General technical conditions
Here you find the General Technical Conditions for using our products.
Current version: November 26, 2024
1 General technical conditions for using our products
This document describes the general technical conditions for the use of our products. Please refer to your Feature Matrix to find out whether a product is included in your scope of services.
The General Technical Conditions for using our products are subject to change. SoSafe reserves the right to update the General Technical Conditions without notice. Please make sure you check the latest version at https://link.sosafe-awareness.com/general-technical_conditions-en .
2 Browsers supported
The following browsers are supported and their use is therefore a prerequisite for the provision of services: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.
Since April 2023 we do not support Microsoft Internet Explorer 11 for the Manager and E-Learning. For Phishing Report Button, please refer below to 3.2.2: Web browsers supported.
3 Service modules
The following sections describe the services offered by SoSafe and define the processes and organizational interfaces required for service provision.
When implementing these service modules, the customer is generally obliged to cooperate in order to ensure the provision of services by SoSafe.
3.1 Phishing simulation
The phishing simulation service module comprises the sending of a defined number of (pre-arranged) emails to users over the service period. These emails simulate real phishing emails to increase the users' awareness of cyber security risks caused by phishing attacks. When a user clicks on a phishing element (image, link, etc.) in one of the simulated phishing e-mails or is forwarded to a landing page (such as the login page), a web page is called up (hereinafter referred to as the "learning page"), which informs the user about the simulation and provides concrete information on how the respective e-mail could have been identified as a phishing attempt.
3.1.1 Phishing Simulation Options
For the Basic phishing simulation, customers can set up a straightforward baseline simulation, sending phishing emails to all users within their organization. End users will receive phishing emails randomly throughout the simulation time frame which will be defined by the Customer.
Spear phishing simulation: All emails are individualized for the respective recipient using Standard phishing placeholders (such as "Dear Mr. Miller, ...") and in some cases also include details such as the name or location of the Customer.
Customized spear-phishing simulation: If booked, customers can send an additional 3 simulated phishing emails, which we create together with you specifically for your organization (such as a simulation of CEO fraud). The individually created phishing emails are provided in English and German.
On top of the Basic simulation, you can add targeted or behavior-based phishing:
Targeted phishing offers a simple setup where customers can send contextually relevant templates to specific user groups such as finance, IT, HR or dynamic groups such as users in ‘Sales Leadership’. To make this possible, specific user groups that reflect these focus groups are needed.
Simulation Studio - Sofie AI - Within the Targeted phishing simulation, customers will have the ability to create their own templates as well as copy SoSafe created templates and tailor to their own individual use case needs.
Behavior-based phishing: The phishing simulation will be tailored at the relevant difficulty level, and the right cadence for each individual user to enhance both engagement and learning effectiveness. For example, if an end user has a low phishing threat awareness they will receive simulated phishing email at the 'easy' difficulty level. If a user has a high threat awareness they will receive simulated phishing emails at the 'hard' difficulty level. We recommend this approach as the most effective way to reduce risk for your organization.
To make the capabilities work, you must set up a running Entra ID connection and activate personalized tracking.
3.1.2 Whitelisting
To ensure that all simulated phishing emails are delivered to all users to be trained in the training, the customer is required to set up a whitelisting. This is a duty of cooperation on the part of the customer, without which SoSafe cannot guarantee the provision of services. At this point, the customer shall therefore be responsible for ensuring that the simulated phishing emails actually arrive in their complete form in the users' mailboxes and can be used within the scope of the training measure. If the customer cannot influence the whitelisting itself (such as because the customer has commissioned an IT service provider to manage its IT systems), the customer must ensure that the whitelisting is nevertheless carried out.
The following steps must be taken for whitelisting:
SoSafe's email servers must be whitelisted in the receiving email system to prevent the rejection of incoming emails.
Any existing filter systems (such as secure mail gateway) must be configured in such a way that the simulated phishing mails are not marked as "junk" or "spam" and delivery to the users can be guaranteed.
Any existing systems provided by the customer to protect access to the Internet from the user's end devices (such as web gateways, proxies, security settings of the operating system) must be configured in such a way that the undistorted display of the simulated phishing emails in the user's email programs is guaranteed. Furthermore, these systems are to be configured so that the learning pages can be displayed via a web browser.
Additionally, customers might also whitelist the following:
envelope sender addresses
list of used domains
image server
SoSafe provides instructions for the implementation of these steps for selected tools. The instructions also contain all necessary technical information such as IP addresses and server names of the email servers, URLs to be released for filter systems, and systems for access protection. Please note that third-party support is needed for some third-party services.
