IMC (UK) Learning

imc Cyber Crime Time

In today’s digital age, the threat landscape is rapidly evolving, making robust cybersecurity awareness more essential than ever. That’s where Cyber Crime Time comes into play—a groundbreaking modular cybersecurity awareness campaign designed to revolutionize how your team interacts with IT security.

Features

• Anytime learning from any web enabled browser device
• Gamified approach to learning
• Build for a multi device world
• Delivery via SCORM or hosting through imc Learning Portal
• Success management
• Interactive chat bot, flip cards, 3D hotspot map
• Individual feedback through readiness check, based on KPI's
• Hot topic video learning nuggets for latest Cyber Security Threats
• Consistent instructional and visual design throughout all modules

Benefits

• Innovation through Interactive Learning
• Integration Across Home and Work
• Didactics That Drive Engagement
• Customized Implementation
• Building a Cybersecurity Culture
• Engagement and Accessibility
• Data Privacy and Continuous Improvement
• Cyber Crime awareness across the organisation
• Individualisation through Modular structure

£2.60 to £99.90 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

136796124461126

Contact

Russell Donders
02080655215
russell.donders@im-c.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The service is fully managed, with an expected up time at a minimum 99%. This is inclusive for maintenance which would scheduled with the customer beforehand. There would be an expected 2 hours downtime for an upgrade or patch installation, with all communications managed through our support desk and will typically be targeted to be performed out of hours, for minimal service disruption to users.
• System requirements:
  • Minimum: 512 kbit/s per user internet connection
  • Recommended:100 Mbit/s internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide 24x7, 3rd level online support with the response times governed by the severity of the support issue, governed and outlined within the SLA's.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We support you in making Cyber Crime Time a world; success story. Together we customise the learning ; journey to your needs and circumstances. In review ; meetings, we analyse the learning success and ; provide feedback for further improvement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We start with a welcome call to get client started on the Cyber Crime Time journey. The actual learners don't need training, Cyber Crime Time is intuitive.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: User data, SCORM data and other information can be extracted and provided by imc Learning in .csv format.
• End-of-contract process: All data can be extracted and the database will be provided to you, and all data will be deleted at no additional cost. This would include any created media assets and the database can be returned as a whole, or via CSV files which can be extracted via the interface at any time. Data deletion of user accounts and any other data held is included as part of the overall service agreement, with no additional off-boarding costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference. Cyber Crime time has a very clear and consistent navigational structure throughout, providing a simple and intuitive front-end for learners on any device.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Cyber Crime Time presents information visually through its graphical user interface (GUI), such as health bars, maps, menus, and other in-game data.
• Accessibility standards: None or don’t know
• Description of accessibility: We are working on a fully accessible version. We are happy to share more information on request.
• Accessibility testing: We are developing a fully accessible version, with comprehensive interface testing.
• API: No
• Customisation available: Yes
• Description of customisation: Imc learning do customisation for customers and we can include logo's and additional information on request.

Scaling

• Independence of resources: All customers benefit from pooled resources, where more customers within one environment provide greater resources for all to utilise. Where a system is experiencing heavy usage, it can then utilise the unused resources from another system on the server. This provides a load balancing effect where customers aren't affected by demands of others.

