Home / Switch from KnowBe4
Migration Guide
Switch from KnowBe4 without losing compliance coverage.
A parallel run, a validation gate, and a staged rollout — timed to your renewal date. Auditors keep their evidence. Employees barely notice. Your team does less work than it does today.
Why Teams Switch
The usual reasons.
01
The metrics stopped meaning anything
Completion rates plateau at 95%+, click rates bounce around, and nobody can say whether the org is safer than last year.
02
The threat model moved
Deepfake voice calls and AI-written lures are in your incident reports, but not in your simulation program.
03
The admin cost stopped being worth it
Hours per month building campaigns and chasing stragglers — time a lean team doesn’t have.
The Plan
30 / 60 / 90 days.
Days 0–30
Baseline & parallel run
Run the 14-day Human Risk Baseline alongside KnowBe4
Connect HRIS, identity, and email integrations
Map compliance requirements to Cimento coverage
Review baseline report with stakeholders
Days 30–60
Validate & integrate
Expand simulations to full employee population
Turn on adaptive micro-training and reporting workflows
Wire Slack/Teams coaching and SIEM risk signals
Dry-run a compliance evidence export with your auditor’s checklist
Brief executives with the first risk-trend report
Days 60–90
Cut over & retire
Announce the change to employees (templates provided)
Final export of all KnowBe4 records for retention
Point compliance attestations at Cimento reporting
Decommission KnowBe4 at renewal, once all evidence is archived
Set quarterly risk-trend review cadence
Renewal further out? The plan compresses or stretches. The sequence — parallel, validate, cut over — stays the same.
Compliance
Nothing lapses. Nothing is lost.
Before KnowBe4 is turned off, every attestation your program supports has a Cimento equivalent already producing evidence.
SOC 2 / ISO 27001: security awareness training delivery and completion evidence, continuously generated.
HIPAA / PCI DSS: role-scoped training records for covered and in-scope staff.
Cyber insurance: phishing simulation cadence and results, plus the risk-trend data underwriters increasingly request.
Records retention: full historical export from KnowBe4 archived before decommission.
Audit continuity: evidence dry-run in days 30–60, so the first real audit after switching is a non-event.
Data & Integrations
What connects, what migrates.
Identity & HRIS
Okta, Microsoft Entra, Google Workspace directory, and HRIS sync drive role-based scoping automatically — joiners and leavers included.
Email & Chat
Google Workspace and Microsoft 365 for simulation delivery and report-button telemetry; Slack and Teams for in-the-moment coaching.
SIEM & SOAR
Risk scores and reporting events stream to your SIEM, so human risk sits next to the rest of your detection data.
KnowBe4 History
Completion records and phishing results import as baseline context, so trend lines don’t start from zero.
Stakeholders
Everyone hears the right story.
Employees
“Shorter, smarter security training” — announcement templates emphasize less time spent and no public shaming. Engagement typically improves within the first month.
Executives
A one-page brief: why the program is changing, what the new risk metric means, and when the board sees the first trend line.
Auditors
A control-mapping memo showing continuity of training evidence across the cutover, with export samples attached.
Step one is a 14-day baseline.
Run the 14-day diagnostic alongside KnowBe4. If the evidence says switch, the plan above is ready. If it doesn’t, you renew with confidence.