Skip to main content

Help us improve the Digital Marketplace - send your feedback

Phishing Tackle Limited

Phishing Tackle Security Awareness Training & Simulated Phishing

UK's number 1 Security Awareness & Training provider. Award winning British multilingual automated training and testing platform, policy management, and PhishNet S.O.A.R. tool. Granular reporting including high risk users, breach data information, and training completion statistics. Encompassing a fully managed service saving you time, budget and quickly reducing user risk.


  • Managed/Self Managed Automated Phishing Simulation campaigns
  • E-Learning Management System (LMS)
  • Alarm bell indicators providing instant feedback
  • Custom Email Templates
  • Custom Landing page Templates
  • Custom Quiz creation
  • Microsoft 365 / Active Directory / Google Workspace integration
  • UK Training Content
  • Breach Intelligence Information
  • Security Orchestration, Automation & Response (SOAR)


  • Highly engaging instant security awareness training
  • Automated simulated phishing campaigns, set and forget.
  • Integration with user directories. eg Microsoft and Google.
  • Organisational and individual breach and threat intelligence data.
  • Up-to-date UK templates and training.
  • Satisfy ISO27001 and Cyber Essentials, and other regulatory requirements
  • Instantly help build a robust security awareness culture.
  • Robust and informative reporting, including organisational return-on-investment.
  • Smart Tags enabling dynamic user group creation.
  • Dramatically reduced the click-prone risk of your users.


£3.60 to £7.20 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 7 0 8 9 5 3 7 7 4 4 8 1 7 4


Phishing Tackle Limited G-Cloud Support Team
Telephone: +44 (0)330 390 0805

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No service constraints.
System requirements
Compatible with any modern desktop web browser.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our automatic ticket system responds immediately with a receipt confirmation and our average response times are currently less than 1 hour during usual UK business hours and less than 1 minute on live chat.

Weekend response times may vary.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Onsite support
Support levels
We use reasonable endeavours to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:

(a) critical: 4 Business Hours;
(b) serious: 8 Business Hours;
(c) moderate: 2 Business Days; and
(d) minor: 5 Business Days.

A Customer Success Engineer is assigned to each account.
Support available to third parties

Onboarding and offboarding

Getting started
We allocate a Customer Success Manager for the onboarding process and provide a walk-through of the setting up, configuration and customisation processes.

There is also extensive on-line help available and real-time chat.
Service documentation
Documentation formats
End-of-contract data extraction
Users may download their data to external files at any time whilst access is permitted.
End-of-contract process
Once a contract has concluded, all data is deleted from the system within 7 working days of contract termination.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
End user training experience is the same on both platforms.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
Exact use is discussed on a case-by-case basis.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The look and feel including logos and colours, including bespoke URL, login/logout, can all be branded and customised.


Independence of resources
We have load-balanced enterprise grade infrastructure in place to ensure performance is always optimal.


Service usage metrics
Metrics types
End-user access activity.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
We have extensive export functionality (for example CSV, Excel, PDF etc).
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Word
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We use reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99.9% during each calendar month.
Approach to resilience
Amazon AWS hosted with multi-site failover.
Outage reporting
We have constant monitoring of the service with email, SMS and phone call alerts sent to our on-call engineers.

All performance information is available in our public dashboard which can be found at, and also on our Twitter feed.

End-users can also signup to this information for real-time email updates.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
We also allow for SAML2 authentication.
Access restrictions in management interfaces and support channels
We provide full Role Based Access Control (RBAC).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • All our processes & policies align with ISO27001
  • Which we are working to achieve during 2022.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials Plus
All processes aligned with ISO27001 with an aim of full accreditation during 2022.
Information security policies and processes
We work to the ISO27001 standard for all our security policies and processes. This is routinely checked and events recorded as required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes to software source code are peer reviewed and deployed to a staging environment for initial testing.

Once these tests have been satisfied, the new update/releases are deployed to the production environment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The core software infrastructure is based on sound industry standards and framework. All security notifications are monitored and assessed on a case-by-case basis.

Security Updates will be applied to the platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant update.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We constantly monitor access to the platform for unusual activity and report this immediately. We then have the ability to block the malicious actor at both an application and firewall level.

We will notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 72 hours after the Provider becomes aware of the breach.
Incident management type
Supplier-defined controls
Incident management approach
Each incident is reported using our ticket system and tracked accordingly. After investigation and resolution a report will be provided on a per-issue basis. If there was a wider-spread issue, this will be reported on our web site.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Equal opportunity

Equal opportunity

Phishing Tackle are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

As an equal opportunities employer, we’re committed to creating and ensuring a non-discriminatory and respectful working environment for our staff. We want all our staff to feel confident that they can expose wrongdoing without any risk to themselves.

All employment decisions are based on business needs, job requirements and individual qualifications, without regard to gender, race, colour, disability, religion, marital status, family or parental status.

Our equality and diversity policy forms part of our employee onboarding process and must be reviewed and accepted by every employee.


At Phishing Tackle we recognise the importance of good mental health and the need for flexibility for our employees. Mindful of this, we offer the option for a hybrid working approach, both working from home and based out of our purpose built, state of the art offices.

Our office environment is conducive to maintaining a healthy and purposeful experience, overlooking the River Ouse and central to leisure and relaxation facilities. We encourage regular breaks both in the home and office working environments.

Similarly, we operate a wellbeing platform within our HR system, giving us the ability to create an environment in which every employee feels valued and set up for success.

We also stand committed to upholding human rights, including ensuring no-one in our direct operations or extended supply chain or customer base is subjected to modern slavery and human trafficking.
Our core values are premised on integrity, therefore we take adherence to laws, including The Modern Slavery Act 2015 (the Act), seriously and we are fully supportive of initiatives aimed at the eradication of both slavery and human trafficking across the globe. Full details on our Modern Slavery policy can be found on our website:


£3.60 to £7.20 a user a year
Discount for educational organisations
Free trial available
Description of free trial
Our 14 day free no-obligation trial allows for the full and unrestricted use of the Phishing Tackle platform.

There is also unlimited access to our team of customer success, technical and security experts to listen to your needs and support you, delivering a high return-on-investment for you during the trial.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.