Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon

Company

Partners About Us Blog Data Sheet PDF

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo

Compliance Mapping Guide

See exactly which RansomLeak exercises satisfy requirements for SOC 2, ISO 27001, ISO 27701, NIST CSF 2.0, GDPR, EU AI Act, CCPA / CPRA, HIPAA, HITRUST, PCI DSS, NIS2, DORA, and CMMC. Map your training program to compliance controls.

Each table below links specific framework requirements to the courses and exercises that address them, so you can build a training plan that satisfies your auditors.

Compliance mapping matrix showing four frameworks (SOC 2, ISO 27001, HIPAA, PCI DSS) mapped to four exercise categories (Phishing, BEC, Vishing, Data Handling) with checked coverage cells
SOC 2 ISO 27001 ISO 27701 NIST CSF GDPR EU AI Act CCPA / CPRA HIPAA HITRUST NIS2 PCI DSS DORA CMMC
13
Frameworks
15
Courses
100+
Exercises
Audit-Ready
Reports

How Does RansomLeak Map to SOC 2 Requirements?

SOC 2 Trust Services Criteria require organizations to demonstrate security awareness across their workforce. RansomLeak exercises map directly to Common Criteria controls, giving auditors the evidence they need.

Requirement Area RansomLeak Courses Example Exercises
CC1.4 Security Awareness & Communication Security Policies & Your Role, Phishing & Impersonation Attacks Employee Security Responsibilities, Phishing, Callback Phishing, Business Email Compromise, Social Engineering, Tech Support Scams, Calendar Invite Scams, Deepfake Audio Detection
CC6.1 Logical Access Controls Passwords & Account Security MFA Setup & Best Practices, MFA Fatigue Attack, Least Privilege Awareness, Privileged Access Basics
CC6.7 System Operations Monitoring Device Security, Web & Browser Safety Endpoint Patching & EDR Alerts, Safe Browsing & Downloads, Browser Notification Abuse
CC7.2 Anomaly & Incident Detection Incident Reporting, Workplace Security General Incident Reporting, Insider Threat (Accidental)
CC7.3 Incident Response GDPR Compliance, Incident Reporting Security Incident Response, Reporting Culture
CC9.2 Risk Mitigation Remote & Home Office Security, Safe Communication & Sharing VPN Usage & Safety, Cloud Sharing Controls, Collaboration Tool Hygiene, Secure Online Meetings, Verification Procedures
CC3.2 Risk Identification (AI & Emerging Tech) OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, Protecting Sensitive Information Prompt Injection Attack, Sensitive Data Exposure Through AI, AI Agent Goal Hijacking, AI Agent Tool Exploitation, Safe GenAI Usage
Read the full SOC 2 compliance guide

How Does RansomLeak Map to ISO 27001 Requirements?

ISO 27001 Annex A controls require documented security awareness programs. RansomLeak provides structured training content and completion tracking that satisfies these controls during certification audits.

Requirement Area RansomLeak Courses Example Exercises
A.6.3 Information Security Awareness Security Policies & Your Role, Phishing & Impersonation Attacks ISMS Policy Awareness, Phishing, Spear Phishing, Double Barrel Phishing, WhatsApp Social Engineering, Audit Mindset Basics, Audit Portal Training, Calendar Invite Scams, Deepfake Audio Detection, Invoice & Payment Fraud
A.5.10 Acceptable Use of Assets Protecting Sensitive Information, Device Security Internet & Email Acceptable Use, USB Drop Attack, File Extension Awareness
A.8.3 Access Restriction Passwords & Account Security MFA Fatigue Attack, Least Privilege Awareness, Joiner-Mover-Leaver Awareness
A.5.24 Incident Management Incident Reporting, GDPR Compliance General Incident Reporting, Security Incident Response
A.8.7 Malware Protection Device Security, Web & Browser Safety Ransomware, IoT & Smart Device Security, SEO Poisoning Awareness, Browser Extension Safety, HTTPS & Website Security, Image-Based Attacks (Stegosploit)
A.5.14 Information Transfer Safe Communication & Sharing, Protecting Sensitive Information Secure Messaging Practices, Secure Sharing Practices, Collaboration Tool Hygiene, Metadata Awareness, Log Sensitivity Awareness, Secure Online Meetings
A.5.23 Security for Cloud & AI Services OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, Protecting Sensitive Information AI Supply Chain Compromise, Agentic AI Supply Chain Attack, Over-Permissioned AI Agent, Agent Identity and Privilege Abuse, Agent-to-Agent Communication Spoofing, AI Denial-of-Service Attack, Safe GenAI Usage
Read the full ISO 27001 compliance guide

How Does RansomLeak Map to ISO 27701 Requirements?

