What this fixes.
- —
Annual training = clicked-through, not learned
- —
One-size-fits-all misses high-risk roles
- —
Compliance officers prove completion, not change
Three jobs, on rails.
By role / risk
Content matched to actual exposure.
Scenario-based
Decision scenarios not multiple choice.
Behaviour, not seats
Reporting tied to incident metrics, not completion.
The path.
Map roles to risk exposure: who deals with PII, who deals with payments, who deals with vendors.
Replace multiple-choice with decision scenarios per risk profile.
Track behaviour metrics (near-misses, reported incidents) — not just completion rate.
Annually: drop the topics where behaviour metrics show no change; add the ones that need it.
One scenario, one outcome.
A finance ops lead gets a scenario: 'a vendor emails new bank details from a Gmail address two days before a wire'.
They pick 'verify by phone with a known contact'. Marked as correct. The scenario surfaces because last quarter, three near-misses involved exactly this pattern.
Scoped on a call.
3 weeks
Pilot → retainer
Scope confirmed in a 30-minute call. Fixed scope, fixed timeline before you sign. We'll send a one-page proposal within 48 hours.
Book a call →Same category.
NDA Conveyor
Generates NDAs, handles counter-redlines against your playbook, escalates only true policy breaks.
Contract Review & Redline
First-pass review against your playbook with risk-scored redlines — lawyers finalise instead of drafting.
Regulatory Change Monitor
Tracks regulatory updates across your jurisdictions, maps changes to your policies, flags required updates.