Bob's Business Ltd

Cyber Security Awareness Training - Local Government

Bob’s interactive cyber security awareness training teaches employees how to safeguard confidential data. Using bite-sized storytelling, employees can relate to entertaining and memorable characters and scenarios. A range of marketing materials is used alongside the training to reinforce key learning messages, behaviours and cyber vigilance across local governments.

Features

  • Animated, fun and engaging approach to compliance training
  • Mobile, tablet and HTML compatible courses
  • Interactive points and gamification to ensure learner engagement
  • Fully customisable content throughout to reflect policy & procedures
  • Branded to reflect clients corporate branding and instil trust
  • Simple, jargon free, easy to understand, and implement learning points
  • Blended solutions with on/offline resources to reinforce learning
  • SCORM, TIN Can compatable courses available for in-house LMS integration
  • ISO27001, PCIDSS, DPA, PSN Standards complaint content
  • Policy Integration

Benefits

  • Employees able to detect and mitigate security risks
  • Increased awareness leads to higher level of security incidents reported
  • Training can be completed at any time reducing staff downtime
  • Managed service ensures little input is required from client perspective
  • Compliance with industry standards made easy
  • Modular approach ensures learners can complete at their own pace
  • Easy and quick to implement and manage
  • Total awareness solutions with on and offline resources
  • Integration of policies allow users to relate training to roles
  • Comprehensive reporting makes achieving compliance of standards simple

Pricing

£0.50 to £35.00 per person per year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 7 0 9 6 1 5 0 4 9 9 8 7 7 9

Contact

Bob's Business Ltd

M Oldham

0330 058 3009

melanie@bobsbusiness.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
During the subscription term Bob’s Business will take reasonable endeavours to ensure the service is available 24 hours a day, seven days a week, except for when planned maintenance is carried out during the maintenance window of 10.00 pm to 2.00 am UK time. Unscheduled maintenance will be carried out outside of normal business hours, provided that BB has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.

If a buyer is not using active directory they need to ensure data provided is clean to avoid emails being disabled due to poor data.
System requirements
  • HTML 5 compatible up to date Web Browser
  • Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to all support enquiries within 2 hours during the hours of 08:00 and 18:00 Monday to Friday, excluding Bank holidays.

If a support enquiry comes in over the weekend it will be picked up on Monday and actioned within 2 hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat can be accessed through bobsbusiness.co.uk and is accessible on all devices. User can submit a support request and in line with email support, the request will be actioned within 2 hours.
Web chat accessibility testing
None at present
Onsite support
Onsite support
Support levels
All clients are allocated a dedicated account manager who will deal with all support request and escalate this if needed to a higher level of technical support. All support is provided at no extra cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To start the onboarding process Bob's Business will arrange a web demonstration with the client lead and any other relevant people to ensure your staff know how to use the portal including uploading of users, selecting your courses, how to run reports and email templates.

There is also a full set of guides to support the client after the call, that are made available via the learning portal.

We can provide onsite training if needed but the web demonstration is normally sufficient.

The Customer team are on hand to guide you through the process and after.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Clients can request their data at any point during their contract with Bob's Business and up to 30 days after the contract end date. This data can be provided as a .csv, .xlsx or .pdf file.

Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available, including the automated verification from Amazon on AWS destruction.
End-of-contract process
At the end of the contract with Bob's Business, clients cease being able to access the Bob's Business learning modules, and their data becomes available for download.

Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available from LearnUpon, including the automated verification from Amazon on AWS destruction.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile service layout may be different due to physical device properties, and accessibility features are limited by the user device. No specific features are removed between the two services.
Service interface
Yes
Description of service interface
There is a user GUI implemented in each of the Bob's Business learning modules.
Accessibility standards
None or don’t know
Description of accessibility
Users can navigate the Bob's Business learning modules using any of the following: only keyboard, only mouse, assistive device that emulates keyboard or mouse functions, screen reading software that supports HTML 5
Accessibility testing
Testing with users of assistive device and software technology is undertaken for each Bob's Business learning module before it is finalised during production.
API
No
Customisation available
Yes
Description of customisation
Each Bob's Business learning module can be customised for a client to tie the training into the client's policies and process. Client branding can be applied to both the module and Learning Portal.

The customisation is carried out by Bob's Business and clients need to submit an amendment form that details changes they wish to make.

Scaling

Independence of resources
User portals are hosted on Amazon Web Service servers, which provide stability up to a considerably large number of concurrent accesses. Each user has their own "version" of the module which runs independently to the portal, so a theoretically infinite number of users can access the same module at the same time.

Analytics

Service usage metrics
Yes
Metrics types
Reporting functionality on your learning portal is very important as it enables you to access and analyse your data, gather insights and help with decision-making relating to your courses and Learners. Furthermore, your data can be exported and/ or scheduled for automated reporting to chosen stakeholders at regular intervals. Reports can be customized using many different filtering options.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
From the reporting section of the learning platform you can run reports for every user and then export all data via a CSV file.
Data export formats
  • CSV
  • Other
Other data export formats
.pdf
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Bob's Business portal services guarantee a 99.96% uptime for user portals through SLAs. User refunds are reviewed on a case by case basis and would depend on the amount of downtime.
Approach to resilience
Amazon Web Service (AWS) are used. - https://aws.amazon.com/security/?nc1=f_cc
Outage reporting
Service outages are provided by email alerts and will be displayed on the Learning Portal.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Only select Bob's Business personnel have access to user data, and set user administrators only have access to their own user's data on their Bob's Business portal.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
30/03/2018
What the ISO/IEC 27001 doesn’t cover
There is nothing out of scope for ISO 27001.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essetentials
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a full Information Security Management System (ISMS) in line with ISO 27001. Internal and external audits are carried out to ensure policies are followed. The ISMS includes an incident reporting process that feeds into the Risk & Opportunities Treatment Plan and risk assessment.

Incident management policy is in place. All incidents are logged on the incident register and depending on the severity of the risk are escalated to the senior management team. Access controls are in place to ensure staff only have access to the information they need to carry out their day to day role.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All Bob's Business physical hardware that has an effect on IT systems are assigned an asset tag and logged with the current user and recent user history.
We have a full change management process in place and staff requesting a change complete a form which is then reviewed by a senior manager and either approved or decline. This happens prior to any changes put in place and all changes that can affect security are thoroughly tested by our in house security team before being rolled out.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have a Vulnerability and patch management policy in line with ISO 27001. Potential threats to services are assessed by our in house security team, using resources from trusted partners. Patches to Bob's Business services are aimed to be fixed as soon as said patch becomes available and has been tested. Information for potential threats comes from trusted partners including directly from NCSC.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Constant monitoring is carried out by the in house technical team. Bob's Business reviews every compromise on a case by case basis and responses are provided as quickly as is reasonable at the time.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
To Identify, investigate, action and monitor any incidents/non-conformities with the scope of Bob’s Business Ltd Business management system, all identified/reported incidents will be recorded in the issues log. Senior Management will be made aware of all the incidents. The incident management process will be invoked to direct the investigation Evidence will be collected to support incident management including the confiscation of and isolation of data to facilitate further forensic examination if necessary. Action will be taken to prevent recurrence as detailed in the risk assessment plan.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.50 to £35.00 per person per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The free trial consists of a test portal with limited access for users for a set period of 10 days.

Service documents

Return to top ↑