Skip to main content

Help us improve the Digital Marketplace - send your feedback

S3 Ltd

KnowBe4: Leading Security Awareness Training & Simulated Phishing for Human Risk in UK Public Sector

KnowBe4: the world's most popular integrated platform for awareness training and simulated phishing attacks.
Blending AI with an expansive, interactive content library (1500+) & phishing templates (20000+), KnowBe4 delivers individualised, interactive & engaging awareness training and simulated phishing, helping users stay vigilant about social engineering. Enterprise reporting, managing human risk.

Features

  • Unlimited Phishing Security Tests. Customisable and 20000+ ready built templates
  • 1500+ Security Awareness Training Modules - AI-Driven Testing -Training Recommendations
  • Full Active Directory Integration & Integration with Egress Email Security
  • Monthly Email Exposure Check & Password Checks
  • Dynamic Smart User Grouping
  • USB Drive Test, QR Testing & Vishing
  • Administrator Level Security Roles
  • Virtual Risk Officer
  • Email client Phish Alert Button
  • Mobile App and Enterprise Level Reporting

Benefits

  • Dramatically reduce your 'phish prone' user percentage
  • Easily train & assess all users on a regular basis
  • Centrally manage training & phishing through the console
  • Make security awareness part of the culture. Change Your Culture.
  • All user relevant cyber security topics covered
  • Greatly assists compliance throughout the organisation
  • Change users behaviour by changing their mindset
  • Employees become part of the 'Human Firewall'
  • Greatly reduce the risk to the organisation
  • Full GDPR training modules available

Pricing

£7.00 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 9 3 6 8 9 9 3 3 3 1 6 8 2 3

Contact

S3 Ltd Tony Mason
Telephone: 01628 362784
Email: tony.mason@s3-uk.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Browser
  • Internet Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
1st point of contact is through the UK where the majority of queries are managed. Escalation to the US based support engineers will then be categorised level 1, 2 and Priority dependent on urgency.

All Support is included in the cost of the subscription, there are no extra charges for support or maintenance.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A comprehensive onboarding procedure is in place including, administrator training, monthly customer service engineer calls, getting started documentation and hand holding, local UK based first line support and guidance - all included in the price.
Very little configuration is required for this cloud service to be ready to phish and train your users. Just whitelist the KnowBe4 servers and upload your users' email addresses and you are ready!
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
If the customer wishes to terminate the service, their data is first archived and then securely wiped from the KnowBe4 servers on instruction
End-of-contract process
All required elements of the service are included in the price. The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew, all data is archived and then securely deleted.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Fully accessible through the mobile browser
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
KnowBe4’s API is a REST API.
KnowBe4’s API feature, allows you to pull data from the KnowBe4 console for reporting purposes. Currently, this feature is limited to allow requests for phishing, user, and group data.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
All email templates are editable as are landing pages. Certain modules of training content can also be customised from within the interface as well as the ability to upload your own content into the KnowBe4 LMS.

Scaling

Independence of resources
KnowBe4 uses Amazon Web Services globally for the provision of their service. They have strict SLA's in place to ensure user experience is always optimal. SLA's are available on request.

Analytics

Service usage metrics
Yes
Metrics types
Reporting on phishing and training as well as a real time view through the administration dashboard.
Enterprise level reporting is available to report on all aspects of a simulated phishing campaign and training campaign.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
KnowBe4

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Exporting data from KnowBe4 by the customer is done in the form of reports on user activity. The customer can upload user data to KnowBe4 either via CSV file or manually or through our Active Directory synchronisation tool.
Data export formats
  • CSV
  • Other
Other data export formats
Pdf
Data import formats
  • CSV
  • Other
Other data import formats
Through Active Directory

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% uptime guarantee
Approach to resilience
AWS load balancing, multi zone, mirrored databases, snapshots, Web app firewall, redundant DNS
Outage reporting
Outages reported by email and on status webpage

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Single Sign on SAML with access based on Role.
Administrators of the console can have privileges set according to function.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ANSI-ASQ National Accreditation Board (ANAB) accredited certifier - ISOQAR
ISO/IEC 27001 accreditation date
15th Feb 2022
What the ISO/IEC 27001 doesn’t cover
.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
11-12-2018
CSA STAR certification level
Level 4: CSA C-STAR Assessment
What the CSA STAR doesn’t cover
Unknown
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • GDPR Compliant
  • US-EU / US-Swiss Privacy Shield certified
  • https://www.knowbe4.com/security

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
CISO - Brian Jack

There are a large number of formal processes followed in the KnowBe4 data security strategy, including Incident Response Plan, Build Process Automation, authentication, audits etc. To view further details: https://www.knowbe4.com/security

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are approved, peer reviewed, tested, and put onto staging environments. QA tests changes in staging and approves for production. Changes deployed to production - Use Jira and git repositories
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Annual, Quarterly, and Monthly security scans and reviews and testing. Vulnerability scans, risk assessments and other configuration and security testing.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Centralized logging with alerts and dashboards. Anomaly detection and daily/weekly/monthly reviews
Incident management type
Supplier-defined controls
Incident management approach
Based on alerts, we investigate and follow our IR procedures. Notifications to customers within 48 hours.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Please see KnowBe4 website for information & awards:
https://www.knowbe4.com/sustainability-knowbe4

https://www.knowbe4.com/careers/sustainability

Tackling economic inequality

Please see KnowBe4's website for ethical business trading statements:
https://www.knowbe4.com/code-of-ethical-business-conduct

Equal opportunity

Please see KnowBe4's website for employee codes of conduct

https://www.knowbe4.com/code-of-ethical-business-conduct

Wellbeing

Please see KnowBe4's website for employee benefits around the world
https://www.knowbe4.com/careers/benefits

Pricing

Price
£7.00 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A limited time period trial is available for a proof of concept by the prospective buyer. A S3 engineer would set this up and walk the buyer through usage. Contact S3, Security Software Solutions Ltd sales@s3-uk.com
Link to free trial
Sales@s3-uk.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.