Compliance Mapping Guide
See exactly which RansomLeak exercises satisfy requirements for SOC 2, ISO 27001, GDPR, HIPAA, NIS2, PCI DSS, and DORA. Map your training program to compliance controls.
Each table below links specific framework requirements to the courses and exercises that address them, so you can build a training plan that satisfies your auditors.
How Does RansomLeak Map to SOC 2 Requirements?
SOC 2 Trust Services Criteria require organizations to demonstrate security awareness across their workforce. RansomLeak exercises map directly to Common Criteria controls, giving auditors the evidence they need.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| CC1.4 Security Awareness & Communication | Security Policies & Your Role, Phishing & Impersonation Attacks | Employee Security Responsibilities, Phishing, Social Engineering |
| CC6.1 Logical Access Controls | Passwords & Account Security | MFA Setup & Best Practices, Least Privilege Awareness, Privileged Access Basics |
| CC6.7 System Operations Monitoring | Device Security, Web & Browser Safety | Endpoint Patching & EDR Alerts, Safe Browsing & Downloads |
| CC7.2 Anomaly & Incident Detection | Incident Reporting, Workplace Security | General Incident Reporting, Insider Threat (Accidental) |
| CC7.3 Incident Response | GDPR Compliance, Incident Reporting | Security Incident Response, Reporting Culture |
| CC9.2 Risk Mitigation | Remote & Home Office Security, Safe Communication & Sharing | VPN Usage & Safety, Cloud Sharing Controls |
How Does RansomLeak Map to ISO 27001 Requirements?
ISO 27001 Annex A controls require documented security awareness programs. RansomLeak provides structured training content and completion tracking that satisfies these controls during certification audits.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| A.6.3 Information Security Awareness | Security Policies & Your Role, Phishing & Impersonation Attacks | ISMS Policy Awareness, Phishing, Spear Phishing |
| A.5.10 Acceptable Use of Assets | Protecting Sensitive Information, Device Security | Internet & Email Acceptable Use, USB Drop Attack |
| A.8.3 Access Restriction | Passwords & Account Security | Least Privilege Awareness, Joiner-Mover-Leaver Awareness |
| A.5.24 Incident Management | Incident Reporting, GDPR Compliance | General Incident Reporting, Security Incident Response |
| A.8.7 Malware Protection | Device Security, Web & Browser Safety | Ransomware, SEO Poisoning, Browser Extension Safety |
| A.5.14 Information Transfer | Safe Communication & Sharing, Protecting Sensitive Information | Secure Messaging Practices, Secure Sharing Practices |
How Does RansomLeak Map to GDPR Requirements?
GDPR Articles 39 and 47 require data protection training for employees who process personal data. RansomLeak offers a dedicated GDPR Compliance course with exercises that cover breach response, data subject rights, and privacy by design.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| Art. 39 DPO Awareness Training | GDPR Compliance | Data Mapping and Records of Processing, Data Protection Impact Assessment |
| Art. 33 Breach Notification | GDPR Compliance, Incident Reporting | Data Breach Response, Tabletop Breach, General Incident Reporting |
| Art. 25 Privacy by Design | GDPR Compliance | Privacy by Design Review, Cookie Compliance |
| Art. 15-22 Data Subject Rights | GDPR Compliance | Legitimate DSAR Processing, Fraudulent DSAR Detection |
| Art. 28 Processor Obligations | GDPR Compliance | Third-Party Data Processor Vetting |
| Art. 44-49 International Transfers | GDPR Compliance | Cross-Border Data Transfers |
| Art. 5 Data Principles | GDPR Compliance, Protecting Sensitive Information | Data Retention, Data Classification Basics, PII Document Redaction |
How Does RansomLeak Map to HIPAA Requirements?
HIPAA Security and Privacy Rules mandate workforce training on safeguarding protected health information. RansomLeak exercises address the specific administrative, physical, and technical safeguards outlined in 45 CFR Part 164.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| §164.308(a)(5) Security Awareness | Security Policies & Your Role, Phishing & Impersonation Attacks | Employee Security Responsibilities, Phishing, Social Engineering |
| §164.530(b) Privacy Training | Protecting Sensitive Information, GDPR Compliance | Data Classification Basics, PII Document Redaction |
| §164.308(a)(6) Incident Procedures | Incident Reporting, GDPR Compliance | General Incident Reporting, Security Incident Response |
| §164.312(d) Authentication | Passwords & Account Security | MFA Setup & Best Practices, Password Manager Habits |
| §164.310(b) Workstation Security | Device Security, Workplace Security | Encryption & Lock Discipline, Clean Desk Policy |
| §164.308(a)(3) Workforce Security | Workplace Security | Insider Threat (Accidental), Insider Threat (Intentional), Joiner-Mover-Leaver Awareness |
How Does RansomLeak Map to NIS2 Requirements?
The NIS2 Directive requires essential and important entities across the EU to implement cybersecurity training and hygiene practices. Article 21 specifically mandates human resources security and awareness programs.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| Art. 21(2)(g) Cyber Hygiene & Training | Security Policies & Your Role, Phishing & Impersonation Attacks | Employee Security Responsibilities, Phishing, Vishing |
| Art. 21(2)(b) Incident Handling | Incident Reporting, GDPR Compliance | General Incident Reporting, Tabletop Breach |
| Art. 21(2)(d) Supply Chain Security | Safe Communication & Sharing | Third-Party App OAuth Risks, Guest Access Management |
| Art. 21(2)(i) Human Resources Security | Workplace Security, Passwords & Account Security | Joiner-Mover-Leaver Awareness, Insider Threat (Intentional) |
| Art. 21(2)(j) Cryptography & Encryption | Device Security | Encryption & Lock Discipline, VPN Usage & Safety |
How Does RansomLeak Map to PCI DSS Requirements?
