Security Stack Logo
SoSafe Awareness Platform logo

Security Awareness & Training

SoSafe Awareness Platform

Gamified behavioral science training with Human Risk OS for real-time risk monitoring at scale.

Human Risk Management (HRM)

SoSafe Awareness Platform Overview

What it does

SoSafe is a behavioral science-driven security awareness and human risk management platform founded in 2018 in Cologne, Germany. The platform applies gamification, microlearning, spaced repetition, and character-based storytelling through modules for e-learning, multi-channel phishing simulations, the Sofie AI chatbot, and the Human Risk OS risk monitoring layer. Sofie delivers bite-sized learning, instant interventions, and security Q&A directly in Microsoft Teams or Slack.

How it works

The Human Risk OS continuously monitors user behavior with technical and psychological KPIs while a personalization engine tailors content by role, risk profile, and cultural context. Phishing simulations support email, SMS, and QR code channels with interactive walkthroughs. SCORM streaming supports existing LMS deployments, and Threat Inbox routes reported threats into ServiceNow or Jira Service Management workflows. Analytics dashboards map progress to ISO/IEC 27001, NIST, CIS, and PDCA cycles. The platform supports 32+ languages.

Credentials and traction

SoSafe is ISO 27001 and TISAX certified, with GDPR compliance for privacy-sensitive customers. Forrester named the platform a Strong Performer in The Forrester Wave: Human Risk Management Solutions, Q3 2024, awarding it the highest possible scores in six criteria including innovation and privacy considerations. The platform serves more than 6,000 organizations and 5.4 million users across 37 countries, with particular traction across the DACH region and European enterprises.

Key Capabilities

mapped to solution categories
Human Risk Management (HRM)

Sends simulated phishing emails at configurable frequency and difficulty, tracking click, credential submission, and report rates per user and department.

Calculates individual security risk scores from observed actions (phishing simulation results, policy violations, risky application usage), rather than training completion status alone.

Includes training content mapped to specific compliance control requirements (HIPAA workforce training, GDPR data handling, PCI DSS cardholder data procedures).

Syncs user rosters, role changes, and offboarding events from HRIS and identity providers, keeping the platform enrollment current without manual administration.

Intercepts risky actions (sending email to an external domain, uploading to an unapproved service), and presents a contextual security prompt before the action completes.

Provides team-level risk dashboards visible to people managers and HR, enabling business-side accountability for security behavior separate from the security team dashboard.

Assigns training modules based on each user's observed risk behaviors, role, and previous training results rather than delivering the same content to all users.

Measures security culture and employee sentiment through surveys and behavioral indicators, tracking how attitudes and norms shift over time and which teams need leadership attention.

Compliance

certifications
GDPRHIPAAISO 27001

Integrations

compatible tools
Google WorkspaceJIRA Service ManagementJumpCloud Directory PlatformMicrosoft Entra IDMicrosoft TeamsOktaOneDrivePersonioPower BISAP SuccessFactors HCMSCORM-Compliant LMS SystemsServiceNowSlackVanta

Implementation & support

Deployment model
SaaS
Pricing structure
Free TrialPer Seat
Support channels
Customer Success TeamDocumentationEmail SupportKnowledge BasePhone Support

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.