ISO 27701 extends ISO 27001 with privacy information management controls aligned to GDPR. Annex B covers PII controllers (purpose, lawful basis, consent, data subject rights, transfers) and Annex C covers PII processors (processing under instructions, sub-processors, return and disposal of PII).

Requirement Area RansomLeak Courses Example Exercises
B.7.2 Conditions for Collection & Processing GDPR Compliance, OWASP Top 10 Privacy Risks Privacy by Design Review, Marketing Consent Management, Data Mapping and Records of Processing, Excessive Personal Data Collection, Consent Dark Patterns and Bundled Permissions
B.7.3 Obligations to PII Principals (DSAR) GDPR Compliance, OWASP Top 10 Privacy Risks Legitimate DSAR Processing, Fraudulent DSAR Detection, Blocked Data Subject Access Requests, Personal Data Deletion Failures
B.7.4 Privacy by Design & Default GDPR Compliance, OWASP Top 10 Privacy Risks Privacy by Design Review, Data Protection Impact Assessment, Privacy Breach Through Application Vulnerabilities, Session Hijacking Through Missing Expiration
B.7.5 PII Sharing, Transfer & Disclosure GDPR Compliance, Safe Communication & Sharing, Protecting Sensitive Information, OWASP Top 10 Privacy Risks Cross-Border Data Transfers, Third-Party Data Processor Vetting, Cloud Sharing Controls, Metadata Awareness, Log Sensitivity Awareness, Internal Data Leakage to Unauthorized Parties
C.8.5 Customer Obligations & Notification GDPR Compliance, Incident Reporting, OWASP Top 10 Privacy Risks Data Breach Response, General Incident Reporting, Handling a Personal Data Breach
A.6.3 / A.5.10 ISMS Awareness Foundation Security Policies & Your Role, Phishing & Impersonation Attacks Employee Security Responsibilities, Phishing, Internet & Email Acceptable Use
A.5.23 Privacy in AI / Cloud Services OWASP Top 10 for LLM Applications, Protecting Sensitive Information Sensitive Data Exposure Through AI, AI Training Data Poisoning, AI System Prompt Extraction, Safe GenAI Usage

How Does RansomLeak Map to NIST CSF 2.0?

NIST Cybersecurity Framework 2.0 organizes security around six functions: Govern, Identify, Protect, Detect, Respond, and Recover. The Protect function explicitly mandates a workforce awareness program (PR.AT-1), with adjacent functions requiring competency in detection, response, and recovery.

Function & Category RansomLeak Courses Example Exercises
GV.OC / PR.AT-1 Awareness & Training Security Policies & Your Role, Phishing & Impersonation Attacks Employee Security Responsibilities, ISMS Policy Awareness, Phishing, Whaling With A Deepfake, Business Email Compromise, Social Engineering, Calendar Invite Scams, Deepfake Audio Detection
ID.RA Risk Assessment (incl. AI risk) Real-World Incidents, OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications MGM Resorts Breach, OneNote Email Attack, Sensitive Data Exposure Through AI, Detecting a Rogue AI Agent
PR.AA Identity Management & Authentication Passwords & Account Security MFA Setup & Best Practices, MFA Fatigue Attack, Password Manager Habits, Privileged Access Basics
PR.DS Data Security Protecting Sensitive Information, Safe Communication & Sharing Data Classification Basics, Data Leakage, Identity Theft Prevention, Secure Sharing Practices, Cloud Sharing Controls, Metadata Awareness, Log Sensitivity Awareness, Safe GenAI Usage
PR.IR-3 Resilience & Backup Device Security Backup Best Practices, Ransomware, Endpoint Patching & EDR Alerts
DE.AE / DE.CM Anomaly & Event Detection Web & Browser Safety, Workplace Security SEO Poisoning Awareness, Browser Extension Safety, Insider Threat (Accidental), Shadow IT Awareness, Typosquatting Awareness
RS.MA / RS.CO Incident Response & Communication Incident Reporting, GDPR Compliance General Incident Reporting, Reporting Culture, Data Breach Response, Security Incident Response

How Does RansomLeak Map to GDPR Requirements?

GDPR Articles 39 and 47 require data protection training for employees who process personal data. RansomLeak offers a dedicated GDPR Compliance course with exercises that cover breach response, data subject rights, and privacy by design.

