MONDAS CONSULTING LTD

KnowBe4 Security Awareness Training Licences

Purchase KnowBe4 Security Awareness Training licences to upskill your staff by utilising the KnowBe4 AI powered security awareness training and phishing simulations, to protect against Cyber Security threats. The KnowBe4 tool can be purchased in silver, platinum, gold or diamond. Our SOC team can run regular KnowBe4 exercises.

Features

• Complete Security Awareness Training package through KnowBe4
• Includes KnowBe4 bespoke phishing test campaigns
• Increase User Awareness of common cyber attack types
• KnowBe4 training available for phishing prone employees
• Monthly Security Awareness Training report via KnowBe4 portal
• Real-time Security Awareness Training dashboards via KnowBe4 portal

Benefits

• KnowBe4 will increase your security against cyber attacks
• Train your staff to be more cyber aware with KnowBe4
• Create an a positive cyber security culture
• Monitor Security Awareness Training campaign effectiveness
• KnowBe4 can measure Security Awareness Training improvements
• KnowBe4 will identify users who are susceptible to phishing emails

£500 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at george@mondas.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

847398928887744

Contact

George Eastman
07738619533
george@mondas.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None.
• System requirements: None.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24x7x365. All tickets will be responded to within 15 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Utilising Teams, Skype and Slack
• Onsite support: Onsite support
• Support levels: Our support is available 24x7x365 with a 15 minute response time and tiered remediation and resolution times based on the priority of the incident. Full details can be seen in the SLA document. All support levels are included within the service price. A service delivery manager and technical account manager are provided for all services. A cloud support engineer can be available on request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All users will receive documentation on how to start using the service. Online training can be given to new starters upon request or on site training can be offered at an additional charge.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data can be extracted at the end of the contract in a RAW format.
• End-of-contract process: At the end of the contract we can assist with the decommissioning of the service or handing over to a new incoming supplier. We will also ensure all data is securely downloaded to the clients local systems if required. Any cloud stored data will be securely deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Users can access the service interface through a web application portal.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Utilising Teams, Skype and Slack
• API: Yes
• What users can and can't do using the API: All our system data can be accessed via a REST API.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can create custom dashboards and reports for their service and integrate with their relevant security stack.

Scaling

• Independence of resources: Each customer has a dedicated cloud instance for their service.

Analytics

• Service usage metrics: Yes
• Metrics types: Typical service metrics include monthly data consumption, event per second (EPS) & total number of licenses used.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: KnowBe4

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export can be requested through our ticketing system.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XML
  • RAW
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XML
  • RAW

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are agreed prior to any contract commencement and are dependent on the tiered support level purchased by the user. If availability falls below the service metric defined within the SLA a refund is given as a service credit against future invoices.
• Approach to resilience: Our service is purpose built to be resilient, details on this can be provided upon request.
• Outage reporting: Outages are reported via an email alert or a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: RBAC is implemented for all users who are able to access the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 30/08/2022
• What the ISO/IEC 27001 doesn’t cover: None.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CHECK
  • CREST

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials & Cyber Essentials+
• Information security policies and processes: We have a full set of ISO27001 approved security policies and processes which can be provided upon request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have clearly defined ITIL approved process in place for configuration and change management. Full details can be provided upon request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We run weekly vulnerability scans to assess potential threats. Patches are typically deployed within 48 hours of a low or medium vulnerability being discovered. For high or critical vulnerabilities, patches will be deployed as a matter of urgency.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a 24x7 SOC team who monitor our internal and our clients services for signs of compromise. Incidents are discovered real time and responded to within 15 minutes.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow ITIL defined controls for incident management and have internal policies and processes in place. Tickets can be reported via phone, email or ticketing systems.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Mondas is committed to achieving Net Zero emissions by 2030. ; ; In order to continue our progress to achieving Net Zero, we have adopted the following carbon reduction targets.; ; We project that carbon emissions will decrease over the next five years to 0 tCO2e by 2030, with our initial target to have reduced emissions by 7CO2e in the 1st financial year. We are also currently scoping initiatives to become Carbon neutral by offsetting our emissions by sponsoring verified carbon projects funding the plantation of trees.; ; Completed Carbon Reduction Initiatives:; ; The following environmental management measures and projects have been completed or implemented since the 2022 – 23 baseline.; ; - Continuation of virtual meetings using Google Meet; - Energy reduction program – switch off policy, what runs, runs when needed only; - Employees given options for flexible working model to reduce accommodation requirements

