Meet your compliance training requirements

Compliance training is employee education required by legislation or regulations. Compliance training may also refer to education mandated or recommended via industry standards, frameworks or internal policies. Although some compliance mandates specify training topics or types, many include general requirements (e.g., provide annual security awareness training for all employees).

Yes. The Infosec IQ security awareness and simulated phishing platform includes everything you need to deliver — and document — security awareness training for all employees and prove compliance.

The NIST Cybersecurity Framework is a voluntary set of standards, guidelines and best practices to help organizations manage cybersecurity-related risk. The Framework outlines five core functions used to help organizations organize basic cybersecurity activities: Identify, Protect, Detect, Respond and Recover. The Protect function identifies security awareness training as a key component to an effective cybersecurity program.

To align with NIST recommendations, organizations should ensure “personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements.”

NIST provides guidance on security awareness and training topics in its special publications and encourages organizations to train employees on phishing, social engineering, password security, safe web browsing, physical security and more.

All Infosec IQ security awareness training content is mapped to the NIST Cybersecurity Framework and special publication recommendations to make it easy for any organization to build an effective employee training program into their cybersecurity strategy.

Mandatory security awareness training doesn’t have to be boring. The most effective security awareness training blends training topics and best practices with relevant scenarios, engaging storytelling and relatable characters. This allows you to keep employees engaged and inspire behavior change while accounting for compliance requirements.

Customs-Trade Partnership Against Terrorism

• Introduction to C-TPAT

California Consumer Privacy Act

• Introduction to CCPA
• Privacy and PII
• Privacy and PII Brief
• Need to Know: Privacy by Design

Criminal Justice Information Services

• CJIS Security Policy
• CJIS: Handling CJI
• CJIS Policy: Dissemination and Destruction
• CJIS Policy: Media Protection
• CJIS Policy: Physical Security

Children’s Online Privacy Protection Act

• COPPA

• CPNI for Consumers
• CPNI for Providers

Electronic Funds Transfer Act

• Electronic Funds Transfer Act (EFTA)

Fair and Accurate Credit Transactions Act

• Red Flags Rule

Federal Acquisition Regulation

Defense Federal Acquisition Regulation Supplement

• FAR Code of Conduct
• Introduction to DFARS

Foreign Corrupt Practices Act

• The Foreign Corrupt Practices Act (FCPA)

Family Educational Rights and Privacy Act

• FERPA
• FERPA For K-12
• FERPA For Post-Secondary Education

Financial Industry Regulatory Authority

• Anti-Money Laundering
• Mobile Security for Financial Institutions
• Social Media For Financial Institutions

General Data Protection Regulation

• Privacy and EU GDPR
• GDPR – Breach Notification (Video)
• GDPR – Consequences of Non-compliance (Video)
• GDPR – Important Definitions (Video)
• GDPR – Rights of the Data Subjects (Video)
• GDPR – What Is GDPR? (Video)
• GDPR for Data Processors
• GDPR for Executives
• GDPR for Managers
• Need to Know: Privacy by Design

Gramm–Leach–Bliley Act

• Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act

Health Information Technology for Economic and Clinical Health Act

• HIPAA HITECH
• Introduction To HIPAA
• HIPAA Minimum Necessary Standard
• HIPAA/HITECH for Healthcare Executives
• HIPAA/HITECH for Healthcare Managers
• Ransomware and HIPAA
• PHI Definition
• PHI Life Cycle
• PHI Policy
• Physical Security and PHI
• Removable Media and PHI
• Consequences of PHI Release
• Breach Notification for Healthcare Managers

Internal Revenue Code 6103

• Protecting Federal Tax Information
• Privacy and PII
• Privacy and PII Brief

Information Security Management Standard

• Infosec IQ content library

National Institute of Standards and Technology Special Publication 800-171

• Introduction to NIST 800-171
• Complying with NIST 800-171
• Protecting CUI

Payment Card Industry Data Security Standard

• PCI DSS
• PCI DSS Overview
• PCI DSS Brief
• PCI DSS: Threats to Cardholder Data
• PCI DSS: Transaction Types
• PCI DSS: Incident Management
• PCI DSS: Account Data
• PCI DSS: Protecting Networks and Systems
• PCI DSS: Physical Security

Personal Information Protection and Electronic Documents Act

• Personal Information Protection and Electronic Documents Act (PIPEDA)

• Handling SSA Provided Information

Service Organization Controls 2

• Infosec IQ content library

Sarbanes–Oxley Act

• Sarbanes-Oxley Act (SOX)

Social Security Act Section 1106

• Handling SSA Provided Information