Security Awareness Proficiency Assessment (SAPA)
You can assign a Security Awareness Proficiency Assessment to your users to assess their security awareness knowledge. The assessment results provide you with an overview of your organization's strengths and weaknesses. You can use this information to create targeted phishing and training campaigns that fit your users' needs.
We developed the assessment questions from four research studies. To ensure the quality of these questions, we've performed both external and internal validations. For more information about how we developed these questions, please see our KnowBe4 Security Awareness Proficiency Assessment technical document.
In this article, you'll learn how to use SAPA and review your organization's assessment results. For specific information about how to use organizational assessments effectively, see our How to Use Organizational Assessments article.
Click the links below to learn more about SAPA.
Best Practices for Implementation
We recommend that you assign your first assessment after your first phishing test, but before your first training campaign. You can use the scores from your first assessment as a baseline to see how your organization's strengths and weaknesses change over time.
After your first assessment, you should continue to assess your users at least once per year, but no more than twice per year. We recommend that you give your users time to learn from their new training assignments before you assign another assessment.
Assigning Organizational Assessments
To assign an organizational assessment, add the assessment through the ModStore by searching for assessments and clicking the + Add to Library button. Then, you can create a training campaign with the assessment as the selected content by following the steps below:
- Log in to your KnowBe4 console and navigate to Training > Campaigns.
- Click + Create Training Campaign.
- From the Content drop-down menu, select the assessment you'd like to assign.
- Fill out all required fields for the campaign. For more information on how to create a new campaign, see our Creating and Managing Training Campaigns article.
- Click Create Campaign.
Completing Assessments in the Learner Experience
To complete an assessment, your users will log in to their Learner Experience (LX) and click the Training tab. Then, they'll locate the assessment that they've been assigned and click Start Assessment. The assessment will open, and your user will be given the choice to Start Assessment now or Come Back Later.
As explained to the user in the opening text, the assessment takes approximately ten minutes to complete and must be completed in one session. They won't be able to stop in the middle of the assessment and return to it later. Any unanswered questions will be marked as incorrect.
If the user does not have time to take the assessment immediately, we recommend they click Come Back Later when they have time to take the full assessment.
Each assessment includes 23 questions. These questions are randomly selected from a larger pool of questions. We randomly select questions from the pool of questions to ensure that each user’s assessment is unique and that users cannot easily share answers with their coworkers. Sharing answers can result in inaccurate reporting.
Users must answer all questions to complete the assessment.
Monitoring Your SAPA Campaign
After you assign an assessment to your users, you can view your users' progress. To view your users' progress, follow the steps below:
- Log in to your KnowBe4 account and navigate to Training > Campaigns.
- On the Campaigns subtab, click the name of the campaign where the assessment was assigned.
- On the Campaign Overview page, locate the assessment.
- Click User Progress under the assessment title.
On the User Progress page, you can see information about your users' progress including their assessment scores, their assessment status, and how much time they've spent on the assessment. See below for more information about the User Progress page:
- Download CSV: Click this button to download a CSV file of the information displayed in the table below.
- Score: Displays the user's assessment score.
- Actions: Click this drop-down menu to select the action you'd like to perform on the selected user or users. Options include:
- Send Notification: Send a manual notification to the user about their assessment.
- Mark as Completed: Manually mark the user's assessment as complete.
- Reset Progress: Allow the user to restart the assessment.
For more information about managing your users' progress, see our User Training Progress article.
Once your users have completed their assessment, you can review the results of the assessment campaign. On the Assessment Results page, you can view your organization’s average assessment score for all users. To view your organization's results, follow the steps below:
- Log in to your KnowBe4 account and navigate to Training > Campaigns.
- On the Campaigns subtab, click the name of the campaign in which the assessment was assigned.
- On the Campaign Overview page, find the assessment and click Assessment Results under the assessment's title.
The first graph on this page shows the average assessment score for all your users. The second graph shows the average assessment score for each knowledge area.
The seven knowledge areas are:
- Email Security
- Incident Reporting
- Internet Use
- Mobile Devices
- Passwords & Authentication
- Human Firewall
- Social Media
You can find an explanation of each knowledge area below the graphs.
Clicking on the name of a knowledge area directs you to related content in the ModStore. You can then use these content suggestions to assign content to your users to improve their understanding of specific knowledge areas. For example, if your users have a low score in the Mobile Devices knowledge area, they may need more training content about how to stay safe on mobile devices.
If you have a Platinum or Diamond subscription, you can use Smart Groups to automatically enroll users into training campaigns based on their assessment results. For more information about automated campaigns, see our Automation with Smart Groups - Assessment Results article.
In addition to the Assessment Results summary available on the Campaign Overview page, more SAPA reports are available under the Reports tab.
To find your Security Awareness Proficiency Assessment Reports, log in to your KnowBe4 account and navigate to Reports > Security Awareness Proficiency Assessment Reports.
For more information about the types of reports available, see our Reporting Guide.
While SAPA was originally released in 2019, we have released a newer version that includes improvements and additional questions for specific knowledge areas.
Based on feedback and research, KnowBe4 has updated SAPA by adding the following improvements:
- Removed the three fixed baseline items (no longer required).
- Renamed the Security Awareness knowledge area to Human Firewall.
- Added more questions related to the following topics:
- Multi-factor authentication (MFA)
- Working from home or remote working environments
- Self-efficacy of risk
- Each assessment should now include three questions per knowledge area.
For this version of SAPA, we made sure that each assessment that users receive will include three questions per knowledge area. Each question will vary in difficulty and cover a different aspect of the knowledge area. We avoided terminology-based questions when possible.
For more information about SAPA beta, please see our KnowBe4 Security Awareness Proficiency Assessment Beta technical document.