Turn your policy into training.
Create documented proof of understanding for audits.
Most compliance training programs treat your entire organization as a single audience. Everyone gets the same module, everyone clicks through the same slides, and at the end of the quarter, you can tick a box saying training was completed.
Role-based compliance training is different.
It means your finance team learns about payment authorization procedures and invoice fraud. Your developers get trained on secure coding and access management. Your HR team focuses on data handling and employee privacy. Everyone learns what's actually relevant to how they work and what risks they carry.
This is increasingly what the regulations your policies were built around require.
Several major frameworks now explicitly call for training to be tailored to role and responsibility, not just delivered organization-wide.
NIS2, the EU's updated cybersecurity directive that came into force in October 2024, requires essential and important entities to implement training as part of their risk management obligations. NIS2 expects a role-based annual training system with traceable evidence, effectiveness checks, and governance reporting. Not a blanket awareness session checked off once a year.
ISO 27001 is equally specific. It emphasizes the need to provide employees with relevant information security training tailored to their roles, to ensure they understand how to protect data and follow company policies.
GDPR takes a similar angle. It doesn’t specify a syllabus, but it requires proactive accountability and that anyone processing personal data does so with full knowledge of their obligations.
The common thread: these frameworks don't just want proof that training happened. They want proof that the right people got trained on the right things. A single role-based plan can cover the awareness, competence, and documentation requirements of all three frameworks, as long as it defines scope, content per profile, cadence, and evidence for each.
Here's where most compliance training vendors fall short, and why buying a content library doesn't solve the problem.
A generic module is fine for broad awareness. But it can't reflect your internal payment authorization policy. It won't know that your finance team operates with a dual-approval rule for transfers above a certain threshold. It won't know that your developers are working with cloud infrastructure that carries specific access risks. It was built for everyone, which means it was built for no one in particular.
The result is training that employees rightfully see as irrelevant. They click through it because they have to. They retain almost nothing. And when an auditor asks whether your finance team was trained on the specific controls in your treasury policy, "we completed the vendor's module on financial fraud" is not a satisfying answer.
Role-based training only works when it's grounded in your actual policies and procedures. Otherwise you're creating roles on paper while delivering generic content in practice.
The obvious solution has always been custom training content. Hire an instructional designer, brief them on your policies, build a module per department, review it with legal, update it every time a policy changes.
It works. It's also expensive, slow, and completely unsustainable for any organization that isn't running a dedicated learning and development team. For a company of 80 people where one person owns compliance alongside four other responsibilities, building custom training per department is simply not a realistic option.
This is the gap that AI now fills.
Securan is built around a simple idea: your policy is already the training content. You just need a tool that can turn it into something employees can actually learn from.
Here's how to set up role-based training in practice:
1. Upload your policy
Start by uploading the policy or SOP you want to train on. This could be your information security policy, your financial controls document, your data handling procedures, or any other internal document employees are expected to follow.
2. Write a prompt that specifies role relevance
When generating the training program, you can write a prompt that tells the AI which parts of the policy matter most for which roles. For example: "Focus the finance department training on the payment authorization procedure, dual-approval requirements, and the section on third-party invoice verification. The rest of the organization only needs the general data handling and reporting sections."
That's it. The training generated for your finance team will reflect what's actually in their job description and what the policy says about it. Not just a generic phishing module.
3. Create groups per department or role
In Securan, you create separate groups for different teams. Finance, engineering, HR, operations — each gets their own group. You assign the relevant training program to each group, and employees only see what's been built for them.
4. Generate the training program per role
For each group, Securan generates a microtraining program based on the policy and the prompt. It's short, focused, and tied directly to the procedures employees are supposed to follow. Not a 45-minute course covering every possible topic in the vague hope something sticks.
5. When the policy changes, update the training automatically
This is where most compliance programs quietly break down. Policies change. Training doesn't. Six months later, employees have been trained on procedures that no longer exist.
In Securan, when a policy is updated, you re-upload it and generate a new training program. Employees in the relevant groups are automatically prompted to retrain. Every completion is logged against the specific policy version, so you have clean evidence of who was trained on what, and when.
Role-based compliance training used to require either a big budget or a lot of manual work. With AI, neither is true anymore. The main thing you need is your policy. The rest follows from there.
Securan is a platform that lets you generate a compliance training program based on your specific policy or prompt. Invite your employees, collect training evidence, and prove compliance during audits. Flat €100 per month, no matter how many users you have. Cancel any time.
Create documented proof of understanding for audits.
Securan is a platform that turns your SOP into a training program for documented proof of understanding.
