Simulated phishing and associated training framework

Reduce the risks from phishing and related attacks by giving users the skills and awareness to spot threats.

The simulated phishing and associated training framework reaches the end of its contract term on 11 April 2024.

Due to the low uptake of services on this framework over the last 12 months, Jisc has no current plan to replace it. Those with existing contracts for services purchased via these frameworks should not be impacted. Jisc members and customers can continue to purchase services via this framework until 11 April 2024.

If you have any questions please contact your relationship manager, who will be happy to assist you.

Cyber security isn’t just for IT professionals. Users also play an important role in the defence against threats. As attacks such as phishing become more sophisticated, it’s vital to ensure that your staff, students or users have the awareness and skills to spot a potential breach.

That’s why we offer phishing simulations to help users safely experience what an attack might look like – and related security training so they understand wider risks and know what to do if they suspect an issue.

Service delivery

This simulation and training service is delivered by our partner, Khipu Networks.

Khipu also offers free scans to Jisc members alongside their 15-minute webinars.

How the service can help you

The service is cost-effective and flexible. It includes practical simulations, as well as theoretical sessions, with a choice of classroom-based or virtual learning led by experienced cyber security experts.

The simulation service includes:

  • Fully managed simulated phishing campaigns – including simulated phishing emails and websites
  • Awareness training services – including tips to identify fake and suspicious emails
  • Classroom-led ‘cyber security 101’ training – training modules with videos, interactive quizzes and tests
  • Detailed reporting showing stats and graphs after each anti-phishing campaign
  • Cyber security best practice reviews and workshops
  • Recommendations on improving cyber security postures using products and services available via other Jisc frameworks

Using the associated training, you can:

  • Build flexible training to suit your needs – this service can be customised to suit the specific needs of your users
  • Get the benefit of experienced trainers – training is carried out by experienced cyber security experts, it’s not an ‘email-only’ software solution
  • Achieve value for money – in pre-procuring this service, we’ve taken significant account of cost – and in particular, the cost of scaling the service across the number of users in a research and education organisation. You pay a single price per campaign regardless of how many users are 'phished' – instead of a 'per-user' price model, which can be expensive for larger organisations
  • Buy with confidence – because we have pre-procured this service and conducted due diligence on it, you can buy confidently, knowing it’s a service you can trust

Find out more

Read the cyber impact report - Find out about the impact of cyber security incidents on the UK's further and higher education and research sectors.

Watch our cyber security documentary which looks at the current cyber crime climate, and what you can do to protect yourself the most effectively.

To find out more about this service, email simulated.phishing@jisc.ac.uk or call 0300 300 2212.

Case study: educate your users for effective protection against phishing attacks

How Guildford College uses this service to reduce its risk from phishing attacks.

Read the full case study on the Khipu website.

ISO certification

This service is included within the scope of our ISO9001 and ISO27001 certificates.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

ISO 9001-2015 UKAS logo

ISO/IEC 27001 UKAS logo