Analytics

• Service usage metrics: Yes
• Metrics types: We track learning analytics, for example;; * seat time; * learning progress tracking; * completion tracking; * login time
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users don't need to export their data from Cyber Crime Time. Personal data can be removed on request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The system will be available 24/7, 365 days, with a guaranteed system availability of 99.0%, except for scheduled maintenance which requires your approval and updates would be out of hours with minimal downtime.
• Approach to resilience: This is available on request
• Outage reporting: We sent email alerts to customers if there has been a report of system outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Authorisation within the system is governed by access control rights with the system having support for several different identity providers to authenticate the user, ensuring the right user has access to the right system areas. This determines the relevant access to read, write, create and delete objects as needed for their specific use case.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DQS Holding GMBH
• ISO/IEC 27001 accreditation date: 15/12/2021
• What the ISO/IEC 27001 doesn’t cover: Information security in project management - Information security shall be addressed in project management, regardless of the type of the project. Projects as such are not done within the scope of the ISMS. Thus this control is not applicable.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 29/3/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Any services explicitly covered by Microsoft Corporation as the cloud hosting platform provider are not included within the scope of our certification, as they hold their own certification for these specific control
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As dictated by the ISO 27001 certification requirements and process, we have documented policies that cover the following areas: -Acceptable use policy -Access Control Policy -Access Protection Policy -Backup Policy -Clear desktop and office policy -External User Policy -Information security policy -Information security policy for customer management -Information security policy for supplier relationships -Information transfer policy -Key management policy -Logging Policy -Login Policy -Mobile Device Policy -Network Security Policy -Policy on the use of cryptographic controls -Server Security Policy -Teleworking policy -Virus Protection Policy -WLAN Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: There is no configuration needed of Cyber Crime Time. It is interactive learning content, setup to respond to individual user needs. Organisations can set it up quick and easy, without complex configuration. With regards to users; either imc Learning uploads user data if imc Learning hosts Cyber Crime Time. If Cyber Crime Time is hosted at the customer they can do this themselves. ; ; All requests are logged, tracked and managed through our Jira ticketing system.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We perform penetration tests/security scans twice per year to determine the probability and severity of an attack. The findings are scored from ok, through to critical, with recommendations on how to be resolved. These are managed through our Jira ticketing system. Depending on the severity and size of the vulnerability, these are addressed as either a hotfix release or in the next available patch release, approx every 3-4 weeks. In addition, the solution is designed against the OWASP top 10 vulnerabilities to ensure the solution is aligned with the up-to-date industry guidelines.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Fully configured security policies are in place, and the service will also provide alerts for any detected issues to our support personnel 24/7 that are then responded to accordingly and communicated to you through the support desk
• Incident management type: Supplier-defined controls
• Incident management approach: Imc have an internal security and incident management procedure in accordance with our ISO 27001 accreditation, documenting all processes, classifications and resolutions for a reported incident. We use a security incident ticket to raise any security incidents. After a security event has been reported, it is analysed in order to verify the occurrence and to take first actions. Where a security incident affects any customer data, they are notified as soon as possibile, communicated through the service desk portal.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  As a provider of learning and educational technologies, imc recognizes our influence on customers' environmental efforts, particularly through eLearning. Our SaaS learning management solution offers environmental benefits, but we are aware of the energy needed for computing power. To minimize this, we:; • Provide server capacity on an as-needed basis, starting small and scaling based on actual demand to minimize environmental impact and control costs.; • Use a micro-services architecture, engaging only necessary services, which reduces energy usage.; The imc Learning Suite supports businesses by:; • Reducing paper and ink usage: eLearning eliminates the need for printed training materials.; • Lowering energy consumption: Online access to training reduces the need for travel and the use of energy-intensive equipment.; • Reducing carbon footprint: By cutting paper use and energy, the solution helps lower an organization's overall carbon footprint.; • Increasing efficiency: Learners can access materials anytime, anywhere, reducing physical meetings and travel.; imc is committed to minimizing our environmental impact, taking proactive steps to protect and enhance the environment. We comply with all relevant laws and regulations, aiming to prevent pollution and conserve resources. Through waste management, we work to minimize waste and increase recycling.; We involve all stakeholders in sustainable practices, promote environmentally responsible purchasing, and train employees on environmental management. We continuously seek to improve our environmental efficiency, establish measurable environmental targets, and regularly review our policies.; In our operations, we prioritize eLearning, use recycled-content paper, practice recycling, encourage eco-friendly habits like reducing printouts, use green cleaning products, set printers to black & white, and turn off lights and screens when not in use to save energy.

  Tackling economic inequality

  imc voluntarily commit to paying all employees above the National Living Wage. As recognition of the higher education expected as part of the role, imc feel that remuneration according to salary benchmarking will ensure appropriate pay, creates a competitive market and ensures there is no bias when assigning salaries to certain individuals as it is determined by statistic. These factors all make for a farer working environment which is a very attractive feature of a business, and this wage allows our staff to be present at work, rather than worry about their livelihood, fostering a happier and healthier work place. This then has the knock-on effect of improving employee retention. Not only do higher retention rates reduce hiring costs and strain on the business, they also prove invaluable to our customers (you!) as you have consistency in the Account Manager assigned to your business who will have ample knowledge from other customers to guide and support you on the continued journey with imc. ; Further to providing more than the National Living Wage, imc also supports all staff with the option for private health insurance and schemes such as cycle to work.

  Equal opportunity

  imc is committed to identifying and addressing inequality in employment skills and pay within our workforce.; We conduct comprehensive diversity and inclusion training programs to educate employees and managers on unconscious bias, fair hiring practices, and creating an inclusive work environment.; We believe we have a transparent pay structure based on job roles, responsibilities, and performance evaluations to ensure fair and equitable compensation across all levels of the organisation.; We actively participate in industry benchmarking surveys to assess our performance in terms of diversity, pay equity, and inclusion compared to our peers.; Metrics for measuring success in this area include:; Percentage increase in diversity representation at all levels of the organisation.; Reduction in pay gaps between different demographic groups.; Employee satisfaction scores related to fairness and inclusivity in the workplace.; To gather data, we will utilise:; • HRIS (Human Resources Information System) to collect and analyse workforce demographics, salary data, and performance evaluations.; • Employee surveys and feedback mechanisms to assess employee perceptions of fairness and inclusivity.; Future target dates include:; • Implementing unconscious bias training for employees; • Conducting a comprehensive pay equity analysis; • Increasing diversity representation in leadership positions in the future; To influence staff, suppliers, customers, and communities, we will:; • Engage in partnerships with diversity-focused organisations to promote inclusive hiring practices and supplier diversity.; • Communicate our commitment to diversity and inclusion through marketing materials, and corporate communications.

Pricing

• Price: £2.60 to £99.90 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide a full access for demo purposes. Further more, they can register on our website and get access to our demo version of The Game (Episode 1) for 3 months.
• Link to free trial: https://www.im-c.com/cyber-crime-time-cyber-security-awareness-training/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at russell.donders@im-c.com. Tell them what format you need. It will help if you say what assistive technology you use.