Why Awareness-as-a-Service

Why Awareness-as-a-Service?

Not the next compliance checkbox. A measurable programme that protects people — and is not itself a security risk.

Compliance on one page

Every requirement. One programme.

We map the most common regulations directly — no manual mapping between tool and requirement.

Requirement	Source	How we address it
Awareness training for staff	NIS2 Art. 21 (2) g	Micro-modules + mandatory quotas + quarterly report
Information security awareness	ISO 27001 A.7.2.2	Documented training, certificates, audit log
Training evidence	GDPR Art. 32 (1) b	Reporting with employee granularity (anonymised)
Appropriate data protection measures	FADP Art. 8	Same evidence, Swiss hosting
Awareness concept	BSI IT-Grundschutz ORP.3	Concept + measures + effectiveness measurement
Banking supervision	FINMA Circ. 2023/1	Industry-specific templates + reporting

Made in Switzerland

Infrastructure you can trust.

Awareness-as-a-Service runs entirely on Swiss infrastructure — no US cloud dependencies, no CLOUD Act risk. Our data centres are in Switzerland and Germany (EU). All data is subject to FADP (Switzerland) and GDPR (EU).

Hosting CH/EU

Data centres in Zurich and Frankfurt — no US cloud provider

FADP & GDPR

Data processing agreement documented, standard contractual clauses in place

ISO 27001

Infrastructure certification in preparation

SLA 99.9%

Availability guarantee for all production services

Privacy posture

No security tool that is itself a risk.

Many security products load external resources, set tracking cookies, and send data to the US. We don't.

Fonts

No Google Fonts

Fonts are served locally — no DNS lookup to Google servers, no fingerprinting.

No tracking cookies

No analytics, no retargeting, no session replay. Only technically necessary cookies.

Cloud

No US cloud

No AWS, Azure, GCP, or Cloudflare Workers. Infrastructure is in CH and DE.

Fonts

Self-hosted Inter

The Inter font is embedded locally — full privacy from the very first page load.

The security tools paradox

Good to not repeat yourself.

Security tools are themselves attack targets. Every external script, every cloud service, every third-party cookie is a potential vulnerability. That's why we took a radical step in the architecture of Awareness-as-a-Service: minimal external dependencies. No external fonts, no analytics, no US cloud. What we don't have can't be compromised.

Ready to take awareness seriously?

30-minute demo. We'll show you a real phishing campaign, a quarterly report, and the NIS2 mapping — for your industry.

Book a demo →Contact us