Blue Cube Security Ltd

Cynergy Educate

More than 80-% of Cyber Security incidents have a human component our Cynergy Educate solution has been designed to provide and maintain security awareness using the latest technology and artificial intelligence. Importantly the service seeks to grow your team security awareness and maintain them as a knowledgeable line of defence


  • Simulated Phishing fully customisable and track every user action
  • Simulated SMiShing fully customisable and track every user action
  • GCHQ Accredited Security Awareness Training Courses and Videos
  • GCHQ Accredited Cyber & Compliance Knowledge Assessments
  • Risk and Compliance Reporting Suite
  • Outlook Plugin for staff to report phishing emails
  • GCHQ accredited real-time training with SIEM & DLP integration
  • Upload existing security awareness and compliance content


  • Assess staff awareness and susceptibility to phishing emails
  • Assess staff awareness and susceptibility to SMS phishing text messages
  • Assess gaps in staff cyber best practice and compliance knowledge
  • Measure the effectiveness of security awareness training and company culture
  • Reduce the cost of delivering manual security awareness by 44%
  • Meet compliance obligations (GDPR, PCI-DSS, NY DFS, CCPA, POPI Act)
  • Reduce human cyber risks by up 92% within 6-12 months


£2.18 to £13.71 a person a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 8 3 5 9 2 9 6 1 4 5 8 5 9 6


Blue Cube Security Ltd Operational Admin Support
Telephone: 0345 0943070

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Using the latest browser to access our platform and content.
System requirements
  • Use the latest browser when accessing the platform and content
  • Whitelist our email IP addresses to receive test phishing emails
  • Real-Time Training relies on SIEM, DLP or EDR solution
  • SPF record to send phishing emails as clients domain

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1-2 hours during UK business hours Next business day on weekend and bank holidays,
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is accessed through the Support Portal. The support portal is a public facing website which contains access to our Online Help Desk,Web Chat and documentation such as setup guides, videos and forums.
Web chat accessibility testing
Not Known / Not Tracked.
Onsite support
Yes, at extra cost
Support levels
Urgent System Down - The Platform is unavailable to All customers in All Regions Investigation Time 0-30 Min(s) Target Resolution time: 0-1 hour – we will assign as many engineers and/or support staff as needed 24/7 until the problem is resolved. High Functionality of the platform is compromised/certain functions are disabled but the main software remains operable. E.g. Customer is unable to login to the platform. Investigation Time 0-60 Min(s) Target Resolution time 0-1 day – we will assign as many engineers and/or support staff as needed along with the best workaround available. Medium A minor issue which does not affect the customer from performing a task, but rather causes an inconvenience. Investigation Time 0-6 Hour(s) It will be scheduled for the next regular deployment. If not, a correction will be typically provided within a week. Low An issue with negligible impact for the end-user experience/general information requests such as usage and configuration/request for a feature that is deemed non-critical Investigation Time 0-24 Hour(s) The resolution may be made at the discretion of the Provider.
Support available to third parties

Onboarding and offboarding

Getting started
Online Training is provided Demo videos are provided Online support site offers a system setup step by step guide.
Service documentation
Documentation formats
End-of-contract data extraction
They request an extract of their data by sending an email to support

The data will be extracted in CSV or xlsx format
End-of-contract process
The license to the portal will expire and access will no longer be possible.

The portal will be deleted along with all client data within 1 month.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Some courses may not fully render on small form factor devices. Our courses and videos have been designed for mobile.
Service interface
What users can and can't do using the API
We have a REST API that can integrate with HR systems to retrieve results of phishing, training and knowledge assessments into HR or LMS systems.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Customise phishing emails
Customise phishing test instant feedback
Customise cyber and policy knowledge assessments
Customise training courses (additional fees apply)
Customise real-time training to be triggered based on network defenses raising an alarm.


Independence of resources
Our platform automatically scales in response to usage requirements. being built in AZURE means we can scale up and down as required without any impact to any clients. The platform is geo-located in the EU and around the world for throughput, performance and fault tolerance.


Service usage metrics
Metrics types
We record all user activity in phishing tests, training courses and videos, knowledge assessments and if staff report phishing emails to the security team. We see trend information as to has taken the training, who hasn't, by person, office, department, country or business entity. Same applies to knowledge assessments and the results of each question that is asked on the platform, We also record what system the user used when accessing phishing emails in additional what browser version, what IP address they had, what time of day and day of the week it is when they accessed the email.
Reporting types
Real-time dashboards


Supplier type
Reseller providing extra support
Organisation whose services are being resold
Ninjio Vidoes and Intuition Compliance Training courses

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We will deliver the right level of support to accommodate the unique needs of your organization.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All communications between our clients and our frontend portal sites and to our backend services use symmetric cryptography and the https protocol.

We implement Internet Protocol Security (IPsec) Content Security Policy (CSP) is a layer of security to detect/mitigate Cross-Site Scripting (XSS) and data injection attacks.

