LOCKDOWN CYBER SECURITY LIMITED

Online Security Awareness Training

We provide Security Awareness and Compliance elearning training solutions that include: Security First Solutions, a multilingual off-the-shelf packaged security awareness program, CyQ™ Cybersecurity Assessment tool, PhishProof™ phishing simulation software, Content integration, and a fully hosted web-based eLearning course delivery and tracking system using the iLMS (Inspired eLearning Management System).

Features

• Computer based Security Awareness Training
• Simulated Phishing Assessments
• Real time Reporting
• Policy Acceptance functionality
• Spaced Learning Automation
• Phishing Reporting function

Benefits

• Accessible through any device
• Automated Reporting
• Automated Training Pathway and Phishing Simulations
• Improvement of Security Awareness Culture
• Evidence & Demonstrate Compliance
• Simulates real world attack scenarios

£10 to £20 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at william@lockdowncybersecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

914232921084941

Contact

William Taaffe
07850983666
william@lockdowncybersecurity.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our services are designed to be as accessible as possible, with 24-hour email support available every day of the year to ensure that help is always at hand. Similarly, our phone support offers a ‘follow the sun’ approach, meaning that customers can get assistant over the phone at any time of the day.
• System requirements:
  • Recent version of Internet browser
  • JavaScript must be enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all inquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries. Currently, all severity of tickets are answered under the 2 hour timeframe.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is a general technical support which is comprised a technical account manager & support specialist. Support is included within the purchase of a licence
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Dedicated account manager performs onboarding, which can be completed through a spreadsheet, or via Active Directory integration. ; ; User documentation can be provided or accessed through the website.; ; Deployment guide is provided; ; Technical training is offered through Account Manager
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data (Transcripts and Phishing reports) are exported from the reporting tool (Statzen)
• End-of-contract process: At the end of a contract data is exported and sent back to the client. The instance is deprovisioned and access rescinded. 60 days (unless otherwise contracted) after contract expiration, all data is purged.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences to the service between the mobile and desktop versions of the software
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API can be used to provision/deprovision/update user accounts, perform enrollments, and pull reporting information among other things outlined at the URL provided.; ; https://support.inspiredelearning.com/help/ilms-api-documentation
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Learning path, Phishing Simulations, reporting functionality, Logo and brand colour scheme

Scaling

• Independence of resources: Scalable Amazon AWS infrastructure is used for resource and availability

Analytics

• Service usage metrics: Yes
• Metrics types: Course completion metrics ; Licence utilisation metrics; Phishing susceptibility; Learner login; Policy acceptance reporting
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Inspired e-Learning

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported through the reporting tool Statzen, or delivered via API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • RTF
  • XML
  • HTML
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.5% uptime ; ; There have never been instances of downtime over the last twenty years which may have led to compensation.
• Approach to resilience: Available on request
• Outage reporting: Public dashboard and email alerts through consent mechanism

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All users must have an active account to gain access. Access is restricted through deactivation of the user account
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Chase Payment Tech (Cyber Source)
• PCI DSS accreditation date: 2023
• What the PCI DSS doesn’t cover: Anything non-credit card would not be relevant
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2
• Information security policies and processes: Policies are reported and followed through an Information Security Management System.; ; Information Security team and SOC report on policies and controls to head of Information Security

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change Management is the process for consistently documenting, recording, reviewing, testing and approving changes to IS. This policy provides a required framework for executing this process to minimise the risk of business interruption, inaccurate reporting and lost data and/or assets resulting from undesired or defective changes made to ZD IS. The policy also requires that changes are communicated effectively to Stakeholders, are accepted and followed by Stakeholders and are documented in a manner to provide adequate audit trail for compliance with external regulations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our information security personnel depend on various sources regarding security vulnerability announcements such as CVE’s, US-Cyber Security notifications (US-Cert), National vulnerability database, and vendor specific related security bulletins.; When information about a new vulnerability is discovered, it is analysed, and a recommendation is made based on the following factors:; • Risk exposure; • The Impact; • Cost to deploy; • Availability of patches and\or workarounds
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A “defense in depth” strategy is followed, including, network layer defenses such as network firewalls, Web Application Firewalls, Intrusion Detection Systems (“IDS”), Intrusion Prevention Systems (“IPS”), as well as Endpoint-level protection, multifactor authentication, utilizing strong passwords, security groups, permissions, and access control lists.; ; Websites and firewalls must be configured to protect against Denial of Service, Distributed Denial of Service (DDoS) attacks and protection from Bot-based unauthorized access attempts.; ; • Either NIPS (Network Intrusion Prevention Systems) & HIPS (Host-based Intrusion Prevention Systems), or NIDS (Network Intrusion Detection Systems) & HIDS (Host-based Intrusion Detection Systems) must monitor activity on a real-time basis.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: After the Information Security Department Lead has been notified the Intake information is used to perform an initial analysis and (1) determine whether the occurrence may be an actual “Incident” as defined in our documentation and then preliminarily classify the prioritization level of the Information Security Incident based upon the guidelines. A report containing the following areas is produced following an event:; • Analyzing the root cause of the Information Security Incident to identify what happened, how it happened, and why it happened.; • Confirming that remedial measures were taken.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Inspired e-learning are committed to operating sustainably and limiting any damaging effects our operations may have on climate change, even as our direct operations generate relatively insubstantial greenhouse gas emissions. Our actions include:; ; Receiving validation of our science-based greenhouse gas emissions reduction targets from the Science Based Targets initiative; Performing an annual GHG inventory process using an independent third-party expert to measure our company-wide energy usage (including energy derived from renewable sources) and GHG emissions; Continuing our ongoing efforts to reduce the emissions generated in our operations to become more efficient and ensure our services are delivered sustainably; Integrating environmental risk evaluation criteria, including climate change, into the due diligence process for mergers and acquisitions; Extending our Climate Change and Environmental policies to our vendors, whom we expect to aspire to our company’s own standards

Pricing

• Price: £10 to £20 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provision a full instance of an environment with of 30 days access, which is rescinded after the trial period ends. This includes a complete environment of the solution and its features

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at william@lockdowncybersecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.