2LRN4 security awareness platform
NL · EN
← Back to support

Implementation Plan

“At Cyber Inc., we understand that achieving your goals is essential. Whether you are looking for support with internal communication or awareness programs, we are here to help you succeed. Tell us what you need, and we will make sure everything is arranged down to the smallest detail. Because only when you can successfully deploy the 2LRN4 platform within your own organization are we truly satisfied.”

— Alain Rees, Director of Cyber Inc.


Approach

On our support website, you will find detailed instruction pages to independently complete the technical implementation. We are happy to share our expertise, provide guidance, and offer practical tips along the way.

By default, we ensure the platform is fully configured and ready to launch, including:


  • Roles and administrator access
  • Branding (logo and colors)
  • Language selection
  • Course management
  • Gamification (rewards/badges)
  • Certificates


Technical Implementation

Duration: maximum 45 minutes

  • Grant (system) administrator access to the 2LRN4 platform
  • Azure AD integration via Azure Graph
  • Acceptance criteria: users (or a test group) are synchronized from Azure AD to 2LRN4 (optional, standard with the Flexible package)
  • SSO integration based on SAML2
  • Acceptance criteria: users do not need to log in a second time and will not see a separate login screen
  • Set up phishing campaigns


Program Implementation

Duration: 1–2 days

  • Proposal for an online privacy and security awareness program
  • 12 courses per year
  • Each course includes: 2 introduction videos, one e-learning module, and a test
  • Additional documents, videos, and test questions can be added

Acceptance criteria:

  • Course order (timing) and target audience can be adjusted
  • Additional categories can be created (e.g., onboarding for new employees or temporary/external staff)
  • Existing or custom courses can be made available
  • Link groups, departments, or individuals to categories and courses
  • Acceptance criteria: employees automatically receive assigned courses based on their department

Together with the client, we determine which employees, groups, or departments receive which courses and when. While everything can be adjusted independently by the client, Cyber Inc. provides advice and hands-on support.

To ensure relevance, we demonstrate how privacy and security risks also apply to personal life. When people are aware of risks in their private lives, they are more likely to apply that behavior at work.


Communication Implementation

Duration: 2–3 days

  • Determine when employees receive platform emails, notifications, or no message
  • Customize email templates
  • Use the blog module within the platform
  • Acceptance criteria: messages can be added to a course
  • Adjust gamification (badges and rewards)
  • Images, parameters, and triggers can be customized
  • Leaderboard with or without names
  • Configure certificates
  • Customize certificate text
  • Adjust certificate design


Management Implementation

Duration: 0.5–1 hour

  • Define who requires access to the reporting module
  • Configure reporting
  • Acceptance criteria: reports can be scheduled and automatically sent by email


Identified Risks and Control Measures

We proactively anticipate unforeseen circumstances by testing the program with a test account. This is done both at the start and several weeks before a course is released.

Although the base setup is automated, customer-specific adjustments—such as branding and department-to-course assignments—require manual configuration. Therefore, we apply the four-eyes principle by having a second person verify the setup.

We also ask clients to test the platform from both an office and a remote working environment. This helps identify potential internal security settings that may block certain functionalities.


Risks per Implementation Phase

1. Technical Implementation

  • Not all system administrators regularly configure integrations; therefore, we provide a step-by-step guide and offer hands-on assistance.
  • The integration is always tested with one user first, typically the system administrator.
  • If multiple Azure AD tenants exist, multiple integrations are configured.

2. Program Implementation

  • Some courses build upon previous ones. We provide guidance on dependencies to support proper planning and department/course alignment.

3. Communication Implementation

  • We advise which email templates are essential, so not all templates need customization.
  • We also advise when email is preferable and when a platform notification is more appropriate.

4. Management Implementation

  • Users with the manager role can only view their own employees within the platform.

The greatest risks, however, are not technical. Even the best tools and training programs are ineffective if they are not actively used. Organizations with over 80% voluntary monthly participation share three characteristics: strong management involvement, clear communication, and ongoing attention. We actively support clients in these areas.


Complaints and Service Improvement

We take suggestions for improvement seriously and reward users with extra points when they contribute ideas—even if they improve text created by the client.

Complaints are addressed immediately and discussed with the client to ensure resolution. Suggestions for service improvements or new features enter a structured process: a ticket is created so that status updates are always visible and can be reviewed during meetings.

Planned maintenance is announced in advance on the platform and support page, where technical platform status is visible. Any incidents are also transparently communicated there.


Service Delivery Approach

Everything—including email texts for reminders, activities, and scheduling—is fully customizable. Standard templates can also be used.

Standard planning:

  • One course is released each month
  • Employees receive an email containing the course title, description, learning objectives, activities, and estimated duration
  • No complex registration procedures
  • Automatic assignment based on department

We generally recommend:

  • No reminders when courses are released monthly
  • Two monthly reports to department managers:
  • Progress per department
  • Progress per employee within that department

If three courses per quarter are chosen, we recommend enabling reminders.


Campaign Planning (Indicative Timeline)

The purpose of this timeline is to reduce privacy and security risks by increasing knowledge, addressing the human factor. Employee progress is measurably documented to demonstrate compliance with relevant standards.


Quarter 1

  • Passwords
  • Phishing
  • Social engineering
  • Reporting / analysis / review
  • Phishing campaign

Quarter 2

  • GDPR basics
  • Flexible working
  • Data processing
  • Reporting / analysis / review
  • Phishing campaign

Quarter 3

  • Social media
  • Physical security
  • CEO fraud
  • Reporting / analysis / review
  • Phishing campaign

Quarter 4

  • Secure use of mobile devices
  • Safe browsing
  • GDPR in practice
  • Reporting / analysis / review
  • Phishing campaign


Stuck?

Ask a question or book a short demo. We’ll help you move forward.

Contact Back to support