Owner: CHRO · Co-owners: CISO (security/secure-dev), General Counsel (anti-bribery, insider trading, trade compliance, whistleblower), CTO (AI) · Reviewed: Annual · Delivery: Vanta LMS
What this is
This page catalogs every training Neuroscale assigns to its workforce, sourced from the v1.0 policy set (effective May 8, 2026). It’s the training-only slice of the Compliance Calendar — duplicated here so HR can run training as a program without scrolling through every other recurring activity.
Each row links to the source policy section. Vanta is the system of record for assignment, completion, and acknowledgement evidence; training records are retained per the Records Retention Schedule (term of employment + 7 years).
At-a-glance: who takes what
| Training | All staff | Engineering | Sales / BD / CS | Finance / AP / Procurement | Executives | Managers | M&A | Front-desk / TAT |
|---|
| Security awareness | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Policy acknowledgement (all 24) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| AI Acceptable Use | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Anti-bribery (baseline) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Anti-bribery (enhanced) | — | — | ✓ | ✓ | ✓ | — | — | — |
| Insider trading (baseline) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Insider trading (enhanced) | — | — | ✓ | ✓ | ✓ | — | ✓ | — |
| Trade compliance (baseline) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Trade compliance (role-specific) | — | ✓ (controlled tech) | ✓ | ✓ | — | — | — | — |
| Whistleblower (baseline) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Whistleblower (manager briefing) | — | — | — | — | — | ✓ | — | — |
| Workplace violence (baseline) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Workplace violence (TAT / first-line responder) | — | — | — | — | — | ✓ (designated) | — | ✓ |
| Workplace violence (Type 2 — public-facing) | — | — | — | — | — | — | — | ✓ |
| Secure development / OWASP | — | ✓ | — | — | — | — | — | — |
| Production-access training | — | ✓ (with prod access) | — | — | — | — | — | — |
| Responsible AI (role-specific) | — | ✓ (AI features) | — | — | — | — | — | — |
| CRM training | — | — | ✓ | — | — | — | — | — |
Universal trainings (all employees and contractors)
| Training | At hire (deadline) | Recurring | Triggered re-take | Owner | Delivered via | Source |
|---|
| Security awareness | At hire (within first week) | Annual | — | CHRO | Vanta | HR Security → Information security awareness, education & training |
Annual policy re-acknowledgement (all 24 policies — 22 in /policies/ + 2 in /legal/) | At hire (within first week) | Annual | On material policy change | CHRO | Vanta | HR Security → Annual policy re-acknowledgement; Onboarding → Within first week |
| Code of Conduct acknowledgement | At hire (signed before day 1) | Annual (rolled into policy re-ack) | On material change | CHRO | Vanta + signed agreement in HRIS | HR Security → Terms & conditions of employment; Onboarding → Before day 1 |
| AI Acceptable Use | At hire (before day 1, as part of onboarding) | At least annual | On material policy change (re-acknowledgement) | CTO (with CHRO assignment) | Vanta | AI Acceptable Use → Training |
| Anti-bribery & corruption | Within 30 days of start date | Annual refresher | — | General Counsel (CHRO assigns) | Vanta | Anti-Bribery → Training & certification |
| Insider trading | Within 30 days of start date | Annual refresher | — | General Counsel (CHRO assigns) | Vanta | Insider Trading → Training & certification |
| Trade compliance (baseline awareness) | At hire (as part of onboarding) | — | Ad-hoc on material regulatory change (e.g., new sanctions program, BIS AI rule) | General Counsel | Vanta | Trade Compliance → Training |
| Whistleblower & non-retaliation | At hire (acknowledged via Vanta) | Annual refresher | — | General Counsel (CHRO assigns) | Vanta | Whistleblower → Training and communication |
| Workplace-violence prevention | Within 30 days of start date — before any unaccompanied customer-facing or office-only work | Annual | When a new or previously unrecognized hazard is identified (targeted re-training for affected staff) | CHRO | Vanta | Workplace Violence → Training |
Role-specific trainings
| Training | Audience | At hire (deadline) | Recurring | Owner | Delivered via | Source |
|---|
| Secure development / OWASP | Software developers | At hire (with first annual cycle) | At least annual | CISO + Engineering | Vanta | Secure Development → Developer training; Secure Coding → Common-vulnerability training |
