ITHQ LTD

uSecure - Human Risk Management

ITHQ provides uSecure's Training and Awareness Platform which focuses on reducing the Human Risk Factor in cybersecurity through integrated policy management, breach intelligence, phishing simulations, and comprehensive reporting for compliance. It educates employees, reinforces policies, and tests readiness, equipping a well-prepared workforce to combat evolving cyber threats.

Features

• Automated training programmes
• Video & interactive training and awareness courses
• Custom course builder (LMS)
• Automated phishing simulations
• Readily-made template library
• Custom spear-phishing campaigns
• Centralised policy library
• Readily-made policy templates
• eSign approval tracking
• Continuous dark web monitoring

Benefits

• Elevates employee understanding of cybersecurity threats and best practices.
• Significantly lowers risk factors through targeted educational initiatives.
• Simplifies adherence to legal and regulatory requirements effortlessly.
• Employees react faster and more accurately to phishing attempts.
• Reduced downtime by preempting cyber incidents through training.
• Tailor training to meet specific departmental security needs.
• Access training modules and policy updates from any location.
• Tracks compliance, training, and policy adherence automatically.
• Easily update and implement security policies across the organisation.
• Credential Leak Alerts on breaches to prompt timely password updates.

£1.50 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

466974707515909

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Requires internet access
• System requirements: All environments can be supported

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 9:00 AM - 5:00 PM Monday-Friday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Mon - Fri 8am - 5pm
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data export tools within the platform.
• End-of-contract process: At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Customisation will be discussed and agreed as part of a Scope of Works document with ITHQ around the integration with external systems and any customised reporting or alerting required by customers.

Scaling

• Independence of resources: Services are hosted on a public cloud that can easily and immediately scale to meet demand. Each customer has their own instance and can be provisioned as needed to comply with performance objectives.

Analytics

• Service usage metrics: Yes
• Metrics types: Details of training statistics.; Details of phishing simulation results.; Real-time exposure dashboard.; Track policy views and eSign approvals.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: USecure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using the data export tool available in the platform.
• Data export formats: Other
• Other data export formats: Xlsx
• Data import formats: Other
• Other data import formats: Xlxs

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As with all SaaS solutions the expectation is that access is unrestricted and built on highly-available public cloud platforms in order to provide high levels of uptime.
• Approach to resilience: Available on request
• Outage reporting: Via status pages available for real-time enquiries as well as e-mail alerts for any preventative maintenance outages that may be required.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users / groups will be able to access the management interface or support portals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: USecure: A company with Cyber Essentials certification, in short, has demonstrated that its systems have been designed and verified to keep sensitive data secure.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: USecure implement a variety of security measures and processes to protect your personal information. All information you provide is transmitted via Transport Layer Security (TLS) and stored securely by our third-party providers. Only authorized personnel are allowed access to the data and required to keep the information confidential.; ; https://www.usecure.io/en/security-measures
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability Scanning - Vulnerability scans are performed internally and at least quarterly. Independent vulnerability scans are performed by a third-party vendor at least quarterly.; • Penetration Testing - External penetration testing is performed by an independent third-party at least annually.; ; https://www.usecure.io/en/security-measures
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: https://www.usecure.io/en/security-measures
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are documented, including steps to contain the issue, root cause analysis, long term solutions, and related evidence and communications. High severity incidents require an analyst to determine the root cause and changes are recommended to eliminate the incident from reoccurring.; ; https://www.usecure.io/en/security-measures

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme called Life In IT in South East England. Life In IT allows us to recondition tech devices donated from businesses headed for disposal and pass them on to local non- profit organisations that put them to great use. Schools in particular are now benefitting from free technology that creates fresh learning opportunities through increased access to education platforms for more students.

  Equal opportunity

  ITHQ runs a corporate social responsibility programme called Life In IT in South East England. Life In IT allows us to recondition tech devices donated from businesses headed for disposal and pass them on to local non- profit organisations that put them to great use. Schools in particular are now benefitting from free technology that creates fresh learning opportunities through increased access to education platforms for more students.

Pricing

• Price: £1.50 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trial of the full platform for a limited number of users and a limited time.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.