3.2 Phishing Report Button
The Phishing Report Button service module is a functionality that allows users to report emails that are considered to be a potential phishing attack. The report is sent to an email address defined by the customer in the form of a forwarding of the suspicious email. Simulated phishing emails from SoSafe are not forwarded, but instead reported to SoSafe. The customer must specify an email address where the forwarding is to take place.
The functionality is provided in the form of a Microsoft Office add-in. In order for the Outlook add-in to load and function properly, different requirements must be met on the server and client side. The Phishing Report Button can also be used with Google Workspace with some limitations.
3.2.1 Client requirements
The client must be one of the supported applications for Outlook add-ins. The following clients support add-ins:
Outlook 2013 or higher on Windows
Outlook 2016 or higher on Mac
Outlook for iOS
Outlook for Android
Outlook on the Web for Exchange 2016 or higher and Office 365
The client must be connected directly to an Exchange server or to Office 365. When configuring the client, the user must select Exchange, Office 365, or http://outlook.com as the account type. If a POP3 or IMAP connection is configured for the client, add-ins are not loaded.
Alternatively: Google Workspace
3.2.2 Web browsers supported
Microsoft Edge v1
Microsoft Edge v2
Chrome
Safari
Firefox
Internet Explorer 11
As of 06/15/2022, Internet Explorer 11 (IE11) has reached its end-of-life cycle. This change primarily affects users on MS Outlook versions 2013 and 2016. From 11/16/2023, customers using IE11 will no longer receive new feature updates on the Phishing Report Button, although critical bug fixes will continue to be addressed. Customers using modern versions of Outlook will benefit from accelerated updates and new features. We advise customers still using IE11 to transition to supported browsers for optimal experience and support.
3.2.3 Outlook requires a certain browser engine to run add-ins
The browser used by Outlook (internally) is determined by the system configuration. Certain Outlook versions with certain system configurations require specific browsers to be installed and enabled. For a detailed explanation and a compatibility table, please contact us.
3.2.4 Email server requirements
If the user is connected to Google Workspace, Office 365 or http://outlook.com, this already meets all the requirements for the email server. However, for users connected to an on-premises Exchange Server installation, the following requirements apply:
The server must be Exchange 2016 or later.
Exchange Web Services (EWS) must be enabled and accessible over the Internet. Many add-ins require EWS to function properly.
The server must have a valid authentication certificate to issue valid identity tokens. New Exchange Server installations include a default authentication certificate.
The client access servers must be able to communicate with AppSource to access add-ins from Microsoft AppSource.
The M365 server needs to have “connected experiences” activated.
There are some URLs that customers must be able to connect to
A successful installation as well as a smooth roll-out of the add-in can only be guaranteed if the customer uses the standard settings of the respective program and has no third-party application in operation that affects the functionality of the add-in. Individual support by SoSafe during the setup of the add-in in a non-standard infrastructure is explicitly excluded. As an optional service, resources with appropriate expertise can be arranged. This requires a separate and explicit agreement between the parties involved.
3.2.5 Client / Server API Compatibility
The Outlook add-in makes use of Exchange Web Services (EWS) or the Outlook REST API in order to retrieve data from the user’s Outlook mailbox. The following sections state the availability of EWS, REST and Graph API for all supported Exchange Server/Outlook Client combinations and their effect on forwarding.
Exchange On-Premise
For all Exchange On-Premise servers (no hybrid deployment) we can only support EWS.
