CSAWTP
Train your people. Prove your compliance.
Cyber Security Awareness Training Platform — a multi-tenant SaaS platform delivering comprehensive security awareness training, policy management, and compliance reporting for maritime and corporate organisations. Built in partnership with Margetis Maritime.
At a Glance
The Human Factor
Regulatory frameworks demand demonstrable security awareness. The gap between compliance requirements and actual workforce readiness creates exposure that technical controls alone cannot close.
Compliance Mandates
ISO 27001, NIS2, GDPR, and IMO maritime regulations all require documented security awareness programmes. A spreadsheet and an annual presentation no longer satisfy auditors or regulators.
Dispersed Workforce
Maritime organisations face unique challenges: crew rotations, limited vessel connectivity, multilingual teams, and personnel with varying technical proficiency. Generic training platforms were not built for this reality.
Audit-Ready Evidence
CSAWTP provides timestamped completion records, quiz scores, policy acknowledgements, and exportable compliance reports — the evidence auditors require, generated automatically as training is delivered.
Training Content Library
27 modules, 193 lessons, and 1,485 assessment questions covering the full spectrum of cyber security awareness topics required by maritime and corporate compliance frameworks.
Core Security Topics
Phishing, ransomware, social engineering, email security, authentication, clean desk, mobile & BYOD, data protection, insider threats, and privacy. Each module includes text-based lessons, embedded training videos, and a scored quiz assessment.
Maritime-Specific Content
Vessel systems security (IT/OT convergence), supply chain security, BEC & invoice fraud, remote access and vendor access rules, IoT & OT security awareness — purpose-built for shore staff and vessel crew operating in maritime environments.
Compliance & Governance
Risk management fundamentals, regulatory compliance overview, data classification & handling, business continuity & disaster recovery, incident detection & response, and security culture & reporting. Maps directly to ISO 27001, NIS2, and GDPR requirements.
Advanced Topics
Cloud security fundamentals, secure communications, third-party & contractor security, and advanced persistent threats. For organisations with mature security programmes that need to go beyond baseline awareness.
Role-Based Training Paths
Nine pre-configured training paths tailored to specific roles and departments. New employees are automatically enrolled on the default onboarding path upon account creation.
Core Cyber Security Awareness
Comprehensive baseline for all employees. Automatically assigned to new joiners.
Shore Staff
Focused on office-based risks: email, BYOD, clean desk, cloud security.
Vessel Crew
Maritime-focused: vessel systems, OT security, remote access, incident response at sea.
Vessel Operations
For bridge and engine officers managing operational technology systems.
Management
Strategic view: risk management, business continuity, regulatory obligations, security culture.
IT & Privileged Users
Advanced: APTs, cloud security, secure communications, vendor access management.
Finance / Procurement
Targeted: BEC, invoice fraud, data handling, supply chain security.
Maritime-Specific
Curated for organisations with IMO compliance obligations and IT/OT environments.
Custom Paths
Tenant administrators can create bespoke training paths from any combination of modules.
Role-Based Access Control
Six distinct roles with principle of least privilege. From platform-level operators to individual learners, every user sees only what they need.
Platform Level
Super Admin
Full platform access across all tenants. Creates global training content, manages tenants, users, and certificate templates.
Platform Level
Super Auditor
Read-only access to all admin data, cross-tenant reports, and certificate template management. For platform-level compliance oversight.
Tenant Level
Tenant Admin
Full management of their own tenant: users, training modules, policies, assignments, and reports. Cannot access other tenants.
Tenant Level
Auditor
Read-only dashboard, user list, and reports within their own tenant. Can edit user profiles for compliance officers.
Tenant Level
Manager
Content management within their tenant: modules, lessons, policies, training paths, and assignments. For department heads and HR.
Learner Portal
Learner
Access to assigned courses, quizzes, policy acknowledgements, and personal certificates. Designed for simplicity across all proficiency levels.
Policy Management & Acknowledgements
11 pre-loaded compliance policies with full lifecycle management. Version control, mandatory acknowledgement, and timestamped audit records — the complete chain of evidence regulators expect.
Version Control
Policies are versioned with effective dates. When a policy is updated to a new version, all affected employees are automatically prompted to re-acknowledge — no manual tracking required.
Non-Repudiation
Every acknowledgement records exact date/time, IP address, and browser information. These timestamped records form legally defensible evidence of policy communication and acceptance.
Audit Export
Full acknowledgement logs exportable as CSV, ready for inclusion in ISO 27001 evidence packs, NIS2 compliance documentation, and regulatory submissions.
Assessment Engine
Randomised, scored quizzes that ensure genuine knowledge retention. 55 questions per module, randomly drawn each attempt — no two assessments are identical.
Randomised Questions
Each quiz attempt draws a random subset from a pool of 55 questions per module. Multiple choice, true/false, and scenario-based questions tagged by difficulty level (easy, medium, hard).
Anti-Gaming Measures
Configurable pass threshold (default 80%). One immediate retake allowed; subsequent retakes require a 24-hour cooldown. Prevents brute-force completion while allowing legitimate second attempts.
Instant Feedback
Correct answers and explanations shown after submission. Learners understand not just what the right answer is, but why — reinforcing learning at the moment of assessment.
Score Tracking
All attempt scores are recorded for compliance evidence. Average scores per module visible in admin reports, enabling identification of knowledge gaps across the organisation.
Learner Portal
Designed for simplicity. Optimised for shore staff and vessel crew with varying levels of technical proficiency. One-click resume, visual progress tracking, and passwordless login for environments where remembering passwords is impractical.
Course Player
Numbered lesson sidebar with locked/unlocked states, embedded video player, formatted HTML content, and a distraction-free quiz interface. Progress auto-saves on lesson completion.
