StatusToday is an AI-powered Insights Platform that understands human behaviour in the workplace, helping organisations improve security, productivity and communication.

Combining state-of-the-art Machine Learning and Human Psychology, StatusToday’s patent-pending AI analyses employees’ activity metadata to deliver unparalleled operational visibility, map human threats and key behavior patterns internal to the organisation.


  • Human Psychology based Artificial Intelligence
  • Holistic Human Centric Aproach
  • Privacy First Model
  • User Behaviour monitoring, auditing and forensics
  • Real-time Operational Intelligence
  • Early detection of individuals and information at risk
  • Risk and Compliance Management
  • Highly Scalable Future Proof Architecture
  • Source-agnostic data ingestion / Cross-platform integration


  • Understand Human Behaviour in the Workplace
  • Mitigate Cyber Threats & Risks
  • Increase Employee Productivity
  • Streamline Communication
  • Support HR and Management Decision-Making
  • Achieve Regulatory Compliance
  • Reduce Regulatory and Financial Impact of Data Breaches
  • Reduce Investigation Resource Costs
  • No impact on End-Users (non-intrusive monitoring)
  • Mitigate Internal Fraud Risks


£5 to £20 per unit per month

Service documents

G-Cloud 9



Ankur Modi

020 3372 4851

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The service can be integrated with existing cloud suite services like Office 365, Microsoft Exchange or Google Apps and do not always require a standalone installation
Cloud deployment model Hybrid cloud
Service constraints None
System requirements Activity Logs from systems/applications producing logs on authentication and actions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard support response times are 1 Business day (best effort on weekends)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible The web chat support currently does not have accessibility in built. This can be added per the standard on demand.
Web chat accessibility testing N/a
Onsite support Onsite support
Support levels Normal technical support is offered during business hours. Premium support including functional and threat management support will be done based on individual requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer a combination of online instructions, email, phone and onsite support to help our clients connect data sources via API and to install agents for all our standard platforms.
Additionally we provide all necessary scripted software and assistance to ingest logs and matadata from any other source we agree to support for our clients on an ad-hoc basis.
User documentation and email/phone support will also be provided to assist on usage of the platform.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Certain data exports available directly in user interface. Full export available via service request.
End-of-contract process Contracts are normally setup to renew automatically unless cancelled.

Data retention is discussed as part of the engagement and can be purged on demand.

Additional data exports/analysis or anonymization of data for long term storage/compliance needs to be discussed during engagement terms

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service StatusToday's cloud-based platform supports responsive web design, adapting automatically to different screen sizes.
Accessibility standards None or don’t know
Description of accessibility The platform's interface can be extended to support accessibility standards in the future.
Accessibility testing No such testing has been carried so far, but will be prioritised when required by the buyer.
Customisation available Yes
Description of customisation Users can request custom views of StatusToday's Insights Platform on specific scenarios of interest for their organisation. Some custom views might need to be quoted separately.


Independence of resources This is guaranteed through high availability architecture with SaaS scaling. Our entire AI engine and system was designed to be an open architecture, with a scalable load balancing system in mind that will consume resources on a demand basis and not require dedicated or proprietary infrastructure.


Service usage metrics Yes
Metrics types We collect and display in the portal the number of employees monitored. This number is the basis of the pricing paid, however, we do not adjust the pricing continuously, for any small change of the monitored users. Unless other services variations are requested, we typically review the pricing once a year, only if the number of employees has changed more than 10%.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported directly from within the interfaces provided. Bulk data export is supported on demand.

Exported data can be provided in a variety of formats. This includes PDF, CSV, XLSX and/or RAW.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLSX
  • RAW
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Based on individual customer agreements and SLA. General guidance is 24/7 for the ingestion and 99% for the online interfaces.
Approach to resilience Available on request
Outage reporting Email, Dashboard and phone(optional) alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Mandatory multi-factor authentication for management interfaces and support channels.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards - Cyber Essentials
Information security policies and processes Our security policy document aligns with the security standards we comply with (IASME and Cyber Essentials) as well as adds additional processes and controls.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All configuration and change management integrated via DevOps and IaaS management infrastructure
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We assess potential threats to StatusToday by analysing the anatomy of more than 10,000 breaches. We regularly monitor the automatic underlying service updates and prioritise deployment when needed.

The information for potential threats is obtained from security bulletins like NIST and other proprietary sources.

Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We identify potential compromises via standard IDS solutions, antiviruses/antimalware as well as our own solution that identifies anomalies in human behavior and as a result, malicious/compromised employees/accounts.
We have a comprehensive response plan to potential compromise, including identification, informing clients, containment & resolution, escalations etc.
This is a function of individual contracts, however our responses are dependent on the incident severity varying from immediate to 72 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a clear process with comprehensive details for each step in order to deal with events. This is detailed in our Incident Response Plan. Accordingly, incidents are fully tracked as tickets/tasks and assigned to the person responsible. For incident reporting, we create post-mortems containing detailed descriptions of the incident, detailed logs of each action taken, containment and resolution, as well as long term resolution steps

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5 to £20 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial For organizations and departments with less than 250 employees who have a cloud based system in place (Office 365, Google apps), StatusToday offers a limited-timed (12 months) free version of the platform. For others, it's a limited trial.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