Grant Thornton UK LLP

Grant Thornton - Cyber Training and Awareness

Grant Thornton's information security training goes to the heart of cyber resilience. Our online training modules are flexible and can be tailored to your employees' needs. They can supplement your existing information security training or be used to create a comprehensive cyber security awareness training programme for all employees.

Features

Learning Management System (LMS) with 15 GCHQ certified training modules
Modules covering cyber security, GDPR, cyber-enabled fraud and more
Real-world examples, animations, games and quizzes
Online training platform hosting bespoke content and material
Schedule and monitor training courses over time
Set training reminders and provide management reporting
Attendees receive a cyber fundamentals handbook
Instructor-led training on-site available, if required

Benefits

Employees are aware of threats and risks to their activities
Training and awareness reduce employee errors
Promotion of consistent education to become more cyber resilient
Increase compliance with data protection regulations
Helps to protect your company’s reputation and brand

£30 to £50 a user a year

Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.bids@uk.gt.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

Grant Thornton UK LLP Public sector bids team
Telephone: 0207 728 3311
Email: publicsector.bids@uk.gt.com

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: None
System requirements: Firefox (latest)

Chrome (latest) Windows/Android tablets

Edge (latest)

Safari (latest) Windows/Mac/iPad

User support

Email or online ticketing support: Email or online ticketing
Support response times: Response times vary from 1 hour (Priority 1) to 1 Business Day (Priority 4)
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: Support levels as described in the service overview doc link below: https://pages.theaccessgroup.com/rs/302-WOS-863/images/successsupport2017_access_brochure_printableversion.pdf
Support available to third parties: No

Onboarding and offboarding

Getting started: Training for administrators is provided via webinar. Support for administrators is then provided continually via an online help portal, regular blogs and public webinars. This is all in line with various levels of support plan from FOC minimal contact, online only to full premium service named support and customer success management - providing a personalised service
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: We can provide user data at the end of the contract in line with GDPR.
End-of-contract process: At the end of a contract, all user and learning data can be exported and provided. Data disposal and confirmation can be provided aligned to GDPR guidance and data protection laws.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The content automatically scales to fit various screen sizes, and has been optimised to be compatible with mobile device use (Phone or tablet). The LMS is accessible through a mobile device using an adaptive display model. A number of companion apps are available which are developed specifically for mobile devices.
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: Public API's are available and are typically used for reporting functionality to access the data held.
API documentation: Yes
API documentation formats: Other
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Users can add their own training modules and link to company policy documents.

Scaling

Independence of resources: Through proactive capacity management, reserving 80% capacity for peak loads

Analytics

Service usage metrics: Yes
Metrics types: We can provide statistics and data from the usage of the system down to specific user usage against specific activities
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: AXELOS

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Data is exported via the reporting function, and available in .csv or .xlsx file format.
Data export formats: CSV

Other
Other data export formats: Xls

Xlsx

Rich text in some circumstances
Data import formats: CSV

Other
Other data import formats: Xls

Xlsx

Rich text in some circumstances

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Full SLA available via below link: https://help.unicornlms.com/hc/en-us/articles/115004592789-Service-Level-Agreement-SLA-
Approach to resilience: Available on request
Outage reporting: We have a portal with a dashboard (privately accessed) and e-mail alerts

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Users are set with specific roles within the organisation governed within the LMS. Different roles provide different views and access privileges.
Access restriction testing frequency: At least every 6 months
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Lloyds Risk Quality Assurance
ISO/IEC 27001 accreditation date: 28/06/2015
What the ISO/IEC 27001 doesn’t cover: Audit and Tax services
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: We have been certified under the Cyber Essentials Plus scheme by a CREST (Council of Registered Ethical Security Testers) approved organisation
Information security policies and processes: Grant Thornton operate a framework of Information Systems (IS) Security policies. These policies include a risk assessment for threats to Information Security. The policies are published internally for the guidance of all employees and reviewed on a quarterly basis.

We employ a full-time IS Security Manager, who is responsible for the co-ordination of our IS Security policies, network, data security and incident management. Any updates are processed through out Change and Release Management (CARM) process. They are also reviewed and proved by the National Director of Information Systems

We have been certified under the Cyber Essentials Plus scheme by a CREST (Council of Registered Ethical Security Testers) approved organisation.

Grant Thornton maintains ongoing compliance with the ISO27001:2013 certification for Information Security Management Systems

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Grant Thornton have implemented a Change and Release Management (CARM) process, based on the ITIL Service standard that complies with best practice.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: The external network is subject to monthly vulnerability testing, or in response to specific threats, using a CREST accredited third party. Where a high-level vulnerability is identified, the Incident Management process is utilized to quickly resolve the issue and identify any security breaches. The results of each scan are recorded within the IS Service desk system and reviewed by the senior IS Managers to organise the resolution of any identified issues. All remediation is conducted through the Change And Release Management (CARM) process.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: All network events are recorded for use as part of an investigation in the event of an incident. Systems administrators monitor firewall and security software for alerts and respond accordingly. Network logs are maintained as part of the IS Security controls and the Document Management System logs all account activity within an audit log that is inviolate which can only be accessed by the systems administrator.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Incident Management procedures have been implemented as part of both the ISO 20000 and 27001 certifications. All people can report Information Security incidents through the IS Service desk or Grant Thornton House main reception which is supported by the Grant Thornton facilities provider on a 24-hour basis.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Pricing

Price: £30 to £50 a user a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: A limited free trial is available on request which gives full content and LMS access. Typically this is available for 5-days but this can be extended on request.

Service documents

Request an accessible format

Cookies on Digital Marketplace

Grant Thornton - Cyber Training and Awareness

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents