Security awareness assessment

We assess rather than train. The training market has plenty of capable providers; the assessment market is thinner, and the part of awareness programmes that most consistently breaks is the measurement layer.

Our awareness-assessment practice produces quarterly evidence of how your workforce actually responds to phishing, social-engineering, and policy-compliance pressure. The output is calibrated to be audit-defensible: item-bank documentation, simulation provenance, assessment scoring methodology, retake history, all preserved against the evidentiary needs of regulators and auditors.

We do not provide simulation tooling ourselves. We work with the leading platforms (KnowBe4, Hoxhunt, Cofense, Proofpoint, Mimecast) and can advise on platform selection where you do not yet have one. Where you already have a platform, we work with what you have.

The assessment cycle typically aligns with regulatory reporting cadences. Clients in financial services often run quarterly to align with internal audit cycles; clients with simpler reporting needs run twice a year.

Typical deliverables

• Quarterly assessment design aligned with current threat picture
• Simulation campaign execution support (using your platform)
• Defensible scoring and evidence pack
• Quarterly executive report with sector-benchmarked baselines
• Annual review of programme effectiveness and recommendations

Engagement model

Awareness-assessment engagements are typically annual retainers with quarterly delivery. Pilot engagements covering a single quarter and a single business unit are available for clients who want to test the approach before committing.

Get in touch

To discuss whether this service is a fit for your organisation, contact us at office@ellipseproject.com or use the contact form.