RESILIA Frontline.

RESILIA Frontline is a suite of online, cyber security e-learning modules designed to educate all staff about cyber risks & the behaviours required to mitigate such risk.

The content is delivered using a 3rd party Learning Management System (Unicorn ltd) accessible via a web browser (


  • Access to full suite of cyber security awareness learning modules
  • Access to a Learning Management System (Unicorn ltd)
  • Real time Management Information (MI) / reporting suite
  • eCreator: built in authoring tool
  • Remote & mobile compatible
  • Pathway / learning programme builder
  • Bulk creation/registration of new users
  • Online knowledgebase for service queries, tutorials and FAQ's
  • Automatic content syndication and staff e-mail reminders


  • Educates all-staff on cyber risks and the required mitigating behaviours
  • Short and concise learning minimises business disrpution
  • GCHQ GCT accredited content
  • Automatic access to latest content refreshed in-line with best practice
  • Innovative and varied content used to maximise learning engagement
  • Dedicated service and support desk
  • Intuitive Learning Management System
  • Regular administrator training sessions are scheduled


£2 to £40 per licence per year

Service documents

G-Cloud 10



Josh Hoare


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The RESILIA Frontline cyber security awareness learning content can be delivered to a buyer for use on a pre-existing learning management system where a buyer already has this software in place
Cloud deployment model Public cloud
Service constraints Web browsers - Microsoft Internet Explorer 9 or later (not run in compatibility mode), Microsoft Edge, latest Google Chrome, Mozilla Firefox and Safari on Windows. Safari on iPad and Chrome on Android tablets.

We also support clients running Citrix environments where we are able to work with your IT team.

Adobe Reader may be required for older browsers when you launch a PDF

JavaScript – Enabled: Cookies- Enabled
System requirements
  • Delivered via a web browser
  • Jave script enabled
  • Cookies enabled
  • Browser privacy setting: medium
  • Browser security settings: medium

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During business hours, Monday to Friday, 9am to 5.30pm (UK) clients can raise service issues by e-mailing the Unicorn Training Helpdesk.

When a support requirement is reported to the Help Desk we notify you to confirm your query has been received and then we allocate a service request log number and a priority (1-5)

P1 - Resolved within 1 Business Day
P2 - Resolved within 2 Business Days
P3 - Resolved 5 Business Days
P4 - Resolved 4 Calendar Weeks
P5 - Resolved 8 Calendar Weeks
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels AXELOS provide account management support for remediation and escalation.

There is a single level of technical support provided; all technical support queries are channelled through the Unicorn dedicated support desk - operational hours Mon-Fri 9 - 5.30 (GMT/BST)

Should users have an issue or query, this should be reported to the Helpdesk via telephone or e-mail. Users need to provide enough information to investigate the issue and, if required, provide assistance to help arrive at a resolution.

Once you have reported an issue to the Helpdesk, we’ll reply to let you know your Unique Ticket ID and the priority level we have given the ticket. The priority level determines how quickly we will resolve your ticket and the 5 priority levels

The helpdesk team provide all areas of technical support required and resource will be allocated in line with the nature of the service issue raised.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Designated system administrators are offered a System Administrator Overview course via WebEx and further training sessions are regularly scheduled, the timetable for which is available for all clients, who can book on at any time.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data from our service can be exported using the reporting system via csv, xls, xlsx, pdf, rtf, mhtml
End-of-contract process Customers have the option before the end of the conctract to extend for a further term, if the customer chooses not to renew their relevant access / accounts & associated data are deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The content is responsive and will scale in line with a mobile device or desktop screen
Accessibility standards None or don’t know
Description of accessibility Reasonable steps have been taken to incorporate current best practices enabling our services to be accessible by as many people as possible, including those with disabilities. These practices include, but may not be limited to:

•Provision of textual versions for all multimedia elements used
•Usable designs with clear and consistent navigational elements, and distinct contrast between text and background colours
•Compliance with latest W3C recommendations for HTML and CSS, including use of semantic web mark-up
•Use of plain English
Accessibility testing For partially sighted users there are features built into operating system and web browser which can provide assistance. All modern web browsers support zooming and Microsoft Windows has a built in magnifier which can be used for zooming in to specific areas of the screen.

Whilst accessibility guidelines are written for websites and we use web technologies to create our eLearning, the interactive nature and rich user experience causes a conflict between offering it with high levels of engaging interactivity and reducing interactivity to make it accessible to everyone. For courses that don’t currently provide accessible features we can offer clients a full textual version of the course on request.
What users can and can't do using the API API can run reports, create users, categorise users, create organisations and create organisation hierarchy. There is also single sign on functionality via SAML or pre-shared key.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Client branding (logo, colour pallet & imaging) can be applied to certain elements of the platform. This will be managed at the implementation stage.

The standard content can not be customised.


Independence of resources Through proactive capacity management, reserving 80% capacity for peak loads


Service usage metrics Yes
Metrics types Administrators will have access to:

A real time management information suite which gives information related to content usage and comprehension (measured through post learning assessments)

A reporting suite compromising pre-built usage reports and a report builder for amending report parameters
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach Offsite backups are encrypted using AES 128 bit encryption and decryption keys are not stored with the backups. Servers are hosted in a secure data centre in a locked cabinet. Only a small number of authorised hosting team members can access the data centre.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All data from our service can be exported using the reporting system via csv, xls, xlsx, pdf, rtf, mhtml
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XLSX
  • PDF
  • RTF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Private WAN service

IDS, log-monitoring, anti-virus, penetration testing, vulnerability scanning

Availability and resilience

Availability and resilience
Guaranteed availability Availability of the LMS is 99.75% based on 24 hours x 365 days, excluding planned or scheduled downtime.

If any interruption of the Availability occurs Unicorn shall investigate and log the event and shall take all reasonable steps in accordance with the Response and Resolution Times to provide a Permanent Fix or a Workaround.

Planned or scheduled downtime does not constitute Downtime.

The Service Credits shall be calculated as a sum equivalent to one days’ worth of Licence Fee over a term of 12 months for Priority 1 and/or Priority 2 Service Failures as set out under paragraph 4 where less than 90% resolution is achieved by Unicorn for these priorities in any three consecutive months, and for the avoidance of doubt no Service Credits shall be payable for Priority 3, 4 or 5 Service Failures. Service credits will also be payable should System Availability fall below 99.75% in any three consecutive months.

Any sums owing to the customer as a Service Credit shall be deducted accordingly from any fees due from the customer under this contract.
Approach to resilience It is a high-availability service with no single point of failure and all equipment is at least n+1 redundant

The data centre is managed by a 3rd party and complies to the following standards:

iso 9001
iso 14001
ohsas 18001
pci dss
eu code of conduct for data centres
Outage reporting Clients are contacted by email

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication SAML, pre-shared key
Access restrictions in management interfaces and support channels Using the in-built security framework
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 15/8/2017
What the ISO/IEC 27001 doesn’t cover The certificate relates to the information security management system, and not to the products of services of the certified organisation.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27001 defined policies

According to the ISO standard

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We operate a change management policy with all major changes subject to the policy, with Executive team oversight
Vulnerability management type Supplier-defined controls
Vulnerability management approach Managed as part of our information security management system and leverages vulnerability scanning tools with our network
Protective monitoring type Supplier-defined controls
Protective monitoring approach Managed as part of our information security management system and uses our IDS and log-monitoring appliances
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Conforms to a recognised standard: ISO 27001 & Part of our information security management system processes

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2 to £40 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer full access for a limited number of users for 14 days.

This is for the purpose of evaluating the platform features and content.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