Requirement Area RansomLeak Courses Example Exercises
Art. 39 DPO Awareness Training GDPR Compliance Data Mapping and Records of Processing, Data Protection Impact Assessment
Art. 33 Breach Notification GDPR Compliance, Incident Reporting, OWASP Top 10 Privacy Risks Data Breach Response, Handling a Personal Data Breach, General Incident Reporting
Art. 25 Privacy by Design GDPR Compliance, OWASP Top 10 Privacy Risks Privacy by Design Review, Cookie Compliance, Privacy Breach Through Application Vulnerabilities, Session Hijacking Through Missing Expiration
Art. 15-22 Data Subject Rights GDPR Compliance, OWASP Top 10 Privacy Risks Legitimate DSAR Processing, Fraudulent DSAR Detection, Blocked Data Subject Access Requests, Personal Data Deletion Failures
Art. 28 Processor Obligations GDPR Compliance Third-Party Data Processor Vetting
Art. 44-49 International Transfers GDPR Compliance Cross-Border Data Transfers
Art. 5 Data Principles GDPR Compliance, Protecting Sensitive Information, OWASP Top 10 Privacy Risks Data Retention, Data Classification Basics, PII Document Redaction, Metadata Awareness, Log Sensitivity Awareness, Excessive Personal Data Collection, Outdated and Inaccurate Personal Data, Opaque Privacy Policies and Hidden Data Practices
Art. 22 Automated Decision-Making & AI Profiling OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, Protecting Sensitive Information, OWASP Top 10 Privacy Risks Sensitive Data Exposure Through AI, AI Training Data Poisoning, AI Agent Memory Poisoning, Safe GenAI Usage, Consent Dark Patterns and Bundled Permissions
Read the full GDPR compliance guide

How Does RansomLeak Map to EU AI Act Requirements?

The EU AI Act establishes legally binding obligations for organizations that develop, deploy, or use AI systems in the European Union. Articles 4, 14, 26, 27, 50, and 62 explicitly mandate workforce training, AI literacy, and competency in human oversight. RansomLeak ships a dedicated EU AI Act Compliance course with 16 interactive exercises that map article-by-article to the regulation.

Requirement Area RansomLeak Courses Example Exercises
Art. 4 AI Literacy Requirement EU AI Act Compliance, OWASP Top 10 for LLM Applications AI Literacy Essentials, Using AI Tools Responsibly at Work, Sensitive Data Exposure Through AI, Safe GenAI Usage
Art. 5 Prohibited AI Practices EU AI Act Compliance Prohibited AI Practices, AI Risk Classification
Art. 10 Data Governance (High-Risk AI) EU AI Act Compliance, GDPR Compliance AI Data Governance, Data Mapping and Records of Processing, AI Bias and Discrimination
Art. 14 Human Oversight EU AI Act Compliance Meaningful Human Oversight, High-Risk AI Deployer Obligations
Art. 26 Deployer Obligations EU AI Act Compliance High-Risk AI Deployer Obligations, Provider vs. Deployer Responsibilities, AI Governance in Your Organization
Art. 27 Fundamental Rights Impact Assessment EU AI Act Compliance, GDPR Compliance Fundamental Rights Impact Assessment, AI and Data Protection
Art. 50 Transparency & Disclosure EU AI Act Compliance AI Transparency and Disclosure, Using AI Tools Responsibly at Work
Art. 51-56 General-Purpose AI Models EU AI Act Compliance, OWASP Top 10 for LLM Applications General-Purpose AI Model Obligations, AI Supply Chain Compromise, AI System Prompt Extraction
Art. 62 Serious Incident Reporting EU AI Act Compliance, Incident Reporting, GDPR Compliance AI Incident Reporting, General Incident Reporting, Reporting Culture
Art. 99 Penalties & Personal Liability EU AI Act Compliance, Security Policies & Your Role EU AI Act Penalties and Enforcement, AI Governance in Your Organization, Employee Security Responsibilities
Read the full EU AI Act compliance guide

How Does RansomLeak Map to CCPA / CPRA Requirements?

The California Consumer Privacy Act and its successor the California Privacy Rights Act grant California residents specific rights over their personal information. Businesses must train staff on identifying valid requests, opt-out workflows, sensitive PI handling, and breach response under §1798.150.

