Digi2al Limited

Simulated Phishing Awareness Platform

Phishing is the most common cyber attack. Our phishing awareness platform creates user resilience and drives awareness by simulating and testing real phishing, (spearphishing and whaling). Including phishing user testing, training & education modules, with detailed reporting and metrics on phishing vulnerability. User cyber security behaviour training is GDPR compliant.


  • A fully SaaS phishing platform
  • Email and SMS simulated phishing
  • Training modules available for those who click
  • The latest phishing templates available


  • Mitigate risk of phishing attacks on your network
  • Staff training to reduce human error
  • Measure and quantify user resilience to phishing attacks
  • Protection against attack vectors like ransomware and credential collection
  • Agile approach to phishing awareness and vulnerabilities


£2.10 to £7.00 per unit per year

  • Education pricing available

Service documents

G-Cloud 10


Digi2al Limited

Digi2al HQ

020 3282 7875


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Web Browser
  • Email Accounts

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 working day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The platform can be used with little support, as a self-service offering. Alternatively, we have consultants who can supply setup and deployment expertise at a standard day rate.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Documentation is provided with the platform, and our consultants can offer on site or remove webinars and tutorials.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Users can export their data to a CSV at any time
End-of-contract process All data extraction is included in the cost. After the contract ends, all recorded data will be removed from the platform.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Functionality is the same
Accessibility standards WCAG 2.0 AAA
Accessibility testing N/A
Customisation available Yes
Description of customisation The platform can be whitelabeled by the buyer or admin.


Independence of resources The platform has multiple instances running and can be scaled according to the load, ensuring that all users have consistent access.


Service usage metrics Yes
Metrics types We provide real time dashboards for all campaigns, and reports at the end of the campaign on request
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Clicking a button on the manage campaign page will export all data to a CSV
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The platform guarantees 99.9% uptime. We refund accounts which do not experience this level of service via credit.
Approach to resilience Information available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Permissions are set up rigorously so that only the relevant parties have account access. Support staff have limited access to view accounts to troubleshoot.
Access restriction testing frequency At least once a year
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We use the latest security best practice and ethical hackers to ensure that our processes and proceedures are resiliant.
Information security policies and processes A security expert is on the board of the company, and all deployments to the platform are checked by an ethical hacker.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a strict deployment procedure and deployments are checked by an ethical hacker.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We make extensive use of an ethical hacker who researches the latest threats and applies known vulnerabilities to the platform to ensure that it is resilient.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We run automated scanners against our systems and use an ethical hacker. Whenever a vulnerability is discovered we patch it immediately and notify our users via email alerts. We respond to all suspected breaches within 24hrs.
Incident management type Supplier-defined controls
Incident management approach Users report incidents using an in-platform communication tool. Any incidents that are reported go straight to our incident response team, and users are notified by email if they have been affected in any way.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.10 to £7.00 per unit per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