Meet your compliance training requirements

We made it easy to match security awareness training to your requirements and track compliance over time.

Demo Now

Demo Infosec IQ today!

Train for industry threats & requirements

Healthcare

Deliver HIPAA compliance training and help employees keep PHI secure with training built for healthcare professionals.

Preview content
Financial services

Train employees on PCI DSS, GLBA and SOX requirements and prepare them for the most common attacks facing the financial services industry.

Preview content
Technology

Educate your IT and engineering team with CPNI and OWASP training and keep your technology, systems and data secure.

Preview content
Education

Prepare educators and staff with FERPA training and content tailored to schools.

Preview content
Retail

Teach employees how to protect cardholder data, account records and more while fulfilling PCI compliance requirements for security awareness training.

Preview content
Government & military

Educate government employees, military members and contractors with training on CJIS, FAR Code of Conduct, DFARs and more.

Preview content
Manufacturing & construction

Keep manufacturing plants and construction sites cyber secure with training on NIST compliance, federal manufacturing standards and more.

Preview content

Prepare every employee with role-based training

Do you have role-based training requirements? With role-based training, you can help your payroll department identify financial threats, teach executives to recognize whaling attacks and reinforce secure coding practices with your engineering team.

Preview content

Frequently asked questions

What is compliance training for cybersecurity?
- Compliance training is employee education required by legislation or regulations. Compliance training may also refer to education mandated or recommended via industry standards, frameworks or internal policies. Although some compliance mandates specify training topics or types, many include general requirements (e.g., provide annual security awareness training for all employees).
My organization is required to provide security awareness training for every employee. Does Infosec IQ cover this requirement?
- Yes. The Infosec IQ security awareness and simulated phishing platform includes everything you need to deliver — and document — security awareness training for all employees and prove compliance.
How can I achieve NIST Cybersecurity Framework compliance for security awareness training?
- The NIST Cybersecurity Framework is a voluntary set of standards, guidelines and best practices to help organizations manage cybersecurity-related risk. The Framework outlines five core functions used to help organizations organize basic cybersecurity activities: Identify, Protect, Detect, Respond and Recover. The Protect function identifies security awareness training as a key component to an effective cybersecurity program.
  
  To align with NIST recommendations, organizations should ensure “personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements.”
  
  NIST provides guidance on security awareness and training topics in its special publications and encourages organizations to train employees on phishing, social engineering, password security, safe web browsing, physical security and more.
  
  All Infosec IQ security awareness training content is mapped to the NIST Cybersecurity Framework and special publication recommendations to make it easy for any organization to build an effective employee training program into their cybersecurity strategy.
How can I fulfil mandatory security awareness training while keeping my training program fun and engaging?
- Mandatory security awareness training doesn’t have to be boring. The most effective security awareness training blends training topics and best practices with relevant scenarios, engaging storytelling and relatable characters. This allows you to keep employees engaged and inspire behavior change while accounting for compliance requirements.

Select training by standards & regulations

Standards & regulations

Infosec IQ training modules

C-TPAT

Customs-Trade Partnership Against Terrorism

Introduction to C-TPAT

CCPA

California Consumer Privacy Act

Introduction to CCPA

Privacy and PII

Privacy and PII Brief

Need to Know: Privacy by Design

CJIS

Criminal Justice Information Services

CJIS Security Policy

CJIS: Handling CJI

CJIS Policy: Dissemination and Destruction

CJIS Policy: Media Protection

CJIS Policy: Physical Security

COPPA

Children’s Online Privacy Protection Act

CPNI

Customer Proprietary Network Information

CPNI for Consumers

CPNI for Providers

EFTA

Electronic Funds Transfer Act

Electronic Funds Transfer Act (EFTA)

FACTA

Fair and Accurate Credit Transactions Act

FAR | DFARS

Federal Acquisition Regulation

Defense Federal Acquisition Regulation Supplement

FAR Code of Conduct

Introduction to DFARS

FCPA

Foreign Corrupt Practices Act

The Foreign Corrupt Practices Act (FCPA)

FERPA

Family Educational Rights and Privacy Act

FERPA For Post-Secondary Education

FINRA

Financial Industry Regulatory Authority

Anti-Money Laundering

Mobile Security for Financial Institutions

Social Media For Financial Institutions

GDPR

General Data Protection Regulation

Privacy and EU GDPR

GDPR – Breach Notification (Video)

GDPR – Consequences of Non-compliance (Video)

GDPR – Important Definitions (Video)

GDPR – Rights of the Data Subjects (Video)

GDPR – What Is GDPR? (Video)

GDPR for Data Processors

GDPR for Executives

GDPR for Managers

Need to Know: Privacy by Design

GLBA

Gramm–Leach–Bliley Act

Gramm-Leach-Bliley Act (GLBA)

HIPAA | HITECH

Health Insurance Portability and Accountability Act

Health Information Technology for Economic and Clinical Health Act

Introduction To HIPAA

HIPAA Minimum Necessary Standard

HIPAA/HITECH for Healthcare Executives

HIPAA/HITECH for Healthcare Managers

Ransomware and HIPAA

Physical Security and PHI

Removable Media and PHI

Consequences of PHI Release

Breach Notification for Healthcare Managers

IRC 6103

Internal Revenue Code 6103

Protecting Federal Tax Information

Privacy and PII

Privacy and PII Brief

ISO 27001

Information Security Management Standard

Infosec IQ content library

NIST 800-171

National Institute of Standards and Technology Special Publication 800-171

Introduction to NIST 800-171

Complying with NIST 800-171

PCI DSS

Payment Card Industry Data Security Standard

PCI DSS Overview

PCI DSS: Threats to Cardholder Data

PCI DSS: Transaction Types

PCI DSS: Incident Management

PCI DSS: Account Data

PCI DSS: Protecting Networks and Systems

PCI DSS: Physical Security

PCI DSS: Protecting Cardholder Data

PIPEDA

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act (PIPEDA)

Privacy Act of 1974

Handling SSA Provided Information

SOC2

Service Organization Controls 2

Infosec IQ content library

SOX

Sarbanes–Oxley Act

Sarbanes-Oxley Act (SOX)

SSA 1106

Social Security Act Section 1106

Handling SSA Provided Information

Cybersecurity Culture — Quantified

See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.