Phishing Tackle Limited

Phishing Tackle Security Awareness Training & Simulated Phishing

UK's number 1 Security Awareness & Training provider. Award winning British multilingual automated training and testing platform, policy management, and PhishNet S.O.A.R. tool. Granular reporting including high risk users, breach data information, and training completion statistics. Encompassing a fully managed service saving you time, budget and quickly reducing user risk.

Features

• Managed/Self Managed Automated Phishing Simulation campaigns
• E-Learning Management System (LMS)
• Alarm bell indicators providing instant feedback
• Custom Email Templates
• Custom Landing page Templates
• Custom Quiz creation
• Microsoft 365 / Active Directory / Google Workspace integration
• UK Training Content
• Breach Intelligence Information
• Security Orchestration, Automation & Response (SOAR)

Benefits

• Highly engaging instant security awareness training
• Automated simulated phishing campaigns, set and forget.
• Integration with user directories. eg Microsoft and Google.
• Organisational and individual breach and threat intelligence data.
• Up-to-date UK templates and training.
• Satisfy ISO27001 and Cyber Essentials, and other regulatory requirements
• Instantly help build a robust security awareness culture.
• Robust and informative reporting, including organisational return-on-investment.
• Smart Tags enabling dynamic user group creation.
• Dramatically reduced the click-prone risk of your users.

£3.60 to £7.20 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phishingtackle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

370895377448174

Contact

G-Cloud Support Team
+44 (0)330 390 0805
gcloud@phishingtackle.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints.
• System requirements: Compatible with any modern desktop web browser.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our automatic ticket system responds immediately with a receipt confirmation and our average response times are currently less than 1 hour during usual UK business hours and less than 1 minute on live chat.; ; Weekend response times may vary.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None.
• Onsite support: No
• Support levels: We use reasonable endeavours to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:; ; (a) critical: 4 Business Hours;; (b) serious: 8 Business Hours;; (c) moderate: 2 Business Days; and; (d) minor: 5 Business Days.; ; A Customer Success Engineer is assigned to each account.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We allocate a Customer Success Manager for the onboarding process and provide a walk-through of the setting up, configuration and customisation processes.; ; There is also extensive on-line help available and real-time chat.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users may download their data to external files at any time whilst access is permitted.
• End-of-contract process: Once a contract has concluded, all data is deleted from the system within 7 working days of contract termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: End user training experience is the same on both platforms.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Exact use is discussed on a case-by-case basis.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The look and feel including logos and colours, including bespoke URL, login/logout, can all be branded and customised.

Scaling

• Independence of resources: We have load-balanced enterprise grade infrastructure in place to ensure performance is always optimal.

Analytics

• Service usage metrics: Yes
• Metrics types: End-user access activity.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We have extensive export functionality (for example CSV, Excel, PDF etc).
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Excel
  • Word
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We use reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99.9% during each calendar month.
• Approach to resilience: Amazon AWS hosted with multi-site failover.
• Outage reporting: We have constant monitoring of the service with email, SMS and phone call alerts sent to our on-call engineers. ; ; All performance information is available in our public dashboard which can be found at https://support.phishingtackle.com, and also on our Twitter feed. ; ; End-users can also signup to this information for real-time email updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: We also allow for SAML2 authentication.
• Access restrictions in management interfaces and support channels: We provide full Role Based Access Control (RBAC).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • All our processes & policies align with ISO27001
  • Which we are working to achieve during 2022.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus; All processes aligned with ISO27001 with an aim of full accreditation during 2022.
• Information security policies and processes: We work to the ISO27001 standard for all our security policies and processes. This is routinely checked and events recorded as required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any changes to software source code are peer reviewed and deployed to a staging environment for initial testing.; ; Once these tests have been satisfied, the new update/releases are deployed to the production environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The core software infrastructure is based on sound industry standards and framework. All security notifications are monitored and assessed on a case-by-case basis.; ; Security Updates will be applied to the platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant update.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We constantly monitor access to the platform for unusual activity and report this immediately. We then have the ability to block the malicious actor at both an application and firewall level.; ; We will notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 72 hours after the Provider becomes aware of the breach.
• Incident management type: Supplier-defined controls
• Incident management approach: Each incident is reported using our ticket system and tracked accordingly. After investigation and resolution a report will be provided on a per-issue basis. If there was a wider-spread issue, this will be reported on our web site.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Phishing Tackle are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. ; ; As an equal opportunities employer, we’re committed to creating and ensuring a non-discriminatory and respectful working environment for our staff. We want all our staff to feel confident that they can expose wrongdoing without any risk to themselves.; ; All employment decisions are based on business needs, job requirements and individual qualifications, without regard to gender, race, colour, disability, religion, marital status, family or parental status.; ; Our equality and diversity policy forms part of our employee onboarding process and must be reviewed and accepted by every employee.
• Wellbeing:

  Wellbeing

  At Phishing Tackle we recognise the importance of good mental health and the need for flexibility for our employees. Mindful of this, we offer the option for a hybrid working approach, both working from home and based out of our purpose built, state of the art offices. ; ; Our office environment is conducive to maintaining a healthy and purposeful experience, overlooking the River Ouse and central to leisure and relaxation facilities. We encourage regular breaks both in the home and office working environments.; ; Similarly, we operate a wellbeing platform within our HR system, giving us the ability to create an environment in which every employee feels valued and set up for success.; ; We also stand committed to upholding human rights, including ensuring no-one in our direct operations or extended supply chain or customer base is subjected to modern slavery and human trafficking.; Our core values are premised on integrity, therefore we take adherence to laws, including The Modern Slavery Act 2015 (the Act), seriously and we are fully supportive of initiatives aimed at the eradication of both slavery and human trafficking across the globe. Full details on our Modern Slavery policy can be found on our website:; https://phishingtackle-legal.s3.eu-west-2.amazonaws.com/Phishing+Tackle+Modern+Slavery+Statement+v1.0+-+Confidential.pdf

Pricing

• Price: £3.60 to £7.20 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our 14 day free no-obligation trial allows for the full and unrestricted use of the Phishing Tackle platform. ; ; There is also unlimited access to our team of customer success, technical and security experts to listen to your needs and support you, delivering a high return-on-investment for you during the trial.
• Link to free trial: https://phishingtackle.com/free-trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phishingtackle.com. Tell them what format you need. It will help if you say what assistive technology you use.