Dashboard
Personal statistics, continue learning button, upcoming deadlines, policy alerts, certificates earned, and overall completion rate. Everything a learner needs on one screen.
Passwordless Login
Email verification code option for learners reduces password fatigue — particularly valuable for vessel crew who may access training infrequently from shared devices.
Reporting & Compliance Dashboards
Real-time compliance overview with one-click CSV exports designed for direct inclusion in audit evidence packs.
Admin Dashboard
Total users, active users, overall completion rate, overdue assignments with trend indicators, policy compliance rate, and quick action buttons. At-a-glance organisational compliance posture.
Course Completion Report
Per-module breakdown: total assigned, completed, in progress, overdue. Average quiz score per module and completion rate percentage. Identifies which topics need attention.
User Compliance Report
Per-user breakdown with department and vessel grouping. Assigned courses, completed, overdue, pending policies. Individual compliance status for performance reviews.
One-Click Exports
Three CSV exports: Completion Summary, Overdue List (with days overdue), and Policy Acknowledgements (with timestamps). Ready for ISO 27001 audit evidence and NIS2 compliance documentation.
Automated Certification
PDF certificates generated automatically on module completion. Customisable HTML-based templates. Learners download certificates directly from the portal.
Automatic Generation
When a learner completes a module and passes the quiz, a PDF certificate is generated immediately. Certificate dated on the actual day of completion for accurate records.
Custom Templates
HTML-based certificate templates with variables for learner name, module title, completion date, and score. Super admins and super auditors manage templates centrally.
Self-Service Download
Learners download their certificates from the course card in the learner portal. Administrators can see the total certificate count per user for compliance tracking.
Multi-Tenant Architecture
Built from the ground up as a multi-tenant SaaS. Serve multiple client organisations from a single deployment with complete data isolation between tenants. MSP-ready.
Tenant Management
Client Isolation
Each client company is a separate tenant with their own users, assignments, policies, and reporting. Every database query is scoped by tenant ID — no cross-tenant data leakage is architecturally possible.
- Company details, VAT, contact info
- Plan tiers: Standard (50), Professional (200), Enterprise (unlimited)
- User limit enforcement per plan
- Global + tenant-specific content model
Onboarding
Invitation System
Secure email invitations with 7-day token expiry for new tenant administrators. A branded self-service registration page handles onboarding without manual account creation.
- Secure invitation tokens
- Automatic 7-day expiry
- Public onboarding page
- Resend and regenerate capability
Compliance Framework Mapping
56 regulatory clauses mapped across four major frameworks. For each clause, the platform documents the requirement, the evidence, and the compliance status — ready-made audit evidence for assessments and regulatory reviews.
| Framework | Clauses Mapped | Addressed | Partially Addressed |
|---|---|---|---|
| ISO 27001:2022 | 24 | 20 | 4 |
| NIS2 Directive | 10 | 10 | 0 |
| GDPR | 13 | 11 | 2 |
| IMO MSC-FAL.1/Circ.3 | 9 | 8 | 1 |
| Total | 56 | 49 | 7 |
Security Architecture
Enterprise-grade security designed to protect training data, compliance records, and personal information across all tenants.
Authentication & Access
JWT with 8-hour expiry. TOTP-based MFA for all admin roles with backup recovery codes. Account lockout after 5 failed attempts with 15-minute cooldown. bcrypt password hashing.
Data Protection
Tenant isolation enforced at middleware level. TLS 1.2/1.3 in transit. Explicit CORS origin whitelist. Configurable data retention with GDPR-compliant anonymisation after retention period.
Application Security
ORM-only database access (parameterised queries). React output encoding against XSS. Pydantic schema validation on every endpoint. File upload: extension, MIME, magic byte, and size validation.
Infrastructure
Six mandatory security headers including HSTS and CSP. Tiered rate limiting. Automatic blocking of exploit paths and scanner user agents. Database isolated in internal Docker network.
Audit & Non-Repudiation
All CRUD operations and authentication events logged with user ID, IP, user agent, and timestamp. Policy acknowledgements include IP address and browser fingerprint for non-repudiation.
Standards Alignment
Architecture aligned with OWASP Top 10, ISO 27001:2022 Annex A, NIS2 Article 21, and GDPR Article 32 technical and organisational measures.
Automated Operations
Four scheduled background jobs maintain compliance without manual intervention. The platform works while you don't.
Overdue Check
Daily scan marks assignments as overdue when due dates pass. No manual status updates needed.
Reminders
Automated email reminders to users with approaching or passed deadlines. Configurable per tenant.
Recertification
Identifies users due for recertification and creates new assignments at configurable intervals.
Policy Updates
When a policy is updated to a new version, re-acknowledgement is triggered automatically for all affected users.
Roadmap
Planned enhancements to extend the platform's capabilities further into maritime-specific and enterprise requirements.
Next Steps
Simulation & Connectivity
- Phishing simulations with maritime-specific templates (BEC, invoice fraud, port agent spoofing)
- Automatic remediation — failed users auto-enrolled to refresher training
- PWA offline mode for vessel crew with limited connectivity
- Low-bandwidth mode with compressed assets and text-first fallback
Future
Enterprise & Scale
- Vessel Kit — deployable on-prem Docker kit for air-gapped vessels with bi-directional sync
- SCIM / Azure AD integration for automated user provisioning
- Billing integration with per-user/per-tenant hooks for MSP model
- Custom domains — each tenant can use their own branded domain
Ready to build a security-aware workforce?
Discuss how CSAWTP can support your organisation's cyber security awareness programme — whether you need to meet maritime compliance obligations, satisfy ISO 27001 auditors, or simply reduce human risk across your operations.