Proof-led security awareness

Training you can actually prove.

Train your people, then walk into any audit with verifiable evidence - ISO 27001, SOC 2, NIS2, DORA, or your own internal standard. Every completion is cryptographically signed and independently verifiable.

Create your account, set up your Workspace, and invite your team in minutes. No credit card required.

EU hostingEN / DE / FROpen-core, self-hostable
proofaware.com/verify
Verifying signature…
Recomputing HMAC-SHA256…
CoursePhishing & Social Engineering
Completed byLena Hofer · Acme GmbH
Issued14 May 2026 · 09:42
FrameworkISO 27001 · A.6.3
Completion Signature
a91c3f7d4e0b88c2f5a16d9e7b34c0a142df9e21····
Verified in 2s
no login needed
HMAC-SHA256
third-party attested
Evidence mapped to whatever you're audited against
ISO 27001 SOC 2 NIS2 DORA DSGVO / GDPR TISAX Internal mandate Cyber Essentials ISO 27001 SOC 2 NIS2 DORA DSGVO / GDPR TISAX Internal mandate Cyber Essentials
The audit moment

Everyone trains. Almost no one can prove it held up.

When the auditor asks "show me your team was trained," screenshots and spreadsheets don't hold up. Awareness tools measure click rates; GRC suites are heavyweight overkill. You need something simpler: training that gets done - and evidence you can actually defend.

Screenshots & spreadsheets

Easy to fake, impossible to verify. They fall apart the moment someone pushes back.

Click-rate dashboards

Measure activity, not assurance. A 98% open rate proves nothing in an audit.

Heavyweight GRC suites

Months to roll out, a full-time job to run. Overkill for proving training got done.

The moat

Proof you can defend, not screenshots.

ProofAware makes the proof the product. Every completion is sealed, recorded immutably, and verifiable by anyone - no login, no trusting a dashboard.

proofaware.com/verify
Verifying signature…
Recomputing HMAC-SHA256…
CoursePhishing & Social Engineering
Completed byLena Hofer · Acme GmbH
Issued14 May 2026 · 09:42
FrameworkISO 27001 · A.6.3
Completion Signature
a91c3f7d4e0b88c2f5a16d9e7b34c0a142df9e21····
Share with your auditor
proofaware.com/verify/a91c…42dfCopy
AUAuditor opens the link - verifies it themselves. No account, no dashboard access.
Completion Record
SEALED
PROOF · SEALED · PROOF · SEALED · a91c…42df
This certifies that
Lena Hofer
completed Phishing & Social Engineering on 14 May 2026.
a91c…42dfISO 27001
Export evidence
Mapped
ISO 27001A.6.3 · Awareness
SOC 2CC1.4 · Competence
NIS2Art. 21 · Training
InternalYour mandate
PDF CSV
Proof 01

Signed completions

Each record carries an HMAC-SHA256 Completion Signature. On Cloud, that's third-party attestation - your org can't fabricate it.

Proof 02

Public verification

Hand an auditor a link; they verify the record themselves at /verify in seconds - no account, no trusting your dashboard.

Proof 03

Immutable evidence

Published course versions can't be silently changed, and delivery is recorded - the chain of custody stays intact.

Proof 04

Any framework

Export evidence mapped to whatever you're audited against - ISO 27001, SOC 2, NIS2, DORA, or your own internal mandate.

How it works

From assignment to audit evidence in three steps.

Setup starts after login - create your account, set up your Workspace, and invite your team in minutes.

1

Assign

Pick courses or upload your own, target people or departments, set deadlines. Reminders and escalation run themselves.

New assignmentDraft
Course
NIS2 Essentials
Audience
Engineering · 48 people
Deadline
30 June 2026
Reminders & escalation run automatically
2

Employees complete

A fast, clear learning portal - quizzes, policy acknowledgements, sequential gating. No busywork.

LH
Your training
2 of 3 complete
On track
Password hygiene100%
Phishing & social eng.100%
Data handling (DSGVO)40%
3

Prove it

Export signed completion records, or share a verification link. Audit-ready in minutes.

Completion Record
SEALED
PROOF · SEALED · PROOF · SEALED · a91c…42df
This certifies that
Lena Hofer
completed Phishing & Social Engineering on 14 May 2026.
a91c…42dfISO 27001
Awareness that sticks

Training that actually gets done.

Build real security culture without a heavyweight rollout. Fast for employees, light for admins.

Ready course library

Phishing, passwords, data handling, DSGVO - launch on day one, or upload your own content.

LH
Your training
2 of 3 complete
On track
Password hygiene100%
Phishing & social eng.100%
Data handling (DSGVO)40%

Quizzes & acknowledgements

Check understanding and capture policy sign-off as part of the signed record.

Sequential gating

Lessons unlock in order, so completion means the material was actually worked through.

Auto reminders

Nudges & manager escalation chase the stragglers - not you.

EN / DE / FR

Built multilingual for European teams from day one.

Every lesson, sealed

Completion becomes verifiable proof - automatically.

Yours to control

Open-core, self-hostable, EU-first.

ProofAware is open-core and self-hostable, with a managed EU-hosted cloud when you'd rather not run it yourself. Your people's data stays where you want it.

Full data residency
Hosted in the EU. DSGVO-aligned by design.
Open-core (AGPL)
Inspect it, run it yourself, never get locked in.
EN / DE / FR
Built multilingual for European teams.
PROOF · SEALED · PROOF · SEALED · a91c…42df
One signed record

Hosted or self-run, every completion carries the same verifiable seal.

HMAC-SHA256EU-hostedAGPL
Pricing

Start free. Upgrade when you're ready.

Open-core means the core is free and self-hostable forever. Choose how you run it.

Community

Free · self-hosted (AGPL)

Train, track, and prove - Completion Signatures + public verification, basic reporting and export.

Self-host it
Completion Signatures + /verify
Course library & quizzes
Basic reporting and export
Self-host anywhere
Most popular

Cloud

Hosted in the EU, fully managed

Everything in Community, managed and backed up, plus premium features.

Start free
Everything in Community
Managed EU hosting & backups
Third-party attested records
Premium features & support

Enterprise

For larger or regulated teams

SSO/SCIM, custom domain & branding, priority support and SLA.

Talk to us
SSO / SCIM provisioning
Custom domain & branding
Priority support & SLA
Procurement & security review

Open-core, self-hostable. Detailed plans and pricing coming soon.

FAQ

Questions, answered.

Any of them. ProofAware is framework-agnostic - ISO 27001, SOC 2, NIS2, DORA, or your own internal standard. You map the evidence to whatever you're audited against.

Yes. The core is open-core (AGPL) and self-hostable, with EU hosting if you prefer the managed cloud.

Yes - GDPR-clean phishing simulation is coming, and unlike click-rate tools we turn it into verifiable evidence.

Every completion is cryptographically signed. Anyone with the link can verify a record at /verify - no account needed. Cloud-issued records are third-party attested; self-hosted records are tamper-evident.

In the EU, with full data residency. ProofAware is DSGVO-aligned by design.

PROOF · SEALED · PROOF · SEALED · a91c…42df

Start free. Prove it from day one.

Create your account, set up your Workspace, and invite your team in minutes. No credit card required.