Pentesec Ltd

CybSafe

CybSafe is a British cyber security technology company. Their AI-driven security awareness training platform uses GCHQ accredited content, advanced analytics, psychology and behavioural science to measure, understand and report on cyber security culture, increase employee engagement and demonstrably reduce human-cyber and data protection risk.

Features

  • Intelligent Phishing Simulations
  • Behavioural Interventions
  • Risk Reduction Data & Metrics
  • Security Education
  • Security Awareness
  • Modular Learning Content
  • Behavioural-based Assessments
  • Regular Content Updates
  • Simulate Social Engineering
  • AI-machine Learning

Benefits

  • Reduce Security Risk
  • Train staff to be secure
  • Learn to Avoid Phishing Attempts
  • Learn to Spot Social Engineering
  • Understand and Measure Human Risk
  • Measure Browsing Habits
  • End Tick Box Awareness Training
  • Fast Setup
  • User Personalisation
  • Regular Content Updates

Pricing

£1.39 to £25 a person a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.bass@pentesec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 9 8 3 5 0 9 7 0 4 8 5 7 4 0

Contact

Pentesec Ltd Richard Bass
Telephone: 0845 519 1337
Email: richard.bass@pentesec.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
CybSafe routinely release updates during business hours operating a zero downtime deployment policy. Any significant maintenance requiring outage will take place outside of business hours after reasonable notice has been provided.
System requirements
  • Browser
  • Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our Customer Success
team are available during UK business
hours (excluding UK Public Holidays)
and act as a point of contact within
CybSafe to assist with support issues,
feature requests and any other
questions clients may have regarding
their deployment.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Flat Support - The service is hosted in the cloud and accessed from smart devices.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We understand that every organisation
is different, and that the process to
achieve maximum user engagement
will vary between organisations. The
following represents the typical process
clients go through prior to deployment.
However, we encourage you to liaise with
our Product Specialists and Customer
Success Team leading up to your
deployment to ensure it’s right for you. Planning session takes place with
a Product Specialist to scope
technical requirements (such as
single sign-on or an active directory
integration) and plan any customised
learning content.
2. One-to-one training is provided
to all administrators as part of the
on-boarding process. This allows
familiarisation with the platform,
features, reporting and analytics.
Configuration requirements are
confirmed and guidance is also
provided on how to roll out the
campaign to obtain maximum user
engagement.
3. Client administrators assess
training content and add
contextual annotations and links to
organisational policies.
4. (Optional) A simulated attack
campaign - including phishing,
smishing and USB drops - is
conducted up to a month in advance
of deployment to baseline user
behaviour. Initial knowledge checks and cultural
assessments are conducted to baseline
user awareness and attitude.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The minimum term agreement is 12 months with each term automatically
renewing at the anniversary of the commencement date. Customers are free to issue a notification of intent not to renew in writing at any point during their service.
End-of-contract process
Customers are free to issue a notification of intent not to renew in writing at any point during their service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
CybSafe is a data-driven analytical tool. It helps you understand, measure and reduce human cyber risk, allowing you to see if internal awareness and influence activities are actually working, making it easier to report risk to the board or other decision makers and helping you to make increasingly effective decisions based on actionable and intelligent data.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Data Not Provided
API
No
Customisation available
Yes
Description of customisation
CybSafe content is individually
personalised to boost engagement in
security. AI-machine learning tracks
user knowledge, habits and attitudes,
personalising content in response. Custom annotations can be added to all learning content by organisation
admins, allowing you to add in your
own contextual messages for staff and
link to relevant policies, procedures and
internal resources.

Scaling

Independence of resources
Cloud based, scaling only limited by per person seat licences purchased.

Analytics

Service usage metrics
Yes
Metrics types
He backbone of the CybSafe software is an analytical engine that provides easily digestible information and insight. CybSafe uses analytics (the systematic analysis of data or statistics) to develop an understanding of several areas more traditional question-and-answer training would struggle record, let alone analyse. The analysis covers: levels of user understanding, changes in behaviour, points of vulnerability, areas of risk, relevant cyber threats and user provided insight and lessons learnt. CybSafe measures and analyses user activity. It then visually portrays the results through graphical displays in a series of dashboards.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Cybsafe

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
On request.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
None

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
95% Uptime
Approach to resilience
Cloud based service with resilient architecture.
Outage reporting
As agreed via service management.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Whitelisted IP and dedicated EUD.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
12/10/2018
What the ISO/IEC 27001 doesn’t cover
NA
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • GCHQ Certified Training (GCT)
  • IISP Accredited Learning Content
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cyber Essentials and GDPR.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Industry best standard.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Industry standard.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Industry standard.
Incident management type
Supplier-defined controls
Incident management approach
Industry standard.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.39 to £25 a person a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.bass@pentesec.com. Tell them what format you need. It will help if you say what assistive technology you use.