Exchange Online / hybrid server deployments
For Exchange Online and hybrid deployments of Exchange servers we support the following EWS, REST, and Graph API availability for the respective client/server combinations:
REST: REST API only
EWS: EWS only
Graph: Graph API only
All: EWS + REST API + Graph API
Windows
Windows | Windows Outlook clients | |||||
MS 3651 | Outlook 2021 | Outlook 2019 | Outlook 2016 | Outlook 2013 | ||
Server | Exchange Online | All | All | All - Graph MSAL PopUp | EWS | EWS |
Exchange 20192 | All | All | All - Graph MSAL PopUp | EWS | EWS | |
Exchange 20162 | EWS/REST | EWS/REST | EWS/REST | EWS | EWS | |
Exchange On-Premise | EWS | EWS | EWS | EWS | EWS |
macOS
macOS
| macOS Outlook clients | ||
Office on Mac (classic UI) | Office on Mac (new UI) | ||
Server | Exchange Online | All | All |
Exchange 20192 | All | All | |
Exchange 20162 | EWS/REST | EWS/REST | |
Exchange On-Premise | EWS | EWS |
Other
Other | Outlook clients | |||||
Android App | iOS App | Web Browser (Exchange Online) | Web Browser (On-Premise) | Mobile Browser | ||
Server | Exchange Online | Graph/REST | Graph/REST | All | EWS/REST | not supported |
Exchange 20192 | Graph/REST | Graph/REST | All | EWS/REST | not supported | |
Exchange 20162 | REST | REST | EWS/REST | EWS/REST | not supported | |
Exchange On-Premise | not supported | not supported | n/a | EWS/REST | not supported |
1 Microsoft Office 365 subscription
2 connected to Exchange Online (hybrid deployment)
Graph MSAL pop-up: Every time a user opens the Phishing Report Button, the user will see a flash of a MSAL pop-up for logging in the user via Graph
Differences in forwarding via EWS and REST/Graph API
Forwarding can be done in “.eml” or “split” mode, each of which differ in the following ways. Depending on the available API and the configured forwarding mode, the following files are forwarded to the customer’s email addresses:
| via REST/Graph | via EWS |
.eml mode |
|
|
Split mode |
|
|
3 If the email contains attachments
3.2.6 Phishing Feedback
Phishing Feedback is an automated reporter feedback mechanism for emails reported using our Phishing Report Button (PRB). The feature automatically shares the analysis result of a reported email with the user who reported it. In its current form, the feature does not provide automated analysis capabilities.
The feature can be used with or without integration into a ticketing system.
Phishing Feedback can be integrated with Jira Service Management and ServiceNow. SoSafe will deliver implementation steps for these.
Disclaimer: The Customer’s internal team is responsible for classifying the email reports via the Phishing Report Button (PRB). The results of these evaluations, as provided by the Customer, shall be incorporated by SoSafe into the feedback emails sent to the end user (the reporter). SoSafe does not guarantee the completeness or accuracy of the Customer’s analysis results. Therefore, the Customer acknowledges and agrees that SoSafe is not liable for the completeness or correctness of the analysis results incorporated by SoSafe in the end user’s feedback email, nor for any potential damage that may arise from it.
3.3 Reporting Nudges
Reporting Nudges is a feature of the Phishing Report Button, designed to assist users in the identification of potential malicious emails. Its primary objective is to educate users on critical factors to evaluate while assessing emails for potential threats.
3.3.1 Reporting Nudges Assessment Criteria
Reporting Nudges employs an assessment based on five key factors to establish the potential risk of an email:
Email authentication: Checks are conducted on SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) to authenticate the email source. Please note that this risk factor, while essential to our evaluation, is not explicitly displayed to users within the user interface.
Sender information: Both the sender's domain and name undergo an examination to confirm legitimacy.
Email attachments: Reporting Nudges scrutinizes the types of attachments included in the email, providing feedback if types commonly associated with security risks are detected.
Embedded links: All embedded links are analyzed for characteristics typically indicative of phishing attempts.
Email content: The email content is reviewed for terms often employed within phishing communications.
The current implementation of Reporting Nudges operates entirely within the user’s email client. This ensures no email data is transmitted externally, aligning Reporting Nudges with GDPR (General Data Protection Regulation) requirements implicitly.
3.3.2 Clarification on Reporting Nudges Functionality
Reporting Nudges is a tool designed primarily to enhance user awareness and vigilance in identifying potential email threats. It is essential to understand that Reporting Nudges does not and will not definitively categorize an email as either entirely safe or a confirmed phishing attempt. Instead, it aims to guide users in identifying the tell-tale signs often associated with malicious emails.
In the assessment process, Reporting Nudges scrutinizes links within the email, specifically their attributes, not by opening or following them. This approach helps identify characteristics typically associated with phishing attempts.
Similarly, the evaluation of email attachments is based solely on the file type. The contents of these attachments are not opened or analyzed within a Sandbox environment to determine potential maliciousness.
