety associated with data breaches. By providing a secure and efficient system, we contribute to a positive work and study environment, indirectly supporting the wellbeing of the university community.

Pricing

• Price: £43,400 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sarah.Beresford@globalitfactory.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.