Phishing testing and security awareness training

Document summary

This document provides detailed information about the services offered to customers utilising our phishing testing and security awareness training solution. This information clarifies the scope of items included within the overall service provision.

Core service provision

Our Phishing testing and security awareness training service is designed to assist with educating internal users on the threats that phishing and other attacks pose to an organisation. The service provides the following feature set:

Monthly phishing campaigns that are based on popular or evolving threats
Enrolment in to monthly cyber security training for staff
The option for customised phishing simulations tailored to mimic real-world threats
Behavioural tracking to monitor user interactions, such as clicks on malicious links or submission of sensitive data
Automated enrolment of susceptible users into targeted awareness training
Reporting to identify trends, high-risk groups, and areas for improvement

The solution is fully managed by our team, from campaign release to post-simulation reporting.

Service desk support

Customers can raise queries directly with our dedicated support team for assistance. Typical requests include:

Adding or modifying phishing scenarios, email templates or scheduled security awareness training
Adjusting testing schedules or user groups
Clarifying reporting insights and recommendations
Resolving issues or errors in the simulation process

Service coverage is provided in line with the customer’s existing Managed IT Service support contract.

Alert management

Our team receive alerts for a variety of events relating to the platform, these include the following:

Planned maintenance
Degraded service due to issues arising
Critical incidents or major outages

When one of these is received by our team, it is initially reviewed for impact and then if appropriate communications will be sent to customers.

Available reporting

The following reports are available through the platform, providing actionable insights into user behaviour and security awareness levels:

Campaign performance reports
High risk users
Training effectiveness reports

Vendor escalation

Our team collaborates with our preferred partner for the phishing testing and security awareness platform, escalating complex incidents or platform-specific issues as needed. All initial analysis and troubleshooting are conducted internally, with vendor escalation fully managed by our team. This process incurs no additional cost to the customer.

Addition of new features

Whereby a new feature is introduced to the platform that would be of benefit to a customer, the required changes are reviewed by our team to ensure they are suitable for implementation. If the change has any requirement for disruption to service or an adjustment to core components that may alter existing functionality, these will be communicated to the customer and a route forward agreed.

For any additional functionality that requires considerable work and/or integration, these items will be scoped and discussed independently with the customer.

On-boarding

The on-boarding steps for the core components are listed below:

Initial Consultation and Requirements Assessment
- Review organisational goals and compliance requirements – both for training and phishing
- Identify high-risk users, roles, or departments to prioritise for testing
Campaign Setup
- Develop phishing templates and scenarios based on organisational context
- Schedule testing campaigns, including frequency and target groups
- Configure automatic enrolment of susceptible users into security awareness training
- Define training schedules and assign initial modules
Execution and Monitoring
- Launch simulated phishing campaigns and/or scheduled training
- Monitor user responses and track key metrics such as clicks and reports
Reporting and Improvement
- Deliver reports with insights into the effectiveness of the campaign
- Adjust future campaigns based on findings and organisational feedback