3.3.3 Client / Server API Compatibility of Reporting Nudges
Operating system | Office version | Edge WebView2 (Chromium-based) installed? | Reporting Nudges |
Android | Any | Not applicable | Yes |
Any | Office web | Not applicable | Yes, if not opened in IE11 |
iOS | Any | Not applicable | Yes, if not opened in IE11 |
Mac | Any | Not applicable | Yes |
Windows 7, 8.1, 10, 11 | Non-subscription Office 2013 to Office 2019 | Does not matter | Not supported |
Windows 10, 11 | Non-subscription Office 2021 or later | Yes | Yes |
Windows 7 | Microsoft 365 | Does not matter | Not supported |
Windows 8.1, Windows 10 ver. < 1903 | Microsoft 365 | No | Not supported |
Windows 10 ver. >= 1903, Windows 11 | Microsoft 365 ver. < 16.0.11629 | Does not matter | Not supported |
Windows 10 ver. >= 1903, Windows 11 | Microsoft 365 ver. >= 16.0.11629 and < 16.0.13530.20424 | Does not matter | Yes |
Windows 10 ver. >= 1903, Windows 11 | Microsoft 365 ver. >= 16.0.13530.20424 | No | Yes |
Windows 8.1, 10, 11 | Microsoft 365 ver. >= 16.0.13530.20424 | Yes | Yes |
Note: This table includes information on the compatibility of Reporting Nudges with different operating systems, Office version, and whether Edge WebView2 (Chromium-based) is installed. The entries "Not applicable" and "Does not matter" indicate that a particular criterion is not relevant to a specific combination of operating system and Office version.
3.3.4 Exclusion of Liability
SoSafe expressly disclaims any liability arising from incidents where the assessment data generated by Reporting Nudges is used as the sole basis for email security decisions, and a subsequent cybersecurity event occurs. The intent of Reporting Nudges is to serve as an educational tool to augment user awareness and discernment, rather than providing absolute assurance of email safety.
3.4 Phishing Report Button with Sofie AI
The Phishing Report Button (PRB) with Sofie AI is an advanced, AI-powered phishing guidance tool designed to enhance security awareness by providing contextual email support directly within your Microsoft Outlook client.
Limitations & Compatibility
The PRB with Sofie AI is available exclusively for Microsoft Outlook versions 7.1.0 and later.
The feature is not compatible with Outlook Legacy environments that rely on Internet Explorer 11 (IE11) or the original Microsoft Edge (Edge v1). Support for these platforms will not be implemented.
Current activation of the PRB with Sofie AI is on an organization-wide basis. It cannot be limited to specific groups or subsets of users within an organization.
Reporting nudges and Sofie AI functionalities cannot be enabled simultaneously. Organizations must choose one of these features at a time.
3.5 E-Learning
The e-learning service module comprises the possibility for all authorized users of a customer to access the agreed number of learning lessons within the scope of service provision. The learning lessons impart knowledge in the field of cyber security and cover a wide range of sub-topics and related fields. The booked learning lessons can be accessed via SoSafe's own learning platform or integrated into a customer's existing learning management system (LMS) via SCORM streaming. The learning lessons are divided into learning videos and interactive learning lessons.
The learning videos can be used with or without acoustic output (this can be controlled locally via the user's operating system or browser). All language versions (see section "Multilingual Package") of the learning videos have an audio track and subtitles. For an ideal learning experience, we recommend doing the lessons in fullscreen mode. Some lessons are not optimized for viewing on mobile devices.
3.5.1 Access via learning platform
The proprietary learning platform of SoSafe is available at https://elearning.sosafe.de . Users can register with their professional email addresses. Alternatively, an anonymous access code can be used.
Core personalization: Core personalization of user paths determined by factors such as goal setting, duration, completion milestones, language preferences, selected lessons, and insights from the Risk Assessment Survey. Future personalization parameters will be contingent upon the chosen package. The features Risk Assessment Survey and Awareness Assessments are exclusively compatible with the core personalization.
Some additional E-Learning features are currently not compatible with core personalization (Policy Management, Manager Escalation).For e-learning, the agreed upon number of learning lessons and learning videos can be activated for all users of the customer from the available interactive learning lessons on cyber security. A reminder function reminds users who have not yet registered or have not yet completed individual lessons of a registration/finalization via email.
When using the SoSafe learning platform, users receive a certificate for all learning lessons passed.
Gamification: On the SoSafe learning platform, users pass levels, collect badges, and can view their progress in a personal success overview.
Content Management:
Customization Engine - Through the use of content placeholders, content on the learning platform can be customized to meet the needs and regulations of your company.
Policy Management - Upload policies, present them to your employees, and track their acceptance with downloadable reports.
Custom Modules/ Bring your own content - Upload and play your SCORM 1.2 cyber security content on our learning platform. Technical conditions are:
Select authoring tools are compatible
Upload limits: 150MB for lessons, 10MB for pictures
Quiz needs to be passed with >75%
Limited lesson categorization and language bundling
We support static SCORM1.2 lesson
Manager Escalation - Schedule email updates for people managers and keep them informed of their team's e-learning progress.
