Khipu Networks Limited

Proofpoint Security Awareness Training

Proofpoint Security Awareness Training helps you deliver the right
training to the right people at the right time. It turns your end users into
a strong last line of defense in identifying cyber attacks and protecting
your organisation.


  • Threat Sim Phishing Simulations
  • Cyber Strength Knowledge Assessments
  • Interactive Training Modules
  • Customisation Centre
  • Security Awareness Materials
  • Phish Alarm Button (End User Email Reporting)
  • Phish Alarm Analyzer (Abuse Mailbox Automation)
  • Reporting Dashboards
  • Auto Enrolment


  • Assess susceptibility to phishing and measure risk
  • Measure understanding of critical cybersecurity topics and track progress
  • Customizable cybersecurity content covers a broad range of security risks
  • Edit pre-existing content to increase relevance to audience
  • Library of videos, posters and articles to embed security culture
  • Lets users report suspicious messages with a single mouse click
  • Prioritizes reporting phishing emails and improves incident response
  • Identify vulnerable users and track training progress
  • Automatically enroll users who need training into relevant courses


£25.55 a user

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 6 3 7 5 2 9 7 5 2 5 9 6 9 7


Khipu Networks Limited Sales Team
Telephone: 0345 272 0900

Service scope

Software add-on or extension
Cloud deployment model
Community cloud
Service constraints
System requirements

User support

Email or online ticketing support
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Not applicable for the service.
Support available to third parties

Onboarding and offboarding

Getting started
For the delivery of the service, KHIPU follows our ‘Project Process’ which has the following primary stages:

• Stage 1 – Service scope
• Stage 2 – Assessment
• Stage 3 – Report correlation.

This process is KHIPU’s way of providing an effective service to implement your solution efficiently and to a high standard, in accordance with our ISO accreditations. Initially, we will set up a call to discuss the implementation of your service, what will take place, and any pre-requisites that need to be met. This will also provide end-users with the opportunity to speak to one of our fully qualified engineers who will discuss all aspects of the of the service and answer any questions that they may have. A set of project and technical documentation is then created, based upon the discussion. It is then circulated with the customer for their feedback and signature. From this point there is an agreed change control process for anything necessary which is under the control of both KHIPU and the customer.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In the event that the customer has decided to not renew the service, they will be assisted in downloading their data. This data will be presented in CSV format.
End-of-contract process
Software licenses end on the expiration date of the license term.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There is no difference between the mobile and desktop services.
Service interface
User support accessibility
None or don’t know
Description of service interface
Administrators can connect to an admin GUI to configure settings.
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
Access is via a web browser, so standard web browser accessibility options apply.
What users can and can't do using the API
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
Each service that KHIPU provide to its customers are separate dedicated services which have guaranteed performance levels unaffected by other users/customers.


Service usage metrics


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Proofpoint Inc.

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
The Security Awareness Training utilises HTTPS/TLS for Data in Transit and AES 256 (2048 bits) for Data at Rest. The service is hosted within a Proofpoint-managed AWS instance.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The service would export all customer related data and provide it securely to the end user.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Proofpoint has documented information security program consisting of policies, procedures and standards that aligns with the requirements of NIST 800-53 and ISO 27001. The program is owned by the Proofpoint Global Information Security group, and includes a continuous monitoring program consisting of monthly and quarterly evidence collection and review, and an annual SOC 2 Type II audit of the program.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Policies, procedures, and standards comprising the Proofpoint information security program are reviewed and updated annually by the Proofpoint Global Information Security group and approved by the Proofpoint CFO.

Availability and resilience

Guaranteed availability
The service is run at an agreed time with the customer on a 24*7*365(6) schedule. This service has a targeted 99.9% availability on a quarterly basis, excluding scheduled maintenance windows. In the event that KHIPU does not meet the guaranteed levels of availability, service credits are issued in the form of “service tokens”. A service token entitles the user to call upon the professional services of KHIPU Networks for work outside of their standard maintenance contract. Service credits are issued and discussed during quarterly service review meetings, based upon the number of failures in the prior quarter. Up to 5 service credits are capped per quarter for each end-user.
Approach to resilience
This information is available upon request.
Outage reporting
The service reports any outages via email alerts and telephone calls.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
SSO Authentication – A trust relationship between the Security Education Platform and a customer’s SSO server would need to be enabled. Once this is set up, all user authentication is then routed through the customer. This has been implemented with a plethora of SSO servers, including ADFS and Okta implementations.