Requirement Area RansomLeak Courses Example Exercises
§1798.100 / .105 Right to Know & Delete GDPR Compliance, Protecting Sensitive Information Legitimate DSAR Processing, Fraudulent DSAR Detection, Data Classification Basics
§1798.120 Right to Opt-Out of Sale or Sharing GDPR Compliance Marketing Consent Management
§1798.121 Right to Limit Sensitive PI Use (CPRA) Protecting Sensitive Information Data Classification Basics, PII Document Redaction, Metadata Awareness, Log Sensitivity Awareness
§1798.140 Personal Information Inventory GDPR Compliance Data Mapping and Records of Processing
§1798.150 Breach Notification & Private Right of Action Incident Reporting, GDPR Compliance Data Breach Response, General Incident Reporting
Service-Provider & Contractor Obligations Safe Communication & Sharing, GDPR Compliance Third-Party Data Processor Vetting, Third-Party App OAuth Risks
Reasonable Security Practices Phishing & Impersonation Attacks, Passwords & Account Security Phishing, Callback Phishing, Typosquatting Awareness, MFA Setup & Best Practices, Credential Stuffing Awareness, Calendar Invite Scams, Deepfake Audio Detection, Verification Procedures

How Does RansomLeak Map to HIPAA Requirements?

HIPAA Security and Privacy Rules mandate workforce training on safeguarding protected health information. RansomLeak exercises address the specific administrative, physical, and technical safeguards outlined in 45 CFR Part 164.

Requirement Area RansomLeak Courses Example Exercises
§164.308(a)(5) Security Awareness Security Policies & Your Role, Phishing & Impersonation Attacks Employee Security Responsibilities, Phishing, Callback Phishing, Double Barrel Phishing, Whaling With A Deepfake, Social Engineering, Tech Support Scams, Calendar Invite Scams, Deepfake Audio Detection, Invoice & Payment Fraud
§164.530(b) Privacy Training Protecting Sensitive Information, GDPR Compliance Data Classification Basics, PII Document Redaction, Identity Theft Prevention, Metadata Awareness, Log Sensitivity Awareness
§164.308(a)(6) Incident Procedures Incident Reporting, GDPR Compliance General Incident Reporting, Security Incident Response
§164.312(d) Authentication Passwords & Account Security MFA Setup & Best Practices, MFA Fatigue Attack, Password Manager Habits
§164.310(b) Workstation Security Device Security, Workplace Security Encryption & Lock Discipline, Mobile Device Security, Clean Desk Policy, Mobile App Permissions
§164.308(a)(3) Workforce Security Workplace Security Insider Threat (Accidental), Insider Threat (Intentional), Joiner-Mover-Leaver Awareness
§164.308(a)(1)(ii)(B) Risk Analysis (AI Tools) OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, Protecting Sensitive Information Sensitive Data Exposure Through AI, AI Hallucination and Misinformation, Over-Permissioned AI Agent, Safe GenAI Usage
Read the full HIPAA compliance guide

How Does RansomLeak Map to HITRUST CSF Requirements?

HITRUST CSF is the dominant framework for healthcare and high-trust environments, harmonizing HIPAA, NIST, ISO 27001, and PCI DSS into a single certifiable control set. Workforce awareness and training requirements appear across multiple control categories from Information Security Management to Privacy Practices.

Control Category RansomLeak Courses Example Exercises
01 Information Security Management Program Security Policies & Your Role Employee Security Responsibilities, ISMS Policy Awareness, Internet & Email Acceptable Use, Audit Mindset Basics, Audit Portal Training
07 Vulnerability Management Device Security, Web & Browser Safety Endpoint Patching & EDR Alerts, OS Updates & Patching Basics, Browser Extension Safety, HTTPS & Website Security, Image-Based Attacks (Stegosploit)
08 Access Control Passwords & Account Security MFA Setup & Best Practices, Least Privilege Awareness, Joiner-Mover-Leaver Awareness, Privileged Access Basics
09 Communications & Operations Safe Communication & Sharing, Protecting Sensitive Information Secure Sharing Practices, Cloud Sharing Controls, Data Classification Basics, Metadata Awareness, Log Sensitivity Awareness, Secure Online Meetings
11 Information Security Incident Management Incident Reporting, GDPR Compliance General Incident Reporting, Reporting Culture, Data Breach Response
12 Business Continuity & Disaster Recovery Device Security Backup Best Practices, Ransomware
15 Privacy Practices GDPR Compliance, Protecting Sensitive Information PII Document Redaction, Privacy by Design Review, Data Classification Basics, Excessive Personal Data Collection, Outdated and Inaccurate Personal Data, Opaque Privacy Policies and Hidden Data Practices, Safe GenAI Usage

How Does RansomLeak Map to NIS2 Requirements?