Manager Escalation is currently available unter the following prerequisites:No core personalization active
Core personalization and Sofie Copilot active.
To register on the SoSafe learning platform, it is also possible to use Single Sign-On via Microsoft Entra ID, Google, or Okta. To enable the learning platform to authenticate itself against the identity provider, an identity provider in the cloud is required (hybrid setup possible). The protocol used is OAuth 2.0 or SAML 2.0, which is ideally suited for use in web apps. Only a one-time authorization of our web app by the customer’s administrator is required. The technical requirements for Single Sign-On can be viewed at http://support.sosafe.de .
3.5.2 Access via customer LMS
The learning lessons are provided in the standard SCORM 1.2 as container files. These container files can be integrated into the LMS. The content of the learning lessons is then provided by a streaming server of SoSafe at the time of access. For this purpose, access to the streaming server at lms.sosafe.de must be guaranteed. For older installations, access to lms0.sosafe.de might be needed.
Individual support by SoSafe for the setup of the learning lessons in a third LMS is explicitly excluded and the support of the third-party providers is referred to.
3.6 SoSafe Manager
The SoSafe Manager can be accessed by the customer at https://manager.sosafe.de and it is available in English, German and French. The SoSafe Manager is the portal for the administration of awareness measures. Within the reporting dashboard on the portal, the customer can view various key figures about the commissioned service components, such as general click rates of the simulated phishing emails, overall e-learning progress, and - depending on the service agreement - individual employees’ e-learning results. Exactly which data can be viewed and processed is regulated in a separate Data Processing Agreement. Access can be optionally secured via MFA.
Branding: The customer's logo is displayed at the top of the learning pages associated with the phishing simulation, as well as on the SoSafe learning platform. The buttons and color design elements of the learning pages and learning platform can be adapted to the customer's corporate identity. In addition, the information text on the learning pages (non-specific, independent of the email) can be created or adapted according to customer requirements. If the logo and color scheme are freely available, the setup can be done by SoSafe. Otherwise, the corresponding data will be provided by the customer. The customer guarantees for the integration that they hold the usage rights to the logo and are liable for any violation of the rights of third parties.
Supporting awareness material: You receive supporting digital material for your awareness campaign, such as posters, screensavers, flyers, and communication templates.
Multilingual package: Phishing mail templates, learning pages and learning content are available in additional languages. Up to 30 languages are currently available, an up-to-date list will be provided on request.
Manage admins: Depending on the package booked you can add a certain amount of users with administrative rights. These users have to have an email domain that is part of your organization.
3.6.1 User Data Provisioning
There are two ways to transfer user data: via a user list or automatically via a SCIM connection. The customer must ensure that only e-mail addresses whose domain is owned by the customer are transferred.
With the User Management, customers can simply upload a user list for the phishing simulation and/or e-learning. A template (Excel file) is provided for this purpose. The transmission of the user list to SoSafe is done via a secure data connection. The customer will receive a user account for this purpose. The actual number of users available in the system shall not exceed the licensed number of users (contractually agreed upper limit)
The customer can update the user list via the aforementioned access to the SoSafe Manager Portal at any time on their own should there be any changes due to fluctuation, etc.
Automatic user provisioning: We support automatic user provisioning through either a direct integration, integrated through a SCIM connection or through a sub processor Kombo. Direct integrations are supported for Google Workspace. Integrations through SCIM connections are supported for Microsoft Entra, Okta and Jumpcloud. The Kombo sub processor supports 30+ integrations which are listed on the respective article at http://support.sosafe.de .
The SCIM connection to the SoSafe Manager only supports data transfers from the Microsoft Entra ID, On-premise Active Directories are not supported.
All integrations only support the connection of one source tenant. All user data to be transferred must be managed by the Customer in one tenant. The connection to multiple tenants is not supported.
If a user provisioning connection to the SoSafe Manager is established, the user administration is carried out exclusively via the source tool on the customer side; it is not possible to combine different ways of provisioning and/or manual user upload.
No nested groups supported
Each person can only be in exactly one user group at a time
The technical requirements for user provisioning can be viewed at http://support.sosafe.de .
User Grouping: The functionality to combine new profile-based user groups offers a more dynamic approach on targeted playout and analytics. These groups can currently be used for targeted playout of phishing simulations and e-learning.
