SafeHabits

Audit-ready security awareness your staff actually finishes

A fully managed security awareness campaign for NIS2, EU AI Act, ISO 27001, and NIST CSF compliance. We handle setup, tracking, and reporting. You send one email. That's it.

You get audit-ready compliance evidence, zero admin headaches, specific board and manager training for NIS2 compliance and employees who can actually spot phishing.

Join early access

Early access partners help shape pricing and product direction.

< Dashboard

Core Security Awareness

Seven practical habits for everyday security.

0 / 7 habits

Start with the first habit. Small steps add up.

01

Know your security basics

~5 min

Not completed
02

Protect your accounts

~8 min

🔒 Locked
03

Handle data safely

~8 min

🔒 Locked
04

Spot and report phishing

~25 min

🔒 Locked
05

Keep devices & remote work safe

~8 min

🔒 Locked
06

Know what to do when something goes wrong

~8 min

🔒 Locked

Multi-framework Compliance Engine

From complex regulations to audit-ready evidence, without manual coordination.

Covers modern regulatory requirements

  • NIS2 (Articles 20 & 21), including national implementations for Belgium (CyFUN), Norway, Finland, Czechia
  • EU AI Act
  • ISO 27001 and NIST CSF

Turns awareness into measurable human risk insight

  • Scores aggregated across habits and topics
  • Recurring gaps and weak patterns identified
  • Clear visibility into human security risk and improvement areas
Laws & Regulations
Security Controls
Security Habits
Audit Evidence

Focus where it matters most

A risk-based programme designed to reduce real-world human security risk.

Employee core habits

  • 1.Know your security basics
    Core
  • 2.Protect your accounts
    Core
  • 3.Handle data safely
    Core
  • 4.Spot and report phishing
    High focus
  • 5.Keep devices and remote work safe
    Core
  • 6.Know what to do when something goes wrong
    High focus
  • 7.Use AI tools safely (EU AI Act ready)
    High focus

Board and management governance

  • 8.Cyber risk for board and management
    Deep dive
  • 9.Management oversight and KPIs
    Deep dive
  • 10.Governance, liability, and continuous improvement
    Deep dive

Intentionally designed

  • Structured as 7 employee habits and 3 governance habits (management & board complete all 10)
  • Aligned with regulatory expectations
  • Board members get real cyber risk literacy, not superficial awareness

Risk-based focus

  • Not all risks are equal. Neither is our training.
  • High-impact topics get more time and depth (phishing, incidents, AI)
  • Reduces real human risk, not just compliance theatre

Based on recognised best practices

  • Grounded in ENISA, CISA, and NIST guidance
  • Translated from security jargon into actual workplace behaviour
  • Delivers what auditors and regulators expect to see

Training Employees Actually Finish

Learning that respects people's time, attention, and intelligence.

15:32
SafeHabits mobile experience

DESIGNED FOR REAL WORKDAYS

• Short, self-paced lessons. Pick up where you left off. • Works on any device • Passwordless login (email / OTP) • Designed to respect time and attention

HABIT-BUILDING, NOT E-LEARNING

• Bite-sized lessons your brain can actually retain • Reflection prompts connect learning to real work situations • Light checks to reinforce key concepts • Self-checks to confirm understanding

WHITE-HAT GAMIFICATION

• Visual progress that actually motivates people • Builds genuine mastery and confidence • Gamification supports completion, not distraction • Positive reinforcement, not fear-based

Everything you need. Zero manual work.

Fully managed by SafeHabits. You provide an employee CSV and send one kickoff email. We handle delivery, reminders, tracking, insights, and audit-ready evidence.

Training delivery

A structured, risk-based programme delivered as 7 employee habits and 3 governance habits. Typically run over 12 weeks, but fully adjustable to your organisation’s pace.

  • Mobile-first, works on phone, tablet, and desktop
  • Passwordless login using email OTP
  • Low-noise, automated delivery that doesn’t disrupt work

Improvement insights

We don’t just track completion. We measure understanding and identify where human risk actually remains.

  • Understanding scores by habit and topic
  • Engagement and completion trends over time
  • Actionable recommendations to reduce human security risk

Compliance evidence

Everything auditors and regulators expect, generated automatically as people complete the programme.

  • Full audit trail covering acknowledgements, completion, and understanding
  • Traceability mapping to NIS2, EU AI Act, ISO 27001, and NIST
  • Management-ready campaign summary and evidence pack

EU-first & privacy by design

Built for organisations that care where data lives and how training is operated.

  • Designed, developed, and operated in the European Union
  • All data stored and processed exclusively in the EU
  • GDPR-aligned by design, not retrofitted

Pricing (Early access)

SafeHabits is currently onboarding early access organisations. Pricing is being finalised based on organisation size, regulatory scope, and rollout needs.

Early access organisations

  • For teams subject to NIS2, ISO 27001, EU AI Act, NIST CSF
  • Full platform access from day one
  • Direct influence on roadmap and priorities

Pricing principles

  • Scales with organisation size
  • Depends on regulatory scope
  • No per-user learning penalties

Commercial model

  • No long-term lock-in
  • Transparent renewal terms
  • EU-hosted, privacy-first by default
Join early access

Early access partners help shape final pricing and product direction.

Why SafeHabits

I am building the security awareness programme I would personally use and confidently roll out to my own teams.

As a security engineer, I have seen the same pattern repeat. Security awareness programmes that people rush through, learn little from, and quietly resent. Most tools optimise for completion metrics, not for real understanding or ownership.

Effective security requires culture. When employees can make smart security decisions on their own, you remove the bottlenecks. Security stops being something the security team does to the company, and becomes something the company owns.

I first explored this approach by building a free consumer app focused on practical security habits(free.safehabits.eu). User feedback confirmed what I suspected. Short, respectful learning moments are not only welcomed, they lead to better understanding and real behaviour change.

SafeHabits brings this philosophy into organisations. It is built for modern work, modern regulation, and a security culture based on clarity rather than fear.

Vlastimil Sindelar

Vlastimil Sindelar

Founder · Security & Risk Practitioner

EUSPA · Ex-NATO Advisor · Ex-Senior Consultant

Verified professional credentials

CISSP certification badgeCISM certification badgeCRISC certification badge

Ready to Build a Security-Aware Team?

SafeHabits is onboarding a small number of early access organisations. Reach out to discuss fit, scope, and rollout.

Join early access