Home · Blog · Compliance
Compliance

How to design an ISO 27001 refresher people don't skip

JTJames T. 8 min read

Annual ISO 27001 refreshers fail because they're indistinguishable from last year's. People skip-to-end on muscle memory. Change the shape.

The four-screen arc

  1. The breach. A real (anonymised) incident from the last 12 months, two minutes, told as story.
  2. The cost. What it actually meant — financial, reputational, who lost their job.
  3. The choice. A scenario where the learner would have prevented it, or not.
  4. The control. Only here, after the emotional arc, the ISO 27001 control that maps to the incident.

Why it works

You're not teaching the standard. You're using the standard to teach the prevention. The standard becomes a side-effect of the story.

SaaS client (Series C), 320 staff. Old: 64% completion, average 4 minutes (skipped). New: 96% completion, average 11 minutes (engaged).

Want a course like this — built to your brand?

We design and build interactive learning on a flat monthly subscription. Send a brief, get a free working interactive design back within four days.

Get a free interactive design

Keep reading

Compliance

Why most AML training fails the audit — and what to fix
Compliance

GDPR for marketing teams: a 12-minute module that sticks
Onboarding

The 11-day onboarding sprint that replaced a 90-day handbook