Visibility of profile-based user groups in Analytics is currently not available.
The user profile-based user group functionality is only available for automatically provisioned user data, not for manually added user data.
3.6.2 Analytics
An Analytics and reporting dashboard that features key behavioral metrics, including phishing and e-elearning performance.
User feedback: You can view user feedback.
The evaluation contains benchmarks on all key figures compared to the customer average.
ISO 27001 reporting: The data is evaluated in an ISO 27001 –audit-compliant manner.
Expert evaluation: In addition to the provisions regarding the user list, the list can be supplemented with additional classifications. For example, these can be user groups based on the customer's organizational units or locations. The evaluations on the reporting dashboard are then differentiated according to this classification. When the customer defines the classification, the agreed provisions of the Data Processing Agreement must always be observed; for example, the minimum size of a user group must not be less than 5 persons for data protection reasons.
Expert benchmarking: The evaluation contains additional benchmarks, such as on the customer's industry and company size. This can be requested by the respective Customer Success Manager.
Data export: You can download evaluation data as an Excel or CSV file.
Analytics Integrations: We offer the capabilities to automatically export your files to OneDrive, Power BI, Vanta or any other tool you can connect the SoSafe API to.
OneDrive: Seamlessly export your data to an Excel with our Microsoft OnedDrive integration. Enjoy secure, instant access to your files, anytime, anywhere. Simplify your workflow with daily synchronization and storage. Prerequisites:
Data: The OneDrive integration can synchronize both E-Learning and Phishing Simulation into a folder of your choice for further processing.
Access to the SoSafe Manager integrations page and OneDrive
Access to admin-granted privileges on the Microsoft Entra ID or waiting for approval from an IT Admin
PowerBI: Connect to your Power BI account to manage your datasets, dataflows, and Reports in Power BI, increase your team’s productivity by keeping your Power BI account up to date – without manual data entry. Prerequisites:
Data: The Power BI integration can implement both E-Learning and Phishing Simulation data into your Power BI account.
Power BI Pro license or higher
Access to admin-granted privileges on the Microsoft Entra ID or wait for approval from an IT Admin
The account used in SoSafe must be able to create Datasets in Power BI workspace
Vanta: This integration automates the collection of evidence for completed employee cyber security & awareness training statuses in the GRC tool Vanta. Prerequisites:
Data: The Vanta integration can implement E-Learning completion data into your Vanta dashboard to track compliance progress.
Vanta license
E-Learning set up in Personalized Learning engine
Personalized tracking turned on.
SoSafe API: The SoSafe API allows businesses to get important information about their cybersecurity e-learnings directly from SoSafe, without having to log in and download reports manually in the manager. Prerequisites:
Data: The E-Learning endpoint allows retrieval of user progress related to assigned training modules and campaigns. After the data is returned, it can be filtered to extract specific information as required.
Access to the SoSafe Manager API Key Management page
Technical know-how on how to work with API
Disclaimer: The Customer’s internal team is solely responsible for using SoSafe with an automation built on top of the Analytics integration. The Customer acknowledges and agrees that SoSafe is not liable for such automation, nor for the completeness or correctness of the analytics data contained in the file during the term of the agreement, nor for any potential damage that may arise from it.
3.6.3 Multitenancy
Our “Multitenancy package” offers the ability to utilize multiple application instances (tenants) per one customer account. Each tenant’s data is isolated and remains invisible to other tenants. Configuration is also individualized per tenant for various platform properties, including but not limited to admin rights, user lists, placeholders, branding, phishing simulation templates, SCORM streaming, Phishing Report Button, and more.
3.7 Sofie Copilot
3.7.1 Rapid Awareness
Security professionals can send timely alerts directly through the MS Teams bot Sofie, reaching their employees 1:1 and ensuring constant awareness.
Once the Customer's administrator provides the Microsoft bot configuration through SoSafe's Manager, administrators can create drafts or schedule alerts to be sent to the selected group of users. Rapid Awareness is a convenient way to communicate important messages to your employees or share relevant news related to your cyber security practices or developments.
3.7.2 Level Zero Support
Transform your security support with conversational AI. As a prerequisite, the Customer's administrator must deploy the Microsoft bot configuration through SoSafe's Manager. After that, administrators will be able to define, configure and train Sofie. Sofie will use this knowledge management configuration to interact with your users.
Hot Topics: The top 10 trending conversation topics are available in the Level Zero Support Manager page and give insights into knowledge gaps within an organization.