  Covid-19 recovery

  We are committed to building back from the COVID-19 pandemic in a way that prioritizes the well-being of our community and fosters a more just and resilient society. We recognize the social and economic hardships caused by the pandemic, and we believe recovery efforts must address these challenges head-on.; Our core social values in COVID-19 recovery are:; - Inclusive Growth: We will create opportunities for everyone to participate in the economic recovery, with a focus on supporting those disproportionately affected by the pandemic, such as unemployed individuals, minority groups, and small businesses.; - Mental & Physical Health: We will prioritise the mental and physical health of our community by promoting healthy workplaces, providing access to mental health resources, and supporting initiatives that reduce the burden on healthcare systems.; - Building Resilience: We will invest in programs and infrastructure that strengthen our community's ability to withstand future crises. This includes fostering social cohesion, promoting sustainable practices, and creating a skilled workforce prepared for a changing world.; We will achieve these goals by:; - Employment and Training: Offering job training programs, creating new employment opportunities, and prioritising hiring from underrepresented communities.; - Community Support: Providing resources and assistance to vulnerable populations, including mental health services, food banks, and childcare support.; - Adapting Work Practices: Encouraging flexible work arrangements, promoting safe workplaces, and adopting sustainable commuting options.; - Investing in Innovation: Supporting research and development initiatives that address public health needs and build a more resilient future.; We believe that a socially responsible approach to COVID-19 recovery is not only ethical but also good business. By prioritising social value, we can build a stronger, more equitable, and more prosperous community for all.

  Tackling economic inequality

  Mondas are registered national living wage employers. Mondas recognises that recompense for work should allow those working for or with Mondas to a decent standard of living without dependence on outside subsidies.; ; Mondas recognises that payment of the living wage gives a variety of benefits which may include:; ; - Staff retention and reduced turnover;; - Increased employee engagement;; - Reduced absenteeism;; - Increased commitment to the organisation;; - Ethical employment practices; and; - A contribution to reduction in poverty affording people the opportunity to provide for themselves and their families.

  Equal opportunity

  Mondas is an equal opportunities employer. We treat our people fairly and equally and are committed to promoting equal opportunities in employment. We want you to work in an environment which embraces diversity and is free from discrimination and harassment. ; ; We believe that all our employees have something to contribute to the overall success of the business and that this can be achieved through our encouragement and support. In partnership with employees and our leaders, we will continue our journey to develop a culture that upholds the benefits of diversity and inclusion so that in years to come our business will physically reflect and represent a more diverse and inclusive workforce from the top down. Our strategy includes some amazing initiatives in respect of disability, ethnic minorities, gender, LGBT+ and mental health.

  Wellbeing

  Mondas is committed to promoting and supporting the wellbeing of all of its employees, to create an inclusive culture which focuses on prevention, and where issues are identified, minimized and managed before they have a detrimental impact on employees. ; Mondas recognises that around approach to employee wellbeing can: ; - Raise awareness and provide guidance on issues relating to health and wellbeing in recognition of Mondas’ role in improving employees health ; - Encourage the adoption of a proactive approach to prevent and minimize the risks associated with poor health and wellbeing within the workforce; - Create a supportive environment that enables employees to be proactive in supporting their own health and wellbeing; ; - Support an improvement in the engagement score for Health and wellbeing in the Staff Survey. ; - Foster a thriving workforce, which can deliver on its objectives; ; - Achieve increased employee engagement, productivity, retention and recruitment;; - Reduce stigma against wellbeing issues, and overall reduced sickness absence, presenteeism and leavism. ; All matters relating to an employee’s wellbeing will be treated in confidence, except where it may be necessary to break confidentiality to preserve the wellbeing of employees.; Mondas recognises that the diversity of its workforce may give rise to different wellbeing needs.; Mondas is committed to ensuring that employees have access to a variety of support services and will signpost to appropriate professional help. ; Mondas recognises that the environmental conditions in which employees work may have an impact on their wellbeing. ; Where employee wellbeing issues remain unresolved, employees are encouraged to contact HR. ; Mondas recognises that wellbeing issues may lead to time off from work, however it will endeavor to support employees staying in work, if it is agreed that it is in their best interests to do so.

Pricing

• Price: £500 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A full featured proof of concept can be run over a 4 week period.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at george@mondas.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.