Skip to main content
NIS2 · DORA · SOC 2 · ISO 27001 · FTC Safeguards Rule · HIPAA · IRS WISP · ABA Rule 1.6 · PCI-DSS

Cybersecurity training built around your compliance obligation.

Every major cybersecurity regulation requires documented staff training. We deliver live sessions that satisfy the specific standard you're accountable to — with attendance records for your audit file. One flat rate. Unlimited users.

500+ professionals trained
6+ compliance frameworks covered
98% satisfaction rate
Live expert instructors, always

Your regulator named training. We deliver training your regulator will accept.

NIS2 Article 21 says 'basic cyber hygiene practices and cybersecurity training.' DORA Article 13 says 'ICT-related awareness programmes and digital operational resilience training.' HIPAA §164.308(a)(5) says 'a security awareness and training program for all workforce members.' The FTC Safeguards Rule requires 'training and management of service providers.' Every major framework has a training clause — and a regulator who will ask for documented evidence.

Generic e-learning doesn't satisfy these requirements because it's not documented at the individual level, it's not interactive, and it's not specific to the threat landscape the regulator is concerned with. Our sessions are live, expert-led, and conclude with a session summary and individual attendance record that directly addresses the named compliance requirement.

EU frameworks. NIS2 and DORA are the most demanding cybersecurity training mandates currently in force. Both explicitly require management body training — not just staff training. Both require documented evidence. We have dedicated programmes for each that cover the specific articles, thresholds, and enforcement context your team needs to understand.

US frameworks. HIPAA covers every healthcare entity. The IRS Written Information Security Plan (WISP) requirement covers every tax professional. ABA Model Rule 1.6 and Comment 8 cover every law firm. PCI-DSS covers every business that handles card data. We map session content to each framework's specific requirements and provide documentation you can present to an auditor, regulator, or cyber insurer.

Find your compliance framework.

🇪🇺
NIS2 Directive
Articles 20 & 21 — management body training + staff cyber hygiene for essential & important entities
Enforcement live Oct 2024
View NIS2 programme →
🏦
DORA
Article 13 — ICT awareness & operational resilience training for financial entities and ICT third-party providers
Enforcement live Jan 2025
View DORA programme →
SOC 2 Type II
The enterprise compliance standard for SaaS, fintech, and B2B. 47 controls mapped to every Trust Services Criterion. Start your readiness path today.
AICPA Trust Services Criteria · Type I & Type II
Download checklist →
🌐
ISO 27001
The internationally recognised ISMS standard. 93 Annex A controls across 4 domains. Certification signals global supply chain credibility.
ISO/IEC 27001:2022 · 6–18 month certification
Download readiness checklist →
🇪🇺
GDPR
Article 32 — technical & organisational measures for controllers and processors handling EU personal data. Enforcement active since 2018.
EU · Enforcement live since May 2018
View GDPR programme →
FTC Safeguards Rule
16 CFR Part 314 §314.4(j) — security awareness training for tax preparers, lenders, auto dealers, and finance companies
Enforceable since June 2023
View FTC Safeguards programme →
🏥
HIPAA
§164.308(a)(5) Security Awareness & Training — PHI protection, ransomware defence, and breach recognition for healthcare entities
HIPAA Security Rule
View HIPAA programme →
📊
IRS WISP
Written Information Security Plan training requirement for tax professionals — IRS Publication 4557 and FTC Safeguards Rule compliance
IRS Pub 4557 / GLBA
View WISP programme →
🏛️
ABA Rule 1.6
Technology competence (Comment 8) and reasonable safeguards for client data — wire fraud, BEC, and breach notification for law firms
ABA Model Rule 1.6
View ABA programme →
💳
PCI-DSS
Requirement 12.6 — security awareness training for all personnel with access to cardholder data environments. v4.0.1 SAQ self-scoping, CDE scope documentation, QSA evidence.
PCI-DSS v4.0.1 Req. 12.6
View PCI-DSS programme →

One flat rate covers your entire compliance training obligation.

Personal
$150
For individuals who need documented compliance training.
  • 60-minute personalised session on Zoom, Meet, or Teams
  • Framework-specific threat scenarios
  • Personal security assessment
  • Attendance record for compliance file
  • 24/7 emergency session access (+$100)
Attendance record satisfies individual training requirements.
Book this session →
Business (unlimited users)
$900
Unlimited users · $900 flat — covers the whole organisation.
  • 2-hour comprehensive live webinar
  • Unlimited participants — no per-seat fees
  • Framework-specific content (NIS2/DORA/HIPAA/etc.)
  • Interactive Q&A and scenario exercises
  • Attendance record + session summary provided
$900 flat (≈ €830). Train your entire organisation at once.
Book this session →

Your regulator expects documented training. Book yours today.

One Business session covers your entire team — management body included. Attendance records and session summary provided. $900 flat, unlimited participants.