Cyber Security Training and Awareness

BLOCKPHISH delivers cloud-based Cyber Security Training and Awareness to help reduce the risk of a cyberattack on your business. As phishing and socially engineered attacks rely on exploiting human vulnerabilities, improving user behaviour is essential. Our cloud platform delivers learning in multiple formats to ensure the most effective results.


  • Real time awareness learning delivered via the cloud solution
  • Multiple hosted learning formats including videos, games and animations
  • Online, regular and concise learning through short brief learning packages
  • Adaptive, personalised and appropriate cloud-based training
  • Online training is tailored to different skill levels and preferences
  • Different learning formats are engaging, competitive and enjoyable
  • Awareness learning is measurable and effective – demonstrates investment benefit
  • Training is maintained to align with current cyber threats
  • Simple cloud-based platform assists in learning design and delivery
  • Aligned with best practice and UK regulatory standards


  • Increases staff awareness of phishing and cyber security
  • Achieves proven and lasting behavioural change
  • Increases executive awareness of whaling and spear phishing attacks
  • Reduces risk of successful cyber attacks caused by employee error
  • Reduces risk of loss of sensitive data or intellectual property
  • Reduces exposure to CEO Fraud and financial loss
  • Ensures legal and regulatory compliance e.g. GDPR
  • Demonstrates a strong return-on-investment through measurable increased awareness
  • Helps mitigate risk of cloud based attacks to critical assets
  • Improves company culture towards a security aware organisation


£7.50 to £40 per person per year

  • Education pricing available

Service documents

G-Cloud 11



Daryl Flack

0845 8622 365

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The BLOCKPHISH Cyber Security Awareness and Training is recommended to be used in conjunction with the BLOCKPHISH Ethical Phishing Service, however it can also be used as a standalone service if required.
Cloud deployment model Private cloud
Service constraints No
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Questions will be responded to via email within 24 hours. Support hours are Monday to Friday 0900-1730. Questions submitted during weekends will be responded on the next working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels General support times are Monday to Friday 09:00 – 17:30 however 24 / 7 support is available on request. Phone and Email support is provided by BLOCKPHISH technical consultants
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Your designated Cyber Security specialist will work with you to assess and determine your highest criticality assets, and which of your workforce has access to them. These are the individuals that are at the highest risk from phishing attacks and are most likely to be targeted by malicious actors. We incorporate these risk-based findings into your training plan to ensure you get the most impactful risk reduction for your investment. These users are also provided with additional focused training and awareness content. The effectiveness of the training can be determined by re-testing the same user group.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats DOC
End-of-contract data extraction All user access will be revoked and any BLOCKPHISH cloud service components containing customer data will be wiped and factory reset. All customer data will be removed. The data can be provided in HMTL, PDF, DOC and XML formats.
End-of-contract process Off-boarding is included with the following scope: all user access will be revoked and any components containing customer data will be removed and securely wiped at no extra cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Customisation available Yes
Description of customisation BLOCKPHISH Cyber Security Training and Awareness is adaptive, personalised and appropriate to your staff. It can be tailored to different skill levels and preferences to ensure maximum success. Due to the different learning formats, the BLOCKPHISH awareness learning is engaging, competitive and enjoyable. The Awareness and Learning content is delivered in multiple formats to ensure the most effective learning is delivered. These include: Communications and Posters containing rich graphical content identifying the highest risks and threats; Simulations and Games to discover potential risks and recognise the appropriate actions; Learning Nuggets and Animations delivering succinct yet important messages; and E-Learning interactive online courses that explore potential risks and educate users. Buyers can customise all Training to ensure it is delivered in the appropriate format for each topic, and for each member of staff.


Independence of resources Use of dedicated accounts for each customer. Capacity Management.


Service usage metrics Yes
Metrics types Service metrics are provided via a web portal
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Data at rest protection is in compliance with ISO27001 best practice.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users are able to export a .CSV file via a secure transfer
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We have a 100% power + network uptime guarantee with any breaches refundable. For hardware failures our SLA covers a 2 hour hardware replacement plus restore from backup at 50GB an hour.
Approach to resilience Our UK-based data centres are ISO 27001 and 27018 certified, PCI-compliant and secured to UK government IL4 standards, which ensures our solutions are protected by exceptional levels of security at all times. Cisco ASA Firewalls are used as standard. We are committed to providing continual business improvement through our people, practices and technology in the hosting, data centres and colocation space. Further information is available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Administrative access controls (such as two-factor authentication) are in place to ensure management interfaces are accessed on a need to know basis.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date 06/04/2017
What the ISO/IEC 27001 doesn’t cover The assessment scope of the ISO27001 certification is the design of architecture relating to dedicated managed services, including Cloud services, provided all our data centres.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Ultima Risk Management
PCI DSS accreditation date 20/08/2018
What the PCI DSS doesn’t cover None
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO27017
  • ISO27018
  • ISO22301
  • ISO9001
  • ISO14001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security Governance within BLOCKPHISH is approached in accordance with best practice (for example ISO27001, the international standard for the management of information security).
Information security policies and processes BLOCKPHISH has an Executive-approved suite of Information Security Policies and Procedures which have been created by certified Information Security Professionals, and are reviewed on an annual basis, or when there is sufficient change to the organisation or architecture. The CISO holds ultimate responsibility for these policies and procedures and ensures all staff have read the relevant policies prior to undertaking any work for the organisation. Any changes to the policies follow a change management procedure and are reviewed by the Security Change Board before approval.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a change management system in place which requires a sign off from department managers relevant to the change. CIS standards are used for servers and workstations.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Unneeded software and vulnerable network services have been removed. Weekly vulnerability scans are run on all IT facilities. Critical high and medium security software patches are applied within 30 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach In depth security solution with threat monitoring and threat response (proactive monitoring, vulnerability scanning and patching). All security products have been designed with compliance standards in mind and can satisfy requirements surrounding protective monitoring and retention of log data.
Incident management type Supplier-defined controls
Incident management approach A dedicated information security response team has been established and trained in evidence gathering and handling. If BLOCKPHISH becomes aware of any security breaches the buyer will be notified without undue delay.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £7.50 to £40 per person per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