S3 Ltd

KnowBe4 - Security Awareness Training & Simulated Phishing Platform

KnowBe4 is the world's most popular integrated platform for awareness training combined with simulated phishing attacks.
On-demand, interactive, engaging training with over 300 course modules available. Fully automated simulated phishing attacks, hundreds of templates with unlimited usage.
Enterprise-strength reporting, showing stats and graphs for both training and phishing.


  • Unlimited Phishing Security Tests
  • Phish Alert Button
  • Full Active Directory Integration
  • Monthly Email Exposure Check
  • EZXploit - “Automated Human Pentesting”
  • USB Drive Test
  • Vulnerable Browser Plugin Detection
  • Social Engineering Indicators
  • Over 300 Security Awareness Training Modules
  • Enterprise Level Reporting


  • Dramatically reduce your 'phish prone' user percentage
  • Train & Assess all users
  • Centrally manage training & phishing through the console
  • Make awareness part of the culture
  • All types of phishing and ransomware covered
  • Greatly assists compliance throughout the organisation
  • Change users behaviour by changing their mindset
  • Employees become part of the 'Human Firewall'
  • Greatly reduce the risk to the organisation


£3.33 to £23.75 per user per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9


S3 Ltd

Tony Mason



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Browser
  • Internet Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Same day response, 8am-6pm UK time Mon-Fri
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels 1st point of contact is through the UK where the majority of queries are managed. Escalation to the US based support engineers will then be categorised level 1, 2 and Priority dependent on urgency.

All Support is included in the cost of the subscription, there are no extra charges for support or maintenance.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A comprehensive onboarding procedure is in place including, administrator training, monthly customer service engineer calls, getting started documentation and hand holding, local UK based first line support and guidance - all included in the price
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction If the customer wishes to terminate the service, their data is first archived and then securely wiped from the KnowBe4 servers on instruction
End-of-contract process The subscription, training, documentation, support and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew all data is archived and then securely deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Full accessible through the browser
Accessibility standards None or don’t know
Description of accessibility Accessible solely through a browser.
Accessibility testing None
Customisation available Yes
Description of customisation All email templates are editable as are landing pages. The training content is not directly customisable


Independence of resources KnowBe4 uses Amazon Web Services globally for the provision of their service. They have strict SLA's in place to ensure user experience is always optimal. SLA's are available on request.


Service usage metrics Yes
Metrics types Reporting on phishing and training as well as a real time view through the administration dashboard
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold KnowBe4

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Exporting data from KnowBe4 by the customer is done in the form of reports on user activity. The customer can upload user data to KnowBe4 either via CSV file or manually or through our Active Directory synchronisation tool
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Through Active Directory

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% uptime guarantee
Approach to resilience AWS load balancing, multi zone, mirrored databases, snapshots, Web app firewall, redundant DNS
Outage reporting Outages reported by email and on status webpage

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Single Sign on SAML with access based on Role
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes CISO - Brian Jack

There are a large number of formal processes followed in the KnowBe4 data security strategy, including Incident Response Plan, Build Process Automation, authentication, audits etc. To view further details: https://www.knowbe4.com/security

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are approved, peer reviewed, tested, and put onto staging environments. QA tests changes in staging and approves for production. Changes deployed to production - Use Jira and git repositories
Vulnerability management type Supplier-defined controls
Vulnerability management approach Annual, Quarterly, and Monthly various security scans and reviews and testing. Vulnerability scans, risk assessments and other configuration and security testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Centralized logging with alerts and dashboards. Anomaly detection and daily/weekly/monthly reviews
Incident management type Supplier-defined controls
Incident management approach Based on alerts, we investigate and follow our IR procedures. Notifications to customers within 48 hours.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3.33 to £23.75 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A limited time period trial is available for a proof of concept by the prospective buyer. A KnowBe4 engineer would set this up and walk the buyer through usage. The trial is the full product, with restrictions only based upon the number of users.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