Platform

HRM Portal

Security awareness training and phishing simulation

The HRM Portal is the human risk management platform behind Blackfoot's managed security awareness subscriptions. Instead of an annual training session everyone forgets by February, it runs a continuous programme — adaptive training, rolling phishing simulations and quantified risk scoring — that measurably reduces how susceptible your people are to attack. Most breaches start with a person, not a firewall; this is the platform that works on that problem all year round.

Training is delivered as three-to-five-minute microlearning modules, personalised to each employee's individual risk profile, role and observed behaviour, and the content adapts continuously as that profile changes. Modules arrive where people already work — by email or directly in Microsoft Teams — and open with a simple link or single sign-on, so there is nothing for employees to install or configure. A finance manager who keeps clicking invoice-themed lures and a developer who has never fallen for anything see different content, at different frequencies, because they carry different risk.

A human risk management platform that coaches, not blames

Realistic phishing simulations run automatically on a rolling schedule, tailored to your sector and threat landscape. Anyone who clicks is immediately served short, targeted coaching in the moment the lesson is most likely to stick — and click rates, reporting rates and repeat-click patterns are tracked over time. Between campaigns, contextual security nudges keep good habits visible: a prompt when a document is shared externally, a password-hygiene reminder after a disclosure event. Nudges are deliberately light-touch — a sentence at the right moment rather than another mandatory module — so security stays visible in the long gaps between formal training without wearing people down.

All of this rolls up into quantified risk scores for each individual and for the organisation as a whole, with board-ready reporting that shows the trend, not just a completion percentage. The same reporting doubles as awareness-training evidence for ISO 27001, NIS2, GDPR and Cyber Essentials. Blackfoot manages the programme end to end — campaign scheduling, content optimisation, results analysis and quarterly reviews — so security and HR teams get the results without running another platform. The HRM Portal also complements our one-off social engineering assessments: a phishing, vishing or physical assessment gives you an honest baseline, and the platform then does the sustained work of improving it. Where an annual session produces an attendance record, this produces a falling click rate you can show the board.

What it does

Adaptive microlearning

Three-to-five-minute modules personalised to each employee's risk profile, role and behaviour, with content that adapts continuously rather than repeating a fixed curriculum.

Rolling phishing simulations

Realistic, sector-tailored campaigns run automatically year-round. Anyone who clicks receives instant, targeted coaching at the teachable moment.

Individual and organisational risk scores

Quantified scores built from behaviours, simulation results, training engagement and policy compliance — so you can see exactly where human risk sits and how it is trending.

Board-ready reporting

Clear reporting on click rates, reporting rates, engagement and risk trends that executives can read in minutes — no spreadsheet wrangling required.

Compliance evidence built in

Reporting aligned to ISO 27001, NIS2, GDPR and Cyber Essentials awareness requirements, ready to hand to an auditor.

Delivered where people work

Training, simulations and security nudges arrive via email or Microsoft Teams, with single sign-on access — no installs, no new passwords, no excuses.

Frequently asked questions

Straight answers to what prospective clients ask us most.

Do employees need any technical setup?

No. Simulations require nothing from end users, and training opens with a simple link or single sign-on — delivered by email or directly within Microsoft Teams. There is nothing to install.

What happens when someone clicks a simulated phish?

They are immediately shown short, targeted coaching explaining what they missed — in the moment, when the lesson sticks. The aim is behaviour change, not blame: repeat-click patterns are tracked so training can adapt, not so people can be named and shamed.

Who runs the platform — us or Blackfoot?

Blackfoot manages the programme for you: campaign scheduling, content optimisation, results analysis and quarterly reviews are all included in the subscription. Your team gets the reporting and the risk reduction without operating another tool.

Can the HRM Portal evidence compliance requirements?

Yes. Reporting is aligned to the security awareness requirements of ISO 27001, NIS2, GDPR and Cyber Essentials, giving you continuously maintained training evidence rather than a once-a-year attendance record.

See HRM Portal in action

Book a walkthrough with our team.