All Articles

Introducing the new INFIMA

When we started INFIMA, MSPs needed one thing from security awareness training: a way to run it without it becoming a part-time job. Sync users, deliver training, run phishing simulations, send a report — automatically, across every client. That's what we built, and it's what hundreds of MSP partners run today.

But what clients ask their MSP for has changed. Some need to prove they meet a specific framework — CMMC, HIPAA, PCI-DSS — with evidence an auditor will accept. Others want to know how exposed they really are, and what's being done to bring that exposure down. Most need both. And neither question is answered by a completion rate.

So on June 6, the new INFIMA arrives — built around the two things every partner now has to deliver across their client base: framework-driven compliance and human risk management. Two equal pillars, one platform. Here's what's coming.

Pillar one: prove compliance, framework by framework

You’ll assign a framework to a client and INFIMA will track adherence to it for you — mapping training, phishing, and policy activity to the controls that framework calls for. Whether a client answers to CMMC, HIPAA, PCI-DSS, or another mandate, the evidence builds as you go, so when a QBR or an audit comes around, the documentation is already there — no more assembling it by hand the night before.

Pillar two: manage human risk, user by user

The other half of the job is knowing who's actually at risk — and doing something about it. The new dashboard will compute a risk score for every user, built from the signals that actually predict exposure: what they've actually learned in training, phishing simulation results, real phishing they've reported, credential breaches, and their role. Instead of a wall of green checkmarks, you'll see who your highest-risk users are across every client — and why — then act to bring that risk down. That's the difference between "we did the training" and "here's where the risk is, and here's what we're doing about it."

Know when credentials hit the dark web

Breached passwords are one of the most common ways small businesses get compromised. The new INFIMA will monitor known breach databases, and the moment a user's credentials show up in one, it will email that user directly — CC'ing you if you'd like — with a link to our learning portal that walks them through exactly what to do, plus an acknowledgement button to confirm once they have. The fix doesn't land on your desk as another ticket: the affected user is guided through it, and you get the record that it's done. It's a service your clients will thank you for, built right into the platform you already run.

And more

  • Policy tracking — assign policies and track acknowledgment as audit-ready evidence.
  • Customizable onboarding courses — tailor the first-run experience for each new client rollout.
  • Refreshed phishing templates and landing pages — current, realistic, and harder to spot.
  • Refreshed reports — the same content, with a clearer, client-ready look built for the conversations you actually have.

For our partners

Everything you have today — clients, users, history, settings — carries over. The change happens automatically on June 6; the next time you log in after that, it'll all be there, in a better home. There's nothing to migrate and nothing you need to do.

Want to know where things moved or how the new features work? We put together a short guide: Transition Guide →. Prefer to be walked through it? Book a quick tour → or just reach out — we’re here.

New to INFIMA?

This is what security awareness training looks like when it’s built only for MSPs — automated, white-labeled, PSA-integrated, and, starting June 6, delivering both framework-driven compliance and human risk management your clients are asking for. See the platform → or book a demo →.

View all articles