Create compliance test — verifiably test mandatory training

Compliance tests are the digital variant of the classic training certificate. Legal requirements from GDPR, workplace safety, anti-money laundering law or industry-specific regulations demand that employees are regularly trained and understanding is documented. A test directly after the training closes this gap and at the same time delivers the evidence for audits.

Cover all relevant topics per training — for example for the GDPR training questions on personal data, on data subject rights and on the reporting obligation for data breaches. The questions should be formulated so that the answers are based on the trained content, not on general knowledge. Mix multiple choice for fact control with short scenarios for application competence: "You receive an email with an alleged GDPR information request. How do you react?" That covers more than pure memorization.

A binary "pass / fail" evaluation is not enough for many compliance topics. Score bands with three levels are more sensible: passed (e.g. from 80 percent correct), passed with conditions (60 to 79 percent — additional reading required) and failed (below 60 percent — training repetition). This grading creates differentiation and can be adapted to the risk class of the topic.

Define the threshold together with the compliance department and document the reasoning. For safety-critical topics — such as plant safety or GxP — the threshold should be 90 percent or higher. For more awareness-oriented topics, a threshold of 70 percent is sufficient. Visualize the result clearly at the end of the test: a green bar for passed, yellow for conditions, red for failed — each with a short explanation of the next steps. The calculation engine determines the score automatically and triggers the appropriate result page.

When the test is passed, a certificate should be generated automatically — as PDF, with logo, name, date, topic and score. This document serves as evidence in the personnel file and can be presented directly during audits. Anyone who generates this manually per person spends days with copy-paste. Automated generation via webhook and PDF template turns day-to-day work into a matter of seconds.

Design the certificate to be forgery-proof enough for internal purposes: a unique certificate ID, verification URL and a QR code linking to a validation page make manipulation more difficult. Store the certificate in the personnel file and additionally send it by email to the person. Trigger an entry in the HR system via webhook or API so that the training dashboard is automatically updated. This way HR and compliance can see at any time which employee has completed which training — without maintaining separate Excel lists.

Compliance tests are not exams with only one attempt. Anyone who fails should learn and try again — after all, it is about understanding, not selection. Define a sensible retry logic: after failure, first work through the training again, then after 24 hours a new attempt. This waiting time prevents reflexive clicking and gives room for actual learning.

Vary the questions on the second attempt so that not only the correct answers are memorized. From a pool of 30 questions, 10 are drawn randomly — different ones on the first attempt than on the second. Do not limit the number of attempts too tightly: three to five attempts are sensible. Anyone who fails even after several attempts needs personal training, not another online quiz. Mark these cases automatically and notify the compliance department via webhook — so the system escalates the cases where human help is needed.