| Production-access training | Engineers and any role granted production access | Before access is granted (within first 30 days for engineering hires who need prod access) | Signed production-access acknowledgement re-signed annually | CISO | Vanta + signed acknowledgement | Account Requests → What you’ll get; Onboarding → Within first 30 days |
| Responsible AI (role-specific) | Engineers, PMs, designers working on AI features | Before contributing to AI features | Annual (with AI Acceptable Use refresh) | CTO | Vanta | AI Acceptable Use → Training |
| Anti-bribery — enhanced | Sales (esp. international and public-sector), BD, finance/AP, procurement, executives, anyone interacting with government officials | Within 30 days of entering a higher-risk role | Annual | General Counsel | Vanta | Anti-Bribery → Training & certification |
| Insider trading — enhanced | Sales, BD, M&A, Finance, Executive | Within 30 days of entering a higher-risk role | Annual | General Counsel | Vanta | Insider Trading → Training & certification |
| Trade compliance — role-specific | Sales, vendor onboarding, customer success, engineering with access to controlled technology, legal, finance | At hire / on entering role | At least annual | General Counsel | Vanta | Trade Compliance → Training |
| Whistleblower — manager briefing | All people-managers (recognizing retaliation, handling reports, protecting reporter confidentiality) | On promotion to people-manager | Annual | General Counsel | Vanta + targeted briefing | Whistleblower → Training and communication |
| Workplace violence — TAT / first-line responder | Threat Assessment Team members and any manager designated as a first-line responder | On joining TAT or first-line-responder designation | Annual (enhanced) | CHRO | Vanta + role-specific module | Workplace Violence → Training |
| Workplace violence — Type 2 (public-facing) | Front-desk staff and any role with regular member-of-public contact | At hire (with baseline) | With annual baseline | CHRO | Vanta | Workplace Violence → Training |
| CRM training | Sales | Within first 30 days | As CRM changes / new modules | Sales lead | In-product / vendor | Onboarding → Within first 30 days |
Annual certifications (separate from training completion)
These are signed attestations that a covered staff member has read, understood, and complied with the underlying program. They are tracked alongside training completion in Vanta.
| Certification | Audience | Cadence | Owner | Source |
|---|
| Anti-bribery compliance certification | Higher-risk roles (sales-intl/public-sector, BD, finance/AP, procurement, executives, government-facing) | Annual | General Counsel | Anti-Bribery → Training & certification |
| Insider-trading compliance certification | Access Persons (per the maintained list) | Annual | General Counsel | Insider Trading → Training & certification |
| Production-access acknowledgement | Anyone with production access | Re-signed annually | CISO | Account Requests → What you’ll get |
| Annual policy re-acknowledgement | All employees and contractors | Annual | CHRO | HR Security → Annual policy re-acknowledgement |
Reference calendar
The reference calendar below is keyed to employment start date for at-hire items and to the v1.0 policy effective date (May 8, 2026) for the first annual cycle. After year one, all annual items run on a rolling 12-month cadence per individual (Vanta auto-assigns).
At-hire schedule (per new hire / contractor)
| When | Item | Owner |
|---|
| Before day 1 | Schedule security-awareness training in Vanta | CHRO |
| Before day 1 | Sign offer / IP / NDA / Code of Conduct | CHRO + new hire |
| Day 1 | Acknowledge company policies (initial) | New hire |
| Within first week | Complete security-awareness training | New hire |
| Within first week | Acknowledge all 24 policies in Vanta | New hire |
| Within first week | Complete AI Acceptable Use training (universal) | New hire |
| Within first week | Acknowledge Whistleblower policy | New hire |
| Within first 30 days | Complete anti-bribery training (universal) | New hire |
| Within first 30 days | Complete insider-trading training (universal) | New hire |
| Within first 30 days | Complete workplace-violence-prevention training (before unaccompanied customer-facing or office work) | New hire |
| Within first 30 days | Complete trade-compliance baseline awareness | New hire |
| Within first 30 days | Complete role-specific access onboarding (engineers: production access training; sales: CRM training) | New hire + manager |
| On entering a higher-risk role | Enhanced anti-bribery / insider-trading / trade-compliance modules; anti-bribery & insider-trading certifications | New hire + General Counsel |
| Before contributing to AI features | Responsible-AI role-specific training | New hire (Engineering / PM / Design) |
| On TAT