SCORM & programs for enterprises
NIS2 · ISO 27001 · SCORM 1.2 · EU-Hosting
For Enterprises · SCORM & Programs

Security awareness training as a SCORM package for your LMS.

The model

One standard program, two delivery models: as a SCORM 1.2 package in your own LMS or as cloud training with audit reports.

Data protection

With SCORM delivery, not a single employee record ever reaches us. Built on ongoing doctoral research.

Request the program → Try the full training — free
No company sign-up
No employee data required (SCORM)
NIS2 Art. 20 & 21 · EU hosting
Audit-ready for NIS2DORAISO 27001DSGVOSCORM 1.2
I · Delivery models

One training, two delivery models

The learning content is identical — the difference is where your employees' data lives.

With your own LMS

SCORM package for your LMS

You receive the complete training as a SCORM 1.2 package and deploy it in your own learning management system — SCORM 1.2 is supported by virtually every major LMS (e.g. Moodle, SAP SuccessFactors, Cornerstone). Tracking, completions and training records live entirely in your system.

  • No employee data at Webguardiola — including usage or completion data
  • For regulated industries and strict data protection requirements
  • Evidence where your auditors expect it: in your LMS
How the LMS integration works →
Without your own LMS

Cloud training on our platform

We host the training on our platform (EU hosting). Login works via email code — including on personal smartphones, with no company laptop or company email address required. That way you also reach production, logistics, retail and field teams.

  • Documented proof of participation and completion reports for your NIS2 audit
  • Data processing governed by a data processing agreement (Art. 28 GDPR)
  • Reaches teams that traditional training never reaches

Hybrid works too: office teams via SCORM in your own LMS, blue collar and supply chain via cloud access without company email — both in parallel, with identical content.

II · The standard program

One year, one standard

No modular kit, no feature list. One clearly structured year built on a simple principle: a strong kickoff, learning in two stages, reinforcement in between — because forgetting is every training's biggest enemy.

Phase 1 · Month 1

Kickoff: Cyber Security Month

One month of full attention: an introduction package for all employees, three podcast episodes on current security topics, and a challenge quiz with a prize. Goal: build momentum before the learning starts.

Phase 2 · Month 2

E-Learning Part 1

Three interactive comic-style modules: Password Security · Spotting Phishing · Social Media & Vishing. With quiz and personal certificate.

Phase 3 · Months 3–9

Reinforcement

Three further podcast episodes keep the topics alive throughout the year. Short, regular touchpoints demonstrably outperform rare marathon sessions.

Phase 4 · Month 8

E-Learning Part 2

Four modules for everyday work: Clean Desk · Mobile Work Security · Physical Security · AI & Shadow IT.

Optional · Months 10–12

Phishing campaign advisory

To close the year, we advise you on running your own phishing campaign: concept and creative design, a governance checklist (management, works council, communications) and an evaluation logic built on learning metrics, not blame metrics. Execution is handled by your IT or a tool of your choice — so all employee data stays with you. We never run phishing campaigns ourselves.

Scheduling

Your schedule

Example schedule — we align the start month and intervals with your business year. An October kickoff leverages the European Cyber Security Month.

Request the program →

Content in German and English — additional languages produced on request.

III · The content

7 modules, around 90 minutes

Interactive, comic-style, with quiz and personal certificate — no passive video watching.

Part 1

Password Security

Why "Summer2026!" is not a password: password managers, two-factor authentication and habits that stick.

Part 1

Phishing Awareness

What actually gives phishing away — and why confidence is more dangerous than ignorance.

Part 1

Social Media & Vishing

Social engineering via LinkedIn, Instagram and the phone: when the attacker sounds friendly.

Part 2

Clean Desk Policy

The tidy workplace as a security control: documents, screens, visitors.

Part 2

Mobile Work Security

Home office, train, café: working securely outside the office.

Part 2

Physical Security

Tailgating, unknown USB sticks, access control: attacks that don't come through the network.

Part 2

AI & Shadow IT

ChatGPT & co. at work: using the upside without giving away company data.

See for yourself

Test all modules for free

In full, no company sign-up, no sales call. That's exactly how most companies evaluate us first.

Start training →
IV · Data protection

Data protection by architecture — not by promise

With SCORM delivery, data protection is a technical fact

The training runs entirely inside your LMS. No interface to us, no transfer, no tracking by Webguardiola. For your employees' training data, no data processing relationship with us even arises — your data protection officers and works council review a package, not data flows.

SCORM: no employee data

Webguardiola does not receive, process or store any personal data of your employees — including usage, progress or completion data.

Cloud: EU hosting & DPA

With cloud training we process only the essentials — email for the login code, progress, certificates — on EU servers, governed by a DPA under Art. 28 GDPR.

Campaign data: stays with you

Phishing campaign advisory involves no employee data either — execution and evaluation remain entirely in your hands.

V · Research

Built from research, not a content factory

Webguardiola is being developed as part of an ongoing doctoral research project on why employees click phishing emails despite being convinced they can spot them (overconfidence bias). These findings shape the structure and feedback mechanisms of every module — from quiz design to the evaluation logic of our campaign advisory.

Not sure a full-year program is the right fit yet? Start smaller: you can try the complete core training for free — no company sign-up. For teams without their own LMS, the cloud training with audit reports is also available on its own.
FAQ

Frequently asked questions from enterprises

SCORM 1.2 — the standard with the broadest LMS support. We confirm compatibility with your system before you commit.
With the SCORM delivery model: no — no personal data whatsoever, including usage or completion data. With cloud training, we process only the essentials (email address for the login code, learning progress, certificates) on EU servers, governed by a data processing agreement under Art. 28 GDPR.
No. We don't run phishing campaigns ourselves — nobody is covertly tested by us, and we process no employee data for this. For companies planning their own campaign, we provide advisory support on concept, design and evaluation: our research on overconfidence bias shows what makes a test trigger learning instead of distrust.
With the SCORM delivery model, your LMS logs participation and completions — the evidence lives where your auditors expect it. With cloud training, you receive participation certificates and completion reports directly from us.
German and English; additional languages are produced on request.
Yes — in full and for free, with no company sign-up and no sales call. That's exactly how most companies evaluate us first.
Pricing depends on headcount, delivery model and program scope. After a short call, you receive a transparent offer with a clearly defined scope of services.
Yes — the structure is the same, just leaner. For smaller teams without their own LMS, cloud training is usually the easiest entry point; you can test the core training for free at any time.
A program, not a box-ticking exercise.

Ready for your program?

In a short call we cover delivery model (SCORM or cloud), your schedule, languages and NIS2 documentation — and you receive a transparent offer with a clearly defined scope of services.

Request the program

A short email is enough. What would you like to discuss?

  • SCORM package for your own LMS
  • Full-year program with kickoff month
  • Cloud training with audit reports
  • Phishing campaign advisory
  • NIS2 / ISO 27001 documentation
Request the program →

Or write directly to hello@webguardiola.com