Sofie is now also one of the communication channels the Human Risk OS uses to facilitate behavior change. More on that in the HROS section.
For more detailed instructions on how to set up and manage the Microsoft Teams application, see our Installation Guide. https://support.sosafe.de/ADOC/how-to-install-the-ms-teams-app-sofie-rapid-awaren
Disclaimer: Usage for informational purposes only. By using Sofie Level Zero support, the Customer acknowledges and agrees that the Chat Bot’s responses are provided for informational purposes only and do not constitute nor substitute professional advice. Users are expected to exercise their own judgment when acting upon the Chat Bot’s advice and seek professional guidance where necessary.
4 Additional Content
4.1 Content Add-Ons
Additional content aside from cyber security lessons covering a broad range of compliance topics. List of lessons and languages available in Feature Matrix and Language & Content overview documents.
4.2 Role-Based Content
We provide specialized content tailored to various roles within a company. Check the latest language availability in our language overview. Roll-out is dependent on the customer’s user groups and currently possible without the personalization feature.
The following Role-Based Content is accessible:
IT professionals: The agreed number of interactive cyber security lessons for IT professionals can be activated for all users.
Managers: The agreed number of interactive cyber security lessons for managers can be activated for all users.
Finance: The agreed number of interactive cyber security lessons for Finance professionals can be activated for all users.
Blue-collar workers: This specific training is offered as a printable PDF kit. It contains detailed instructions to assist managers in communicating cybersecurity practices, as well as material for workers covering essential cybersecurity topics.
Developers: One SoSafe video lesson to raise general security awareness and can be found in the “IT professionals” category. Additional detailed training and hands-on experience are offered via partners: SecureFlag. The partner content will be played outside our platform.
5 Service Levels
SoSafe offers different kinds of services based on the booked service level. Please refer to your Feature Matrix to see which features apply to your subscription plan.
5.1 Implementation
Quick implementation: You will receive non-customizable implementation services based on our best practice recommendations. Additional materials to guide you through the process will be provided.
Full-service implementation: Your personal implementation manager supports and advises you on the advanced configuration of your awareness platform: best-practice approaches, whitelisting, recommendations for communication incl. templates, user management with data quality assurance.
Advanced scheduling: We are able to adapt the dispatch times individually to customer requirements, such as vacation periods and time zones.
Advanced Analytics: Includes the same KPIs as in the normal Analytics feature, but also allows them to be grouped according to user groups or Extended Data. Customers with Advanced Analytics can use the Extended Data fields in their user addresses. Extended data can be additional regions or departments that customers would like to filter and see in the Analytics. The Extended Data in Analytics is only visible if personalized analytics have been agreed upon before starting awareness measures.
5.2 Support
Support times are subject to the general response times listed in our SLA. Within these agreements priority is defined by your booked service.
Knowledge Base access: you will receive access to our knowledge base articles.
Priority support: Your support requests are treated with priority subject to our support times.
5.3 Customer Success
We offer Customer Success support either via E-Mail only or offer access to Customer Success Managers to consult on security awareness strategy and support ongoing usage of SoSafe.
6 Human Risk OS™
The most cohesive platform bringing together real-time risk detection, enhanced behavioral insights, a targeted set of interventions, all while plugged into the tools you use and trust. By fostering a proactive, positive security culture, the Human Risk OS™ strengthens resilience to human-related security risks and social engineering.
To make the Human Risk capabilities work you must set up a running Entra ID connection and activate personalized tracking.
It consists of three main components:
Human Behavior Sensors/ Human Behavior Signals - Measure the digital activities, behaviors, and security culture of an organization. These sensors can be first-party (for example part of the SoSafe CSAT product) or third party (part of the wider customer ecosystem, such as Microsoft Entra) This creates individualized and group-level profiles of events.
Human Security Index - Process human behavior sensors and additional contextual information to create a singular index that tracks cyber security performance for groups and organizations. This score allows organizations to quickly spot areas of concern, and to track progress and evolution over time as well as the impact of different types of interventions.
Intervention Hub/ Intervention Feed – This capability centralizes all interventions done within or outside the SoSafe platform. Given a group of end users, the Interventions Hub will suggest intervention strategies to mitigate the respective risk. These interventions can be automated (such as adjusting learning paths, a Sofie Copilot nudge, etc) or semi-automated (such as by starting a change management program). Interventions can help change specific target behaviors and positively influence the Human Security Index over time.