Ticket-Based Authentication – Only end users may access the Security Education Platform via ticket-based authentication. End users may access the training modules via a specific URL which may be embedded in an assignment or reminder email notification sent from the Platform.
Access restrictions in management interfaces and support channels
All access to the production environment, where services are hosted, is granted based on role and occurs via an encrypted two-factor authenticated VPN.
Access restriction testing frequency
At least every 6 months
Management access authentication
Description of management access authentication
Proofpoint personnel are authenticated to the Proofpoint production environment using Proofpoint's AD infrastructure. Customer personnel are authenticated against the customer's AD infrastructure or SSO, as describe above.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date
Original Approval: 6th May 2010, Current Expiry: 5th May 2025
What the ISO/IEC 27001 doesn’t cover
All areas of KHIPU's business is covered under ISO27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NIST 800-53
Information security policies and processes
KHIPU adhere to best practice information security standards related to the products and services we provide. These are then linked to our ISO processes and regularly internally and externally audited. We are certified to ISO9001 (Quality Management) and ISO27001 (Information Security Management). The Board of Directors (“the Board”) is ultimately accountable for corporate governance as a whole. The management and control of information security risks is an integral part of corporate governance. In practice, however, the Board explicitly delegates executive responsibilities for most governance matters to the Executive Directors, led by the Chief Executive Officer (CEO). The Executive Directors give overall strategic direction by approving and mandating the information security principles and axioms but delegate operational responsibilities for physical and information security to the Security Committee (SC) chaired by the Chief Information Officer (CIO). The Executive Directors depend heavily on the SC to coordinate activities throughout KHIPU, ensuring that suitable policies are in place to support KHIPU’s security principles and axioms. The Executive Directors also rely on feedback from the SC, CIO, ISM, auditors, Risk Management, Compliance, Legal and other functions to ensure that the principles, axioms and policies are being complied-with in practice.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to the configuration of the service are managed through a change control process. This looks at technical suitability, security risks and impact to service; the output from which is clearly communicated to the customer where the ultimate decision will be made to proceed or not. This takes into account any commercial considerations necessary and provides an audit trail, ensuring that all aspects of the change are considered.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We work closely with the manufacturers of the deployed services to ensure that any reported/disclosed vulnerabilities are patched during the next maintenance window. Should a major flaw occur, an emergency change process would be invoked to patch the service within 48 hours. In the event that multiple vulnerabilities become apparent, they will be addressed in severity order (highest first), until all are mitigated.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are detected via various means including monitoring tools, manual check, service degradation, reported issues and regular vulnerability assessments. In the event of a suspected compromise, they are acted upon with high priority until they are proven to be benign or corrective action is needed to be taken to mitigate the problem. Immediate responses are provided if an issue appears to be critical within the end users’ environment. These procedures are in line with our ISO27001 processes.
Incident management type
Supplier-defined controls
Incident management approach
As part of our support/managed service procedure, the customer is provided with full details of how to log a support call, including all logging methods and the required information for the servicedesk. Once the call has been logged, it is then managed by the team under the servicedesk based on severity (major issue = service affecting, minor issue = query). All service affecting calls are escalated accordingly to the 2nd/3rd line teams including the assigned account and technical manager. Escalations procedures are provided.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

KHIPU is committed to monitoring and reducing our environmental footprint. We are an ISO14001 Environmental Management certified company and complete an internal audit twice a year which provide updated targets for our company and supply chain to aim for.

We update our initiatives on our website:

Employees and our supply chain are made aware / reminded of their environmental impact.

We regularly review our products, services and suppliers to ensure we are using the most suitable environmentally friendly options.

KHIPU and our supply chains are committed to minimising impact to the environment from our solutions by reusing, recycling and adopting processes that conserve raw material, energy and water.

The company is part of a movement called “techies go green” (, aimed at increasing awareness and we are committed to decarbonising our businesses and making them green and verifiably sustainable.

Where possible we work with customers remotely to reduce travel costs and for each day an engineer installs / supports a customer remotely we plant 10 trees and have planted over 4800 trees to date:
Covid-19 recovery

Covid-19 recovery

Our plans and processes provide mitigation against a wide range of potential incidents including the unforeseen events mentioned.

The procedures have been regularly tested both theoretically and in real events. In 2017 we activated the plans as part of an office relocation, we had no loss of services or unexpected downtime.

More recently we activated our Pandemic Policy which was created during the original SARS threat. This policy was activated on the 9th March 2020 across our UK and South Africa offices in advance of the UK and SA Government lockdown. We successfully had 98% of staff working from home, 2% of staff worked in our UK office.

The business managed to offer and operate the majority of our services remotely. We continued to provide on-site resources to customers running critical life supporting systems (i.e. Healthcare / Social Services).

Since the removal of lockdown restrictions, we have moved to a hybrid operation where staff aim for a minimum of 3 days in the office, 2 working remotely. KHIPU invested in a new HQ building during 2021-2022 and modelled our offices to support the most flexible ways of working.
Tackling economic inequality

Tackling economic inequality

As a business we understand we can make a difference to tackle economic inequality, KHIPU is fortunate to operate in the Technical Business Sector which is a robust market. This allows the company to invest into our workforce, both in terms of relatively high salaries and also support services (pension contributions, healthcare, dental care, welfare support, regular health checks, training, team building, career options).

We offer flexi-time to the workforce, offer hybrid working, provide a very good maternity / paternity scheme, invest in apprentices and also graduates and have workforce age from ~19 – 70 years of age. Over 40% of our senior staff identify as female and we support all of our staff in any way we can. We allow parents to bring children to the office, we’ve previously invested in a trained nanny / creche to provide options to new families.

Outside of our business KHIPU invests into charitable causes, we have invested in building a computer laboratory in a township school in South Africa. We invest in youth sports and various health related charities.
Equal opportunity

Equal opportunity

KHIPU has a strong ethos on diversity and inclusion with our main objective being that our company and staff understands and promotes equality, diversity and inclusivity internally and externally with suppliers and customers.

We have not set any specific target, however we have found that our organisation has organically grown in a manner fully supportive of our main objective for equality, diversity and inclusivity.

This organically grown culture exists across our UK and South Africa based offices, we also ask our supply chain to confirm their commitment to supporting our own objective in this manner.


KHIPU has a very active “People Operations” department with representatives across our main offices in the UK and South Africa. They provide a wide range of help and support to all staff, including their families as appropriate. Our team are trained first aiders and also have received mental health awareness training. All staff have access to our internal support team and can also be referred to 3rd party experts (via our company-wide healthcare scheme). The company invests in an annual health check (optional but recommended for all staff) by a 3rd party company, this also offers advice on mental health, fitness, diet etc.

The company has invested in excellent office facilities, both in terms of general office location and facilities within our offices. This allows staff multiple options for stress reduction, teamwork or relaxation as required. We suggest that all staff walk around and do not sit too long at their desks, offer stand-up desk workstations and we try to cater for any staff members working preferences.


£25.55 a user
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.