PCI DSS v4.0 Requirement 12.6 mandates a formal security awareness program for all personnel. RansomLeak training satisfies this requirement with documented completion records and threat-specific content updates.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| 12.6 Security Awareness Program | Security Policies & Your Role | Employee Security Responsibilities, ISMS Policy Awareness |
| 12.6.3 Threat Awareness Updates | Phishing & Impersonation Attacks, AI & LLM Security | Phishing, Smishing, QR Code Phishing, Clawdbot (Moltbot) Prompt Injection |
| 9.4 Media Protection | Protecting Sensitive Information, Device Security | Secure Document Disposal, USB Drop Attack |
| 8.3 Authentication Management | Passwords & Account Security | MFA Setup & Best Practices, Credential Stuffing Awareness |
| 12.10 Incident Response | Incident Reporting | General Incident Reporting, Reporting Culture |
How Does RansomLeak Map to DORA Requirements?
The Digital Operational Resilience Act (DORA) requires financial entities to implement ICT security awareness programs and test their operational resilience. RansomLeak delivers training that addresses Articles 13, 17, 25, and 28.
| Requirement Area | RansomLeak Courses | Example Exercises |
|---|---|---|
| Art. 13.6 ICT Security Awareness | Security Policies & Your Role, Device Security | Employee Security Responsibilities, Endpoint Patching & EDR Alerts |
| Art. 17 ICT Incident Reporting | Incident Reporting, GDPR Compliance | General Incident Reporting, Security Incident Response |
| Art. 28 Third-Party ICT Risk | Safe Communication & Sharing | Third-Party App OAuth Risks, Cloud Sharing Controls |
| Art. 25 ICT Testing Requirements | Real-World Incidents | MGM Resorts Breach, OneNote Email Attack, Tabletop Breach |
| Art. 11 Communication & Resilience | Remote & Home Office Security | VPN Usage & Safety, Home Router Security |
Why Do Compliance Audits Fail on Security Training?
The most common audit finding for security awareness training is not missing training, but missing evidence. Organizations run training programs but cannot prove which employees completed which exercises, when they completed them, or how those exercises map to specific framework controls. According to the Ponemon Institute's 2024 Cost of a Data Breach Report, organizations with structured training programs experienced breach costs 23% lower than those without.
Auditors want three things: proof that training covers the required control areas, timestamped completion records per employee, and evidence that training is refreshed regularly. Generic "annual security training" certificates rarely satisfy these requirements, especially under ISO 27001 and SOC 2 where specific control mappings are expected.
RansomLeak solves this by mapping every exercise to specific framework controls and generating exportable reports with per-employee completion data. Compliance teams can hand auditors a report that shows exactly which controls were covered and by whom.
Frequently Asked Questions
Common questions about compliance mapping and audit-ready training reports.
Which compliance frameworks does RansomLeak training cover?
RansomLeak training maps to seven major frameworks: SOC 2, ISO 27001, GDPR, HIPAA, NIS2, PCI DSS, and DORA. Each framework has specific requirement areas linked to relevant courses and exercises.
We update our mapping tables as frameworks release new versions or guidance documents. If your organization follows a framework not listed here, contact us to discuss custom mapping.
Can RansomLeak generate audit-ready compliance reports?
Yes. The platform exports compliance reports in PDF, CSV, and Excel formats that document training completion by employee, department, and framework requirement. Reports include timestamps, scores, and evidence of participation.
Auditors can verify that specific controls have been addressed through structured training records without manual data collection.
How often should compliance training be refreshed?
Most frameworks require at least annual training, but best practice is quarterly or monthly updates. SOC 2 and ISO 27001 auditors expect to see ongoing awareness activities, not just a single annual session.
RansomLeak ships new content monthly, so you can assign fresh exercises on a regular cadence without repeating the same material.
Does RansomLeak support SCORM for compliance LMS tracking?
Yes. Every exercise exports as a SCORM 1.2 or SCORM 2004 package that runs inside your existing LMS. Completion data, scores, and time spent flow directly into your LMS reporting system.
Visit our SCORM integration page for details on supported platforms and deployment steps.
Can training be customized for specific compliance requirements?
Yes. Our content team builds custom exercises tailored to your regulatory environment. Healthcare organizations can get HIPAA-specific scenarios. Financial institutions can focus on PCI DSS and DORA requirements.
Custom content follows the same interactive 3D format and integrates with the standard compliance reporting tools.
What evidence does RansomLeak provide for auditors?
RansomLeak generates detailed training records that include employee name, department, exercise completed, date, time spent, score, and the specific compliance control addressed. These records are exportable and retention policies keep historical data available for multi-year audits.
For organizations using SCORM, the LMS maintains its own independent audit trail alongside RansomLeak records.
Map Your Training to Compliance
Talk to our team about building a compliance-aligned training program, or explore the full exercise catalogue to see what is available.