KnowBe4: Leading Security Awareness Training & Simulated Phishing for Human Risk in UK Public Sector
KnowBe4: the world's most popular integrated platform for awareness training and simulated phishing attacks.
Blending AI with an expansive, interactive content library (1500+) & phishing templates (20000+), KnowBe4 delivers individualised, interactive & engaging awareness training and simulated phishing, helping users stay vigilant about social engineering. Enterprise reporting, managing human risk.
Features
- Unlimited Phishing Security Tests. Customisable and 20000+ ready built templates
- 1500+ Security Awareness Training Modules - AI-Driven Testing -Training Recommendations
- Full Active Directory Integration & Integration with Egress Email Security
- Monthly Email Exposure Check & Password Checks
- Dynamic Smart User Grouping
- USB Drive Test, QR Testing & Vishing
- Administrator Level Security Roles
- Virtual Risk Officer
- Email client Phish Alert Button
- Mobile App and Enterprise Level Reporting
Benefits
- Dramatically reduce your 'phish prone' user percentage
- Easily train & assess all users on a regular basis
- Centrally manage training & phishing through the console
- Make security awareness part of the culture. Change Your Culture.
- All user relevant cyber security topics covered
- Greatly assists compliance throughout the organisation
- Change users behaviour by changing their mindset
- Employees become part of the 'Human Firewall'
- Greatly reduce the risk to the organisation
- Full GDPR training modules available
Pricing
£7.00 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 9 3 6 8 9 9 3 3 3 1 6 8 2 3
Contact
S3 Ltd
Tony Mason
Telephone: 01628 362784
Email: tony.mason@s3-uk.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- Browser
- Internet Connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
1st point of contact is through the UK where the majority of queries are managed. Escalation to the US based support engineers will then be categorised level 1, 2 and Priority dependent on urgency.
All Support is included in the cost of the subscription, there are no extra charges for support or maintenance. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
A comprehensive onboarding procedure is in place including, administrator training, monthly customer service engineer calls, getting started documentation and hand holding, local UK based first line support and guidance - all included in the price.
Very little configuration is required for this cloud service to be ready to phish and train your users. Just whitelist the KnowBe4 servers and upload your users' email addresses and you are ready! - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- If the customer wishes to terminate the service, their data is first archived and then securely wiped from the KnowBe4 servers on instruction
- End-of-contract process
- All required elements of the service are included in the price. The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew, all data is archived and then securely deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Fully accessible through the mobile browser
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
KnowBe4’s API is a REST API.
KnowBe4’s API feature, allows you to pull data from the KnowBe4 console for reporting purposes. Currently, this feature is limited to allow requests for phishing, user, and group data. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- All email templates are editable as are landing pages. Certain modules of training content can also be customised from within the interface as well as the ability to upload your own content into the KnowBe4 LMS.
Scaling
- Independence of resources
- KnowBe4 uses Amazon Web Services globally for the provision of their service. They have strict SLA's in place to ensure user experience is always optimal. SLA's are available on request.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Reporting on phishing and training as well as a real time view through the administration dashboard.
Enterprise level reporting is available to report on all aspects of a simulated phishing campaign and training campaign. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- KnowBe4
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Exporting data from KnowBe4 by the customer is done in the form of reports on user activity. The customer can upload user data to KnowBe4 either via CSV file or manually or through our Active Directory synchronisation tool.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- Through Active Directory
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.9% uptime guarantee
- Approach to resilience
- AWS load balancing, multi zone, mirrored databases, snapshots, Web app firewall, redundant DNS
- Outage reporting
- Outages reported by email and on status webpage
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Single Sign on SAML with access based on Role.
Administrators of the console can have privileges set according to function. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ANSI-ASQ National Accreditation Board (ANAB) accredited certifier - ISOQAR
- ISO/IEC 27001 accreditation date
- 15th Feb 2022
- What the ISO/IEC 27001 doesn’t cover
- .
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 11-12-2018
- CSA STAR certification level
- Level 4: CSA C-STAR Assessment
- What the CSA STAR doesn’t cover
- Unknown
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- GDPR Compliant
- US-EU / US-Swiss Privacy Shield certified
- https://www.knowbe4.com/security
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
CISO - Brian Jack
There are a large number of formal processes followed in the KnowBe4 data security strategy, including Incident Response Plan, Build Process Automation, authentication, audits etc. To view further details: https://www.knowbe4.com/security
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Changes are approved, peer reviewed, tested, and put onto staging environments. QA tests changes in staging and approves for production. Changes deployed to production - Use Jira and git repositories
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Annual, Quarterly, and Monthly security scans and reviews and testing. Vulnerability scans, risk assessments and other configuration and security testing.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Centralized logging with alerts and dashboards. Anomaly detection and daily/weekly/monthly reviews
- Incident management type
- Supplier-defined controls
- Incident management approach
- Based on alerts, we investigate and follow our IR procedures. Notifications to customers within 48 hours.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Please see KnowBe4 website for information & awards:
https://www.knowbe4.com/sustainability-knowbe4
https://www.knowbe4.com/careers/sustainabilityTackling economic inequality
Please see KnowBe4's website for ethical business trading statements:
https://www.knowbe4.com/code-of-ethical-business-conductEqual opportunity
Please see KnowBe4's website for employee codes of conduct
https://www.knowbe4.com/code-of-ethical-business-conductWellbeing
Please see KnowBe4's website for employee benefits around the world
https://www.knowbe4.com/careers/benefits
Pricing
- Price
- £7.00 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A limited time period trial is available for a proof of concept by the prospective buyer. A S3 engineer would set this up and walk the buyer through usage. Contact S3, Security Software Solutions Ltd sales@s3-uk.com
- Link to free trial
- Sales@s3-uk.com