Compliance LMS · built for enterprise

Compliance you can prove.

Cydital runs mandatory training, policy sign-off, and audit evidence across every regulatory domain you operate under — as one tamper-evident system of record. When the regulator asks, the proof is one click away.

Pre-mapped to the regulations that matter POSH · 2013 SEBI PIT · 2015 DPDP · 2023 BRSR PMLA · 2002 ISO 27001
Audit evidence · Acme Corp ● Recording
Append-only · timestamp + IP on every
action · up to 1,000 employees in minutes
Append-only
Tamper-evident audit log
4
Role tiers, fully scoped
1-click
Board-ready audit pack
50–10k
Employees per tenant
01The gating engine

Watched, tested, and locked — server-side.

A generic LMS lets people click "complete." Cydital makes attestation real: the next chapter stays locked until the current one is watched and passed. Every rule is enforced on the server, so the browser can't cheat it.

  • No scrubbing ahead
    The server rejects forward jumps over 15s. You watch it to learn it.
  • 98% before the quiz unlocks
    A 45-second timer runs per question, validated against a server deadline.
  • Fail, and the video resets to zero
    Score under 80% sets progress = 0. Rewatch in full, then retry.
  • Every attempt on record
    Score, attempt number and time taken — written to the audit trail, no limit on retries.
Enforced server-side · returns 403 on any bypass
Secure Coding (OWASP) · live
1
SQL Injection & Parameterised Queries
passed · 92% · attempt 1
2
Cross-Site Scripting (XSS)
watching · 98% reached
video progress98% · quiz unlocked
Chapter quiz · attempt 167% — reset
Chapter quiz · attempt 288% — pass
3
Insecure Deserialization
locked · complete Ch.2 to unlock
02Regulatory coverage

Every domain mapped to the
law that mandates it.

Not a blank course catalogue. Every domain ships tied to the regulation behind it, so a completion record is also a compliance record.

Prevention of Sexual Harassment

POSH ACT · 2013 · §4, §19

Insider Trading Controls

SEBI PIT · 2015

Data Privacy & Protection

DPDP ACT · 2023

ESG & Sustainability

BRSR · SEBI mandate

Anti-Money Laundering

PMLA · 2002

Information Security

ISO 27001 · internal review

Responsible AI Usage

POLICY · internal standard

Workplace Safety

FACTORIES ACT · 1948

Secure Coding

OWASP TOP 10

Code of Conduct

POLICY · board-approved

Anti-Bribery & Corruption

PC ACT · 1988

Whistleblower & Speak-Up

COMPANIES ACT · §177
Org Admins toggle which domains are active per organisation — and we add new ones continuously. View all domains →
03Two formats, one platform

Strict where the law demands it.
Flexible where learning needs it.

One content-type flag drives behaviour — so regulatory attestation stays airtight while longer-form knowledge stays a pleasure to work through.

Compliance modules

Gated. No-skip. Attestable.

For mandatory regulatory training where the completion record is evidence.

  • Forward scrubbing disabled — server rejects jumps
  • 98% gate plus a per-question countdown
  • MCQ-locked chapters; fail resets the video
  • Issues a verifiable certificate on completion
e.g. POSH · DPDP · SEBI PIT — built for regulatory sign-off.
Trainings

Learner-paced. Rich. Open.

For longer-form knowledge — 6–8 hour courses like Incident Response & DR.

  • Open any lesson, scrub freely, resume anywhere
  • Variable speed 0.5×–2×, remembered per learner
  • Closed captions + a click-to-seek transcript
  • Downloadable resources, optional knowledge check
Gating logic never leaks here — scoped to compliance only.
04The audit pack

When the auditor arrives,
hand them one PDF.

Every completion, signature, quiz attempt and login is captured the moment it happens — timestamped, IP-stamped, and append-only. No screenshots, no spreadsheet archaeology.

  • Append-only evidence chain
    Records can't be edited or deleted — enforced by database trigger.
  • Independently verifiable certificates
    Each carries an ID checkable at /verify/{id} — no login required.
  • One click, board-ready
    Up to 1,000 employees rendered in minutes, delivered by email when done.
Compliance Audit Pack
Acme Corp · FY 2025–26 · 842 employees
01Executive summary · org score 91%
02Department compliance heat map
03Employee completion matrix
04Policy acknowledgement log
05Certificate register · 781 issued
06Quiz attempt summary
07Risk indicators · 12 flagged
05Compliance calendar

Your statutory year, at a glance.

The spreadsheet of due dates, replaced. Obligations auto-populate from training deadlines and recurring programs — then export as a board-ready PDF or an iCal feed.

Jan
DPDP refresher
Feb
Mar
BRSR filing prep
Apr
AML review
May
Jun
Code of Conduct
Jul
Safety drill
Aug
POSH annual
Sep
DPDP review
Oct
SEBI PIT window
Nov
Dec
ISO 27001 review
Upcoming Due Overdue Completed
Export PDFSubscribe · iCal
06Enterprise-ready

Built to pass the security review,
not just the demo.

Multi-tenant from the first commit, with the controls an enterprise IT and InfoSec team will ask for before they sign.

True tenant isolation

Schema-per-tenant in PostgreSQL — separate schemas, not row filters — with per-tenant KMS keys and S3 prefixes.

schema-per-tenantAWS KMS

Enterprise SSO & 2FA

SAML 2.0 with Azure AD, Okta and Google Workspace, JIT provisioning, plus TOTP two-factor and account lockout.

SAML 2.0TOTP 2FA

Hardened auth

RS256-signed JWTs, refresh-token rotation with reuse detection, bcrypt at work factor 12, TLS 1.2+ enforced.

RS256bcrypt-12

Append-only audit log

Every significant action recorded with user, IP and timestamp; impersonation tagged in a separate ledger.

tamper-evidentOWASP-scanned

White-label per tenant

Logo, theme, email branding, custom domain over managed TLS, and tenant-branded certificate templates.

custom domainplan-gated

HRMS in sync

Darwinbox and Keka sync employees, departments and reporting lines every few hours — joiners auto-enrol, leavers deactivate.

DarwinboxKeka
Deployment · primary

Cloud-hosted SaaS

Cydital runs everything on AWS. Tenants sign in at [tenant].cydital.com — nothing to install.

Deployment · enterprise+

Self-hosted

Run it on your own infrastructure with a Docker Compose package or a production Kubernetes Helm chart.

Make your compliance program
something you can prove.

See Cydital run a real domain end-to-end — gated training, signed policy, issued certificate, and the audit pack that ties it together.

No credit card · 30-minute walkthrough · built for enterprise compliance