TheTechForce Limited

Culture AI Phishing, Training & SaaS monitoring - Human Risk Management

CultureAI provides a phishing reporting tool that integrates seamlessly into email clients like Outlook and Gmail, enabling one-click phishing report submissions across desktop, web, and mobile platforms.

CultureAI boosts phishing visibility and response with one-click reporting, seamless integration with security tools, unified user experience, and automated communications to inform employees.

Features

• One-click phishing report submission across all devices and platforms.
• Real-time reporting of phishing incidents for immediate action.
• Seamless integration with Outlook, Gmail on desktop, web, mobile.
• Automated communications to update and thank reporting employees.
• Enriched reporting with risk insights for accurate triage.
• Central triage center for prioritizing and investigating reports.
• Customizable automated workflows for efficient phishing management.
• Remote access to phishing reports for flexible response.
• Push reports to existing security tools
• Unified user experience, reducing training needs and enhancing adaptability.

Benefits

• Quickly report phishing from any device, enhancing security responsiveness.
• Streamlines incident response with integrated real-time phishing data analysis.
• Simplifies user adoption with consistent interface across all platforms.
• Boosts security team efficiency with automated risk insight reports.
• Encourages employee participation through easy-to-use reporting mechanisms.
• Reduces IT workload with automated report processing and responses.
• Enhances decision-making with centralized, prioritized phishing incident visibility.
• Facilitates remote phishing management, ensuring flexibility and mobility.
• Integrates smoothly with existing systems, minimizing implementation effort.
• Strengthens organizational security posture by accelerating phishing detection and response.

£36 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jai@techforce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

935620352734205

Contact

Jai Aenugu
01224516181
jai@techforce.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: NO
• System requirements:
  • Internet Browser
  • Internet Connection
  • Headphones - Optional

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4 hours between 9am-5pm UK time Mon-Fri
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by the Culture.Ai team. All Support is included in the cost of the subscription, there are no extra charges for support or maintenance.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A comprehensive onboarding procedure is in place including, administrator training, monthly customer service engineer calls, getting started documentation and hand holding, local UK based first line support and guidance - all included in the price. Onsite administrator training can be provided at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: You can download the report data as CSV files. If the customer wishes to terminate the service, their data is first archived and then securely wiped from the KnowBe4 servers on instruction.
• End-of-contract process: The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew, all data is archived and then securely deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Accessible through the mobile browser.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Users can customize CultureAI by configuring automated communications, selecting integration options with existing tools, and tailoring report triage processes.

Scaling

• Independence of resources: Strict SLA's in place to ensure the user experience is always optimal. SLA's are available on request.

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting on phishing and training as well as a real-time view through the administration dashboard accessed via the Internet Browser.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Culture.AI - all services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Exporting data by the customer is done in the form of reports on user activity. The customer can upload user data to either via CSV file or manually or through our Active Directory synchronisation tool.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% uptime guarantee
• Approach to resilience: Load balancing, multi-zone, mirrored databases, snapshots, Web app firewall, redundant DNS
• Outage reporting: Outages reported by email and on the status webpage

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We enforce strict access restrictions in management interfaces and support channels. Through Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA), only authorized personnel with specific permissions can access sensitive functions. Support staff are granted minimal access based on the principle of Least Privilege. Detailed audit trails monitor all activities, and regular access reviews ensure alignment with business needs. These measures tightly control access, mitigating the risk of unauthorized entry and data breaches.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CultureAI adheres to stringent information security policies and processes to ensure the utmost protection and compliance with global standards. Our security measures are designed around the principles of data confidentiality, integrity, and availability.; ; At the heart of our security approach is the robust access control system, which ensures that only authorized personnel have access to sensitive data, strictly based on their operational roles. We employ advanced encryption for data at rest and in transit, alongside comprehensive security assessments including penetration testing to pre-emptively identify and rectify vulnerabilities.; ; To guarantee policy adherence, we conduct regular training for all employees emphasizing the importance of security, detailing our specific policies, and explaining the consequences of non-compliance. An internal audit team performs periodic checks to ensure consistent policy enforcement and compliance with regulatory requirements.; ; CultureAI's commitment to security is aligned with international standards such as ISO/IEC 27001 and the GDPR. Our proactive approach includes a designated Data Protection Officer who oversees compliance, manages data protection measures, and serves as a liaison with regulatory authorities.; ; Our incident response protocol outlines clear steps for handling and reporting security incidents to minimize impact and ensure transparency. CultureAI protects user data against cyber threats, maintaining trust and compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CultureAI employs a rigorous configuration and change management approach. We maintain a detailed inventory of all service components in a centralized database, tracking each through its lifecycle, from deployment to decommission. Changes are systematically documented and reviewed.; ; Assessing Changes for Security Impact:; ; Impact Analysis: Every proposed change undergoes a thorough security impact analysis to identify potential risks.; Review Process: A specialized security team reviews these impacts, considering dependencies and the broader system environment.; Testing: Changes are tested in a controlled environment to ensure they do not compromise security before being applied to the live system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual, Quarterly, and Monthly various security scans and reviews and testing. Vulnerability scans, risk assessments and other configuration and security testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CultureAI's protective monitoring approach employs advanced detection systems to continuously monitor for unusual activities signaling potential compromises. Our systems use real-time analytics and threat intelligence to identify suspicious behavior swiftly.; ; Upon detecting a potential compromise, our incident response team is alerted immediately. This team evaluates the severity, contains the threat, and initiates remediation processes to mitigate any damage. We aim to respond to incidents within minutes of detection.; ; We follow a structured protocol that includes notifying affected parties and regulatory bodies as required, ensuring compliance with legal obligations and maintaining transparency with our users.
• Incident management type: Supplier-defined controls
• Incident management approach: Standard Operating Procedures (SOPs): We've developed SOPs for common security events like phishing, unauthorized access, and data breaches to ensure consistent, efficient responses.; ; User Incident Reporting:; Users report incidents via support email, a hotline, or directly through our secure platform tool. We offer guidance and support through trained personnel.; ; Incident Reporting:; We promptly acknowledge reports, provide regular updates during resolution, and issue detailed final reports outlining the incident, impact, actions taken, and preventative recommendations. This method ensures effective incident management and maintains user trust.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  CultureAI contributes to wellbeing by promoting a healthy work culture through its AI-driven solutions, fostering employee engagement, and enhancing mental health awareness in the workplace.

Pricing

• Price: £36 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Complete features of the platform for a limited number of days.; Contact us below.
• Link to free trial: https://techforce.co.uk/contact

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jai@techforce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.