Phishing Tackle Limited

Phishing Tackle Security Awareness Training, Simulated Phishing & Policy Management

UK's leading Security Awareness & Training provider. British multilingual automated training and testing platform, policy management, PhishNet S.O.A.R. tool, and Microsoft Teams Integration. Granular reporting including high risk users, breach data, and training completion statistics. Encompassing a fully managed service saving you time, budget and quickly reducing user risk.

Features

• Managed/Self Managed Automated Phishing Simulation campaigns
• E-Learning Management System (LMS) & Policy Management
• Alarm bell indicators providing instant feedback
• Custom Email/Landing Page/Quiz Templates
• Manage all business units from a single pane-of-glass
• Microsoft Teams Integration
• Microsoft 365 / Active Directory / Google Workspace integration
• British Training Content
• Breach Intelligence Information
• Security Orchestration, Automation & Response (SOAR)

Benefits

• Highly engaging instant security awareness training
• Automated simulated phishing campaigns, set and forget.
• Integration with user directories. eg Microsoft and Google.
• Organisational and individual breach and threat intelligence data.
• Up-to-date UK templates and training.
• Satisfy ISO27001, Cyber Essentials, and other regulatory requirements
• Instantly help build a robust security awareness culture.
• Robust and informative reporting, including organisational return-on-investment.
• Smart Tags enabling dynamic user group creation.
• Dramatically reduced the click-prone risk of your users.

£5.47 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phishingtackle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

539600509336619

Contact

G-Cloud Support Team
+44 (0)330 390 0805
gcloud@phishingtackle.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints.
• System requirements: Compatible with any modern desktop web browser.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our automatic ticket system responds immediately with a receipt confirmation and our average response times are currently less than 1 hour during usual UK business hours and less than 1 minute on live chat.; ; Weekend response times may vary.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None.
• Onsite support: No
• Support levels: We use reasonable endeavours to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:; ; (a) critical: 4 Business Hours;; (b) serious: 8 Business Hours;; (c) moderate: 2 Business Days; and; (d) minor: 5 Business Days.; ; A Customer Success Engineer is assigned to each account.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We allocate a Customer Success Manager for the onboarding process and provide a walk-through of the setting up, configuration and customisation processes.; ; Also available is a fully-managed service where we advise and manage your security awareness training and simulated phishing, on a monthly basis ensuring targeted training where required, increasing training adoption rates and reducing user risk.; ; There is also extensive on-line help available and real-time chat.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users may download their data to external files at any time whilst access is permitted.
• End-of-contract process: Once a contract has concluded, all data is deleted from the system within 7 working days of contract termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: End user training experience is the same on both platforms.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The entire platform can be managed and granular reportiong data can be extracted, via the secure REST API Endpoint.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Look-and-feel including logos, colours, URL, login/logout pages, can all be customised to suit organisational branding, creating a consistent recognised user-experience, which increases user engagement. ; ; Furthermore, having a familiar working environment, supported by British content, helps the security culture with increased adoption, user-satisfaction, and completion of the training content - substantially reducing user-risk.

Scaling

• Independence of resources: We have load-balanced, automated and scalable, enterprise grade infrastructure in place to ensure performance is always optimal.

Analytics

• Service usage metrics: Yes
• Metrics types: Extensive mettrics surrounding user engagement, completion rates and user access activity.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We have extensive export functionality (for example CSV, Excel, PDF etc) either using automation or via our REST API Endpoints.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Excel
  • Word
  • PDF
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We use reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99.9% during each calendar month.
• Approach to resilience: Amazon AWS hosted with multi-site failover.
• Outage reporting: We have constant monitoring of the service with email, SMS and phone call alerts sent to our on-call engineers. ; ; All performance information is available in our public dashboard which can be found at https://support.phishingtackle.com, and also on our Twitter feed. ; ; End-users can also signup to this information for real-time email updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: We also allow for SAML2 authentication.
• Access restrictions in management interfaces and support channels: We provide full Role Based Access Control (RBAC).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Thoropass
• ISO/IEC 27001 accreditation date: April 2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO27001:2022

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; Cyber Essentials Plus; ISO27001:2022
• Information security policies and processes: We work to the ISO27001 standard for all our security policies and processes. This is routinely checked and events recorded as required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any changes to software source code are peer reviewed and deployed to a staging environment for initial testing.; ; Once these tests have been satisfied by the QA/testing team, the new update/releases are deployed to the production environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The core software infrastructure is based on sound industry standards and framework. All security notifications are monitored and assessed on a case-by-case basis.; ; Security Updates will be applied to the platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant update.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We constantly monitor access to the platform for unusual activity and report this immediately. We then have the ability to block the malicious actor at both an application and firewall level.; ; We will notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 72 hours after the Provider becomes aware of the breach.
• Incident management type: Supplier-defined controls
• Incident management approach: Each incident is reported using our ticket system and tracked accordingly, and inline with our ISO27001 processes. After investigation and resolution a report will be provided on a per-issue basis. If there was a wider-spread issue, this will be reported on our web site.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Security awareness and workplace training helps individuals feel more safe when dealing with the increasing threats from cyber security risks, helping improve mental health.; ; Not only does our educational content help within the workplace, but it's also a transferable to aid with personal information security, reducing the risk of becoming a victim of cyber-crime.

Pricing

• Price: £5.47 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our 14 day free no-obligation trial allows for the unrestricted use of the platform. ; ; There is also access to our team of customer success, technical and security experts to listen to your needs and support you, delivering a high return-on-investment during the trial.; ; Enterprise & Educational discounts available.
• Link to free trial: https://phishingtackle.com/free-trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phishingtackle.com. Tell them what format you need. It will help if you say what assistive technology you use.