The NIS2 Directive requires essential and important entities across the EU to implement cybersecurity training and hygiene practices. Article 21 specifically mandates human resources security and awareness programs.

Requirement Area RansomLeak Courses Example Exercises
Art. 21(2)(g) Cyber Hygiene & Training Security Policies & Your Role, Phishing & Impersonation Attacks, Device Security Employee Security Responsibilities, Phishing, Callback Phishing, Whaling With A Deepfake, Business Email Compromise, Vishing, Mobile Device Security, Browser Autofill Risks, Calendar Invite Scams, Deepfake Audio Detection, Mobile App Permissions
Art. 21(2)(b) Incident Handling Incident Reporting, GDPR Compliance, OWASP Top 10 Privacy Risks General Incident Reporting, Reporting Culture, Handling a Personal Data Breach
Art. 21(2)(d) Supply Chain Security Safe Communication & Sharing, Phishing & Impersonation Attacks Third-Party App OAuth Risks, Guest Access Management, Verification Procedures, Invoice & Payment Fraud
Art. 21(2)(i) Human Resources Security Workplace Security, Passwords & Account Security Joiner-Mover-Leaver Awareness, Insider Threat (Intentional)
Art. 21(2)(j) Cryptography & Encryption Device Security Encryption & Lock Discipline, VPN Usage & Safety, Safe Bluetooth Practices, IoT & Smart Device Security
Art. 21(2)(e) ICT Acquisition & Development (AI Systems) OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications AI Agent Code Injection, Unsafe AI Output Handling, Agentic AI Supply Chain Attack, AI Denial-of-Service Attack, Agent-to-Agent Communication Spoofing
Read the full NIS2 compliance guide

How Does RansomLeak Map to PCI DSS Requirements?

PCI DSS v4.0 Requirement 12.6 mandates a formal security awareness program for all personnel. RansomLeak training satisfies this requirement with documented completion records and threat-specific content updates.

Requirement Area RansomLeak Courses Example Exercises
12.6 Security Awareness Program Security Policies & Your Role Employee Security Responsibilities, ISMS Policy Awareness
12.6.3 Threat Awareness Updates Phishing & Impersonation Attacks, AI & LLM Security, Device Security Phishing, Callback Phishing, Double Barrel Phishing, Whaling With A Deepfake, Business Email Compromise, Smishing, QR Code Phishing (Quishing), Typosquatting Awareness, Mobile Device Security, OpenClaw Prompt Injection, Calendar Invite Scams, Deepfake Audio Detection, Invoice & Payment Fraud
9.4 Media Protection Protecting Sensitive Information, Device Security Secure Document Disposal, USB Drop Attack
8.3 Authentication Management Passwords & Account Security MFA Setup & Best Practices, MFA Fatigue Attack, Credential Stuffing Awareness
12.10 Incident Response Incident Reporting General Incident Reporting, Reporting Culture
6.2 Secure Software Development (AI Systems) OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications Unsafe AI Output Handling, AI Agent Code Injection, RAG Pipeline Exploitation
Read the full PCI DSS compliance guide

How Does RansomLeak Map to DORA Requirements?

The Digital Operational Resilience Act (DORA) requires financial entities to implement ICT security awareness programs and test their operational resilience. RansomLeak delivers training that addresses Articles 13, 17, 25, and 28.

Requirement Area RansomLeak Courses Example Exercises
Art. 13.6 ICT Security Awareness Security Policies & Your Role, Device Security Employee Security Responsibilities, Callback Phishing, Whaling With A Deepfake, Endpoint Patching & EDR Alerts, Mobile Device Security, IoT & Smart Device Security, Browser Notification Abuse, Mobile App Permissions
Art. 17 ICT Incident Reporting Incident Reporting, GDPR Compliance, OWASP Top 10 Privacy Risks General Incident Reporting, Security Incident Response, Handling a Personal Data Breach
Art. 28 Third-Party ICT Risk Safe Communication & Sharing, Phishing & Impersonation Attacks Third-Party App OAuth Risks, Cloud Sharing Controls, Verification Procedures, Invoice & Payment Fraud
Art. 25 ICT Testing Requirements Real-World Incidents MGM Resorts Breach, OneNote Email Attack, General Incident Reporting
Art. 11 Communication & Resilience Remote & Home Office Security VPN Usage & Safety, Home Router Security
Art. 16 ICT Risk Management (AI & Agentic Systems) OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, Protecting Sensitive Information AI Agent Goal Hijacking, Multi-Agent Cascading Failure, Detecting a Rogue AI Agent, Over-Trusting AI Agent Recommendations, AI Denial-of-Service Attack, Agent-to-Agent Communication Spoofing, Safe GenAI Usage

How Does RansomLeak Map to CMMC Level 1 Requirements?

