Cyber Security Awareness Training - Local Government
Bob’s interactive cyber security awareness training teaches employees how to safeguard confidential data. Using bite-sized storytelling, employees can relate to entertaining and memorable characters and scenarios. A range of marketing materials is used alongside the training to reinforce key learning messages, behaviours and cyber vigilance across local governments.
- Animated, fun and engaging approach to compliance training
- Mobile, tablet and HTML compatible courses
- Interactive points and gamification to ensure learner engagement
- Fully customisable content throughout to reflect policy & procedures
- Branded to reflect clients corporate branding and instil trust
- Simple, jargon free, easy to understand, and implement learning points
- Blended solutions with on/offline resources to reinforce learning
- SCORM, TIN Can compatable courses available for in-house LMS integration
- ISO27001, PCIDSS, DPA, PSN Standards complaint content
- Policy Integration
- Employees able to detect and mitigate security risks
- Increased awareness leads to higher level of security incidents reported
- Training can be completed at any time reducing staff downtime
- Managed service ensures little input is required from client perspective
- Compliance with industry standards made easy
- Modular approach ensures learners can complete at their own pace
- Easy and quick to implement and manage
- Total awareness solutions with on and offline resources
- Integration of policies allow users to relate training to roles
- Comprehensive reporting makes achieving compliance of standards simple
£0.50 to £35.00 per person per year
- Education pricing available
- Free trial available
Bob's Business Ltd
0330 058 3009
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
During the subscription term Bob’s Business will take reasonable endeavours to ensure the service is available 24 hours a day, seven days a week, except for when planned maintenance is carried out during the maintenance window of 10.00 pm to 2.00 am UK time. Unscheduled maintenance will be carried out outside of normal business hours, provided that BB has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.
If a buyer is not using active directory they need to ensure data provided is clean to avoid emails being disabled due to poor data.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
We aim to respond to all support enquiries within 2 hours during the hours of 08:00 and 18:00 Monday to Friday, excluding Bank holidays.
If a support enquiry comes in over the weekend it will be picked up on Monday and actioned within 2 hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web chat can be accessed through bobsbusiness.co.uk and is accessible on all devices. User can submit a support request and in line with email support, the request will be actioned within 2 hours.|
|Web chat accessibility testing||None at present|
|Onsite support||Onsite support|
|Support levels||All clients are allocated a dedicated account manager who will deal with all support request and escalate this if needed to a higher level of technical support. All support is provided at no extra cost.|
|Support available to third parties||Yes|
Onboarding and offboarding
To start the onboarding process Bob's Business will arrange a web demonstration with the client lead and any other relevant people to ensure your staff know how to use the portal including uploading of users, selecting your courses, how to run reports and email templates.
There is also a full set of guides to support the client after the call, that are made available via the learning portal.
We can provide onsite training if needed but the web demonstration is normally sufficient.
The Customer team are on hand to guide you through the process and after.
|End-of-contract data extraction||
Clients can request their data at any point during their contract with Bob's Business and up to 30 days after the contract end date. This data can be provided as a .csv, .xlsx or .pdf file.
Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available, including the automated verification from Amazon on AWS destruction.
At the end of the contract with Bob's Business, clients cease being able to access the Bob's Business learning modules, and their data becomes available for download.
Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available from LearnUpon, including the automated verification from Amazon on AWS destruction.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The mobile service layout may be different due to physical device properties, and accessibility features are limited by the user device. No specific features are removed between the two services.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Users can navigate the Bob's Business learning modules using any of the following: only keyboard, only mouse, assistive device that emulates keyboard or mouse functions, screen reading software that supports HTML 5|
|Accessibility testing||Testing with users of assistive device and software technology is undertaken for each Bob's Business learning module before it is finalised during production.|
|Description of customisation||
Each Bob's Business learning module can be customised for a client to tie the training into the client's policies and process. Client branding can be applied to both the module and Learning Portal.
The customisation is carried out by Bob's Business and clients need to submit an amendment form that details changes they wish to make.
|Independence of resources||User portals are hosted on Amazon Web Service servers, which provide stability up to a considerably large number of concurrent accesses. Each user has their own "version" of the module which runs independently to the portal, so a theoretically infinite number of users can access the same module at the same time.|
|Service usage metrics||Yes|
|Metrics types||Reporting functionality on your learning portal is very important as it enables you to access and analyse your data, gather insights and help with decision-making relating to your courses and Learners. Furthermore, your data can be exported and/ or scheduled for automated reporting to chosen stakeholders at regular intervals. Reports can be customized using many different filtering options.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||From the reporting section of the learning platform you can run reports for every user and then export all data via a CSV file.|
|Data export formats||
|Other data export formats|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Bob's Business portal services guarantee a 99.96% uptime for user portals through SLAs. User refunds are reviewed on a case by case basis and would depend on the amount of downtime.|
|Approach to resilience||Amazon Web Service (AWS) are used. - https://aws.amazon.com/security/?nc1=f_cc|
|Outage reporting||Service outages are provided by email alerts and will be displayed on the Learning Portal.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Only select Bob's Business personnel have access to user data, and set user administrators only have access to their own user's data on their Bob's Business portal.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||30/03/2018|
|What the ISO/IEC 27001 doesn’t cover||There is nothing out of scope for ISO 27001.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We have a full Information Security Management System (ISMS) in line with ISO 27001. Internal and external audits are carried out to ensure policies are followed. The ISMS includes an incident reporting process that feeds into the Risk & Opportunities Treatment Plan and risk assessment.
Incident management policy is in place. All incidents are logged on the incident register and depending on the severity of the risk are escalated to the senior management team. Access controls are in place to ensure staff only have access to the information they need to carry out their day to day role.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All Bob's Business physical hardware that has an effect on IT systems are assigned an asset tag and logged with the current user and recent user history.
We have a full change management process in place and staff requesting a change complete a form which is then reviewed by a senior manager and either approved or decline. This happens prior to any changes put in place and all changes that can affect security are thoroughly tested by our in house security team before being rolled out.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||We have a Vulnerability and patch management policy in line with ISO 27001. Potential threats to services are assessed by our in house security team, using resources from trusted partners. Patches to Bob's Business services are aimed to be fixed as soon as said patch becomes available and has been tested. Information for potential threats comes from trusted partners including directly from NCSC.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Constant monitoring is carried out by the in house technical team. Bob's Business reviews every compromise on a case by case basis and responses are provided as quickly as is reasonable at the time.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||To Identify, investigate, action and monitor any incidents/non-conformities with the scope of Bob’s Business Ltd Business management system, all identified/reported incidents will be recorded in the issues log. Senior Management will be made aware of all the incidents. The incident management process will be invoked to direct the investigation Evidence will be collected to support incident management including the confiscation of and isolation of data to facilitate further forensic examination if necessary. Action will be taken to prevent recurrence as detailed in the risk assessment plan.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.50 to £35.00 per person per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The free trial consists of a test portal with limited access for users for a set period of 10 days.|