
Security Awareness & Training
SoSafe Awareness Platform
Gamified behavioral science training with Human Risk OS for real-time risk monitoring at scale.
SoSafe Awareness Platform Overview
What it does
SoSafe is a behavioral science-driven security awareness and human risk management platform founded in 2018 in Cologne, Germany. The platform applies gamification, microlearning, spaced repetition, and character-based storytelling through modules for e-learning, multi-channel phishing simulations, the Sofie AI chatbot, and the Human Risk OS risk monitoring layer. Sofie delivers bite-sized learning, instant interventions, and security Q&A directly in Microsoft Teams or Slack.
How it works
The Human Risk OS continuously monitors user behavior with technical and psychological KPIs while a personalization engine tailors content by role, risk profile, and cultural context. Phishing simulations support email, SMS, and QR code channels with interactive walkthroughs. SCORM streaming supports existing LMS deployments, and Threat Inbox routes reported threats into ServiceNow or Jira Service Management workflows. Analytics dashboards map progress to ISO/IEC 27001, NIST, CIS, and PDCA cycles. The platform supports 32+ languages.
Credentials and traction
SoSafe is ISO 27001 and TISAX certified, with GDPR compliance for privacy-sensitive customers. Forrester named the platform a Strong Performer in The Forrester Wave: Human Risk Management Solutions, Q3 2024, awarding it the highest possible scores in six criteria including innovation and privacy considerations. The platform serves more than 6,000 organizations and 5.4 million users across 37 countries, with particular traction across the DACH region and European enterprises.
Key Capabilities
mapped to solution categoriesSends simulated phishing emails at configurable frequency and difficulty, tracking click, credential submission, and report rates per user and department.
Calculates individual security risk scores from observed actions (phishing simulation results, policy violations, risky application usage), rather than training completion status alone.
Includes training content mapped to specific compliance control requirements (HIPAA workforce training, GDPR data handling, PCI DSS cardholder data procedures).
Syncs user rosters, role changes, and offboarding events from HRIS and identity providers, keeping the platform enrollment current without manual administration.
Intercepts risky actions (sending email to an external domain, uploading to an unapproved service), and presents a contextual security prompt before the action completes.
Provides team-level risk dashboards visible to people managers and HR, enabling business-side accountability for security behavior separate from the security team dashboard.
Assigns training modules based on each user's observed risk behaviors, role, and previous training results rather than delivering the same content to all users.
Measures security culture and employee sentiment through surveys and behavioral indicators, tracking how attitudes and norms shift over time and which teams need leadership attention.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 28, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.