CMMC Level 1 (Foundational) implements the 17 basic safeguarding requirements of FAR 52.204-21 for U.S. defense contractors handling Federal Contract Information. While many requirements are technical, several mandate workforce awareness around access control, identification, media handling, physical security, and malicious-code protection.

Practice RansomLeak Courses Example Exercises
AC.L1-3.1.1 Limit System Access Passwords & Account Security Least Privilege Awareness, Privileged Access Basics, Account Recovery Security
AC.L1-3.1.20 / 3.1.22 External Connections & Public Systems Web & Browser Safety, Safe Communication & Sharing Safe Browsing & Downloads, Social Media Oversharing, Social Media Policy
IA.L1-3.5.1 / 3.5.2 Identify & Authenticate Users Passwords & Account Security MFA Setup & Best Practices, MFA Fatigue Attack, Password Manager Habits
MP.L1-3.8.3 Media Sanitization & Protection Device Security, Protecting Sensitive Information USB Drop Attack, Data Classification Basics, Metadata Awareness, Log Sensitivity Awareness
PE.L1-3.10.1 / 3.10.3 Physical Access & Visitor Control Workplace Security Insider Threat (Accidental), Insider Threat (Intentional), Shadow IT Awareness
SI.L1-3.14.1 / 3.14.2 Identify Malicious Code Phishing & Impersonation Attacks, Device Security, Web & Browser Safety Phishing, Callback Phishing, Tech Support Scams, Ransomware, Image-Based Attacks (Stegosploit)
SI.L1-3.14.5 Periodic Scans & Updates Device Security OS Updates & Patching Basics, Endpoint Patching & EDR Alerts

Frequently Asked Questions

Which compliance frameworks does RansomLeak training cover?

RansomLeak training maps to thirteen major frameworks: SOC 2, ISO 27001, ISO 27701, NIST CSF 2.0, GDPR, the EU AI Act, CCPA / CPRA, HIPAA, HITRUST CSF, PCI DSS, NIS2, DORA, and CMMC Level 1. Each framework has specific requirement areas linked to relevant courses and exercises.

This page is the cross-reference matrix for scope comparison. For framework deep dives (audit failure modes, named enforcement actions, control-by-control coverage), see the compliance framework guides.

Can RansomLeak generate audit-ready compliance reports?

Yes. The platform exports compliance reports in PDF, CSV, and Excel formats that document training completion by employee, department, and framework requirement. Reports include timestamps, scores, and evidence of participation.

Auditors can verify that specific controls have been addressed through structured training records without manual data collection.

How often should compliance training be refreshed?

Most frameworks require at least annual training, but best practice is quarterly or monthly updates. SOC 2 and ISO 27001 auditors expect to see ongoing awareness activities, not just a single annual session.

RansomLeak ships new content monthly, so you can assign fresh exercises on a regular cadence without repeating the same material.

Does RansomLeak support SCORM for compliance LMS tracking?

Yes. Every exercise exports as a SCORM 1.2 or SCORM 2004 package that runs inside your existing LMS. Completion data, scores, and time spent flow directly into your LMS reporting system.

Visit our SCORM integration page for details on supported platforms and deployment steps.

Can training be customized for specific compliance requirements?

Yes. Our content team builds custom exercises tailored to your regulatory environment. Healthcare organizations can get HIPAA-specific scenarios. Financial institutions can focus on PCI DSS and DORA requirements.

Custom content follows the same interactive 3D format and integrates with the standard compliance reporting tools.

What evidence does RansomLeak provide for auditors?

RansomLeak generates detailed training records that include employee name, department, exercise completed, date, time spent, score, and the specific compliance control addressed. These records are exportable and retention policies keep historical data available for multi-year audits.

For organizations using SCORM, the LMS maintains its own independent audit trail alongside RansomLeak records.

Map Your Training to Compliance

Talk to our team about building a compliance-aligned training program. Read the CISO buyer's guide for evaluation criteria, or explore the full exercise catalogue.

Contact Sales Browse Catalogue