Anti-forgery tokens are used to prevent CSRF attacks CyberRiskAware utilises many levels of data security to ensure the integrity of our data storage:
• Firewalls & rules
• Secure credential management.
• Data masking.
• Encryption.
• Proactive monitoring and auditing.

We use recognised encryption algorithms like AES.
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Effective support of in-scope Support Services is a result of maintaining consistent service levels. 1.Support Service Availability We will provide online availability to our Services 99.8% (ninety-nine and eight-tenths percent) of the time in any calendar month 2. Service Credits Service Credits are a remedy for any non-performance or non-availability of our Services and/or Support Services under this SLA. “Maximum Available Minutes” is the average number of minutes per month, forty-four thousand (44,000) during a given annual subscription license period. Downtime: The total accumulated Minutes per month, during a given annual subscription license period, in which the Services are unavailable excluding any planned maintenance. A minute is considered unavailable for when there is no external connectivity between Blue Cube and Microsoft’s Internet gateway in Azure. Monthly Uptime Percentage:

The Monthly Uptime Percentage is calculated using the following formula:

Monthly Uptime % = (Maximum Available Minutes-Downtime)/(Maximum Available Minutes) x 100 Service level Credit = A * B Monthly UPTIME

PERCENTAGE SERVICE CREDIT % (A) At Risk Amount per Month (B) <99.8% 10% 10% of (Annual Subscription fee / 12) <99% 25% 25% of (Annual Subscription fee / 12)
Approach to resilience
Our platform is built entirely on the Microsoft AZURE cloud and leverages all aspects of the fault tolerance and resilience that Microsoft has implemented. Our platform is geo-dispersed, including multiple data centres in the EU and UK to comply with system performance and data security requirements. Detailed information can be provided upon request
Outage reporting
We provide email alerts to designated points of content in each client organisation.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
LDAP/ ADFS - Single-Sign on SAML 2.0
Access restrictions in management interfaces and support channels
Authentication obtains unique user credentials and 2FA and validates those credentials. If credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once authenticated, the authorisation process determines what access that identity has to a given resource. Authorisation determines what a user can do based on assigned roles. Our portals are protected by firewalls that help secure the application from SQL injections and Cross-Site Scripting whilst also inspecting responses from back-end servers for Data Loss Prevention (DLP). Account Lockout locks out the user’s account if the user enters a wrong password, a specific number of times.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
LDAP/ADFS Single Sign-on SAML 2.0

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Platform and Content is GCHQ accredited by CIISec

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
All of our security controls have been designed and implemented in accordance with ISO27001 and NIST security frameworks. We are currently in the process of being formally ISO27001 certified in 2020.
Information security policies and processes
Together, the CEO and CTO document and implement all security policies in all areas of the business based on the data we collect and systems we use. All policies are shared with staff and their acknowledgements are tracked on our training platform in addition to tracking all security awareness training to ensure all courses have been completed by all staff members. All staff through their training are aware of their information security roles, responsibilities and obligations. We regularly issue cyber policy and best practice knowledge assessments to assess if staff are aware of the contents in our policies and which processes to follow in the case of a security incident.

Security Policies:- Information Security Policy Document Organization of Information Security Human Resource Security Asset Management Access Control Cryptography Physical and Environmental Security Operations Security Communications Security System Acquisition, Development and Maintenance Supplier Relationships Information Security Incident Management Information Security Aspects of Business Continuity Management Compliance

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We have a mature Software Development Lifecycle in place, aligned with OWASP. All changes are registered, approved by the CTO and tracked in our ticketing system, from start through to completion. Each of our environments is segregated Dev, QA, Pre-Prod and Prod. As part of our ISMS, all risks are recorded and measured on an inherent and residual basis commensurate with the maturity of the controls that are in place tied to each aspect of the asset affected by a change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have daily vulnerability scans running against all of our underlying data stores and AZURE infrastructure that we have used to build our security awareness platform. All results are collected and analyzed by the CTO and the tech team in order to implement any required patch or upgrades upon raising a ticket which will be tracked and approved through to completion. How quick we deploy patches depends on the severity of the vulnerability, the availability of a solution and the impact assessment of when making the change to the system. Typically less than 24-48 hours for critical.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Every user and system activity is logged and continuously monitored for performance and security-related events. Our portals are protected by firewalls that help secure the application by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. It also inspects the responses from the back-end web servers for Data Loss Prevention (DLP). Combined with the isolation and additional scaling provided by the App Environments, our system can withstand malicious requests and high-volume traffic. SQL Databases protect the data through comprehensive auditing and threat detection capabilities.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Security Incident Response Team (SIRT) is established to provide a quick, effective and orderly response to computer-related incidents such as system infections, network breach attempts and break-ins, system service interruptions, data theft, data manipulation and other events with serious information security implications. We have documented incident response plans for Business Continuity and Security incidents that are reported to the SIRT by staff or 3rd parties. In accordance with local compliance requirements we notify any affected party as required by law.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£2.18 to £13.71 a person a year
Discount for educational organisations
Free trial available
Description of free trial
Full service scope can be supplied.

Timescales subject to client requirement

Please request via our website:
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.