Bob's Business Ltd

Cyber Security Awareness Training - Local Government

Bob’s interactive cyber security awareness training teaches employees how to safeguard confidential data. Using bite-sized storytelling, employees can relate to entertaining and memorable characters and scenarios. A range of marketing materials is used alongside the training to reinforce key learning messages, behaviours and cyber vigilance across local governments.


  • Animated, fun and engaging approach to compliance training
  • Mobile, tablet and HTML compatible courses
  • Interactive points and gamification to ensure learner engagement
  • Fully customisable content throughout to reflect policy & procedures
  • Branded to reflect clients corporate branding and instil trust
  • Simple, jargon free, easy to understand, and implement learning points
  • Blended solutions with on/offline resources to reinforce learning
  • SCORM, TIN Can compatable courses available for in-house LMS integration
  • ISO27001, PCIDSS, DPA, PSN Standards complaint content
  • Policy Integration


  • Employees able to detect and mitigate security risks
  • Increased awareness leads to higher level of security incidents reported
  • Training can be completed at any time reducing staff downtime
  • Managed service ensures little input is required from client perspective
  • Compliance with industry standards made easy
  • Modular approach ensures learners can complete at their own pace
  • Easy and quick to implement and manage
  • Total awareness solutions with on and offline resources
  • Integration of policies allow users to relate training to roles
  • Comprehensive reporting makes achieving compliance of standards simple


£0.50 to £35.00 per person per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Bob's Business Ltd

M Oldham

0330 058 3009

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints During the subscription term Bob’s Business will take reasonable endeavours to ensure the service is available 24 hours a day, seven days a week, except for when planned maintenance is carried out during the maintenance window of 10.00 pm to 2.00 am UK time. Unscheduled maintenance will be carried out outside of normal business hours, provided that BB has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.

If a buyer is not using active directory they need to ensure data provided is clean to avoid emails being disabled due to poor data.
System requirements
  • HTML 5 compatible up to date Web Browser
  • Internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond to all support enquiries within 2 hours during the hours of 08:00 and 18:00 Monday to Friday, excluding Bank holidays.

If a support enquiry comes in over the weekend it will be picked up on Monday and actioned within 2 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat can be accessed through and is accessible on all devices. User can submit a support request and in line with email support, the request will be actioned within 2 hours.
Web chat accessibility testing None at present
Onsite support Onsite support
Support levels All clients are allocated a dedicated account manager who will deal with all support request and escalate this if needed to a higher level of technical support. All support is provided at no extra cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To start the onboarding process Bob's Business will arrange a web demonstration with the client lead and any other relevant people to ensure your staff know how to use the portal including uploading of users, selecting your courses, how to run reports and email templates.

There is also a full set of guides to support the client after the call, that are made available via the learning portal.

We can provide onsite training if needed but the web demonstration is normally sufficient.

The Customer team are on hand to guide you through the process and after.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Clients can request their data at any point during their contract with Bob's Business and up to 30 days after the contract end date. This data can be provided as a .csv, .xlsx or .pdf file.

Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available, including the automated verification from Amazon on AWS destruction.
End-of-contract process At the end of the contract with Bob's Business, clients cease being able to access the Bob's Business learning modules, and their data becomes available for download.

Upon termination of service, provided data will be flagged for deletion which will happen automatically at the end of the data retention process above. It can also be done manually, by request. Destruction certificates are available from LearnUpon, including the automated verification from Amazon on AWS destruction.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service layout may be different due to physical device properties, and accessibility features are limited by the user device. No specific features are removed between the two services.
Accessibility standards None or don’t know
Description of accessibility Users can navigate the Bob's Business learning modules using any of the following: only keyboard, only mouse, assistive device that emulates keyboard or mouse functions, screen reading software that supports HTML 5
Accessibility testing Testing with users of assistive device and software technology is undertaken for each Bob's Business learning module before it is finalised during production.
Customisation available Yes
Description of customisation Each Bob's Business learning module can be customised for a client to tie the training into the client's policies and process. Client branding can be applied to both the module and Learning Portal.

The customisation is carried out by Bob's Business and clients need to submit an amendment form that details changes they wish to make.


Independence of resources User portals are hosted on Amazon Web Service servers, which provide stability up to a considerably large number of concurrent accesses. Each user has their own "version" of the module which runs independently to the portal, so a theoretically infinite number of users can access the same module at the same time.


Service usage metrics Yes
Metrics types Reporting functionality on your learning portal is very important as it enables you to access and analyse your data, gather insights and help with decision-making relating to your courses and Learners. Furthermore, your data can be exported and/ or scheduled for automated reporting to chosen stakeholders at regular intervals. Reports can be customized using many different filtering options.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach From the reporting section of the learning platform you can run reports for every user and then export all data via a CSV file.
Data export formats
  • CSV
  • Other
Other data export formats .pdf
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Bob's Business portal services guarantee a 99.96% uptime for user portals through SLAs. User refunds are reviewed on a case by case basis and would depend on the amount of downtime.
Approach to resilience Amazon Web Service (AWS) are used. -
Outage reporting Service outages are provided by email alerts and will be displayed on the Learning Portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Only select Bob's Business personnel have access to user data, and set user administrators only have access to their own user's data on their Bob's Business portal.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 30/03/2018
What the ISO/IEC 27001 doesn’t cover There is nothing out of scope for ISO 27001.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essetentials
  • Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a full Information Security Management System (ISMS) in line with ISO 27001. Internal and external audits are carried out to ensure policies are followed. The ISMS includes an incident reporting process that feeds into the Risk & Opportunities Treatment Plan and risk assessment.

Incident management policy is in place. All incidents are logged on the incident register and depending on the severity of the risk are escalated to the senior management team. Access controls are in place to ensure staff only have access to the information they need to carry out their day to day role.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All Bob's Business physical hardware that has an effect on IT systems are assigned an asset tag and logged with the current user and recent user history.
We have a full change management process in place and staff requesting a change complete a form which is then reviewed by a senior manager and either approved or decline. This happens prior to any changes put in place and all changes that can affect security are thoroughly tested by our in house security team before being rolled out.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have a Vulnerability and patch management policy in line with ISO 27001. Potential threats to services are assessed by our in house security team, using resources from trusted partners. Patches to Bob's Business services are aimed to be fixed as soon as said patch becomes available and has been tested. Information for potential threats comes from trusted partners including directly from NCSC.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Constant monitoring is carried out by the in house technical team. Bob's Business reviews every compromise on a case by case basis and responses are provided as quickly as is reasonable at the time.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach To Identify, investigate, action and monitor any incidents/non-conformities with the scope of Bob’s Business Ltd Business management system, all identified/reported incidents will be recorded in the issues log. Senior Management will be made aware of all the incidents. The incident management process will be invoked to direct the investigation Evidence will be collected to support incident management including the confiscation of and isolation of data to facilitate further forensic examination if necessary. Action will be taken to prevent recurrence as detailed in the risk assessment plan.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.50 to £35.00 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The free trial consists of a test portal with limited access for users for a set period of 10 days.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