Integrations:
Signals the Human Risk OS currently supports:
SoSafe Personalized Learning
SoSafe Phishing Simulation
SoSafe Sofie
SoSafe Culture Survey
Microsoft Entra ID
7 Self-Service-Awareness-Platform
This package is only available for customers with 5-250 users.
For this package, all users must be registered with the SAME email domain name. (single domain only).
The customer is provided with instructions (downloadable PDF) on the self-service platform https://app.sosafe.de , which explain all necessary steps, such as setting up whitelisting, in a way that is understandable for the average user.
All relevant information (customer master data, billing data, etc.) must be entered by the customer via the platform.
A template (Excel file) is provided for the transmission of the user list, the scheme of which must be followed in order to ensure a clean upload of the data to the self-service platform. This user list can be updated by the customer. The actual number of users in the system must not exceed the licensed number of users (contractually agreed upper limit).
A sample of the Data Processing Agreement is provided, which must be signed and uploaded by the customer.
Analytics: Includes access to the SoSafe Manager Portal, including the Analytics Dashboard to analyze KPIs (such as click and completion rates).
Interactive learning modules and learning videos in the e-learning are fixed and cannot be changed. A suitable industry package can be selected for the phishing simulation.
8. Partner Platform
Partners, that are managing customers of up to 250 users, have access to the SoSafe Partner Platform at https://app.sosafe.de/ .
Customer setup
The partner sets up a new customer in the platform by filling out all necessary data on the customer's behalf such as customer name, contract duration, number of licenses, domain, application language, address, phone number, and customer logo.
User Management
The partner adds users on the customer’s behalf either manually or using the Excel template provided for the transmission of the user list, the scheme of which must be followed in order to ensure a clean upload of the data to the partner platform.
The user list can be updated by the partner. The actual number of users in the system can’t exceed the licensed number of users (contractually agreed upper limit).
The partner must ensure that all legal requirements are observed when uploading and using the end customer's user data on the end customer's behalf. This includes, among other things, entering into a data processing agreement between the partner and the end customer.
Simulation
The phishing simulation service module comprises the sending of a defined number of (pre-arranged) emails to users over the service period. These emails simulate real phishing emails to increase the users' awareness of cyber security risks caused by phishing attacks. When a user clicks on a phishing element (image, link, etc.) in one of the simulated phishing e-mails or is forwarded to a landing page (such as the login page), a web page is called up (referred to as the "learning page"), which informs the user about the simulation and provides concrete information on how the respective e-mail could have been identified as a phishing attempt.
The partner sets up the Simulation campaign start date on the customer’s behalf.
The Baseline Phishing Simulation includes 3 email templates sent out over 1 week period of time.
The Continuous Phishing Simulation includes 12 email templates (different context and difficulty levels) sent out randomly throughout the simulation time frame over the next 11 months.
Whitelisting
To ensure that all simulated phishing emails are delivered to all users to be trained in the training, the whitelisting must be set up. This is a duty of cooperation on the part of the partner and the end customer, without which SoSafe cannot guarantee the provision of services.
The partner can choose one of the two available whitelisting methods on the customer’s behalf:
Mail server and domain sender whitelisting
Custom email headers whitelisting
SoSafe provides whitelisting instructions on the partner platform that need to be followed by the partner. The instructions also contain all necessary technical information such as IP addresses and server names of the email servers, URLs to be released for filter systems, and systems for access protection.
Once whitelisting is tested, the partner must update the whitelisting status to 'confirmed' to activate the Simulation campaign.
E-Learning
The e-learning service module comprises the possibility for all authorized users of a customer to access the agreed number of learning lessons within the scope of service provision. The learning lessons impart knowledge in the field of cyber security and cover a wide range of sub-topics. The learning lessons are divided into learning videos and interactive learning lessons. The learning videos can be used with or without acoustic output (this can be controlled locally via the user's operating system or browser). All language versions of the learning videos have an audio track and subtitles. For an ideal learning experience, we recommend doing the lessons in fullscreen mode. Some lessons are not optimized for viewing on mobile devices.
The proprietary learning platform of SoSafe is available at https://elearning.sosafe.de . Users can register with their professional email addresses.
The partner sets up the E-Learning campaign start date on the customer’s behalf.
The Continuous E-learning Campaign includes 16 lessons (14 mandatory and 2 optional) with automatically assigned deadlines for 2 monthly lessons to encourage sustainable learning.
Analytics
Includes access to the Customer’s Analytics Dashboard, Simulation KPIs, E-Learning KPIs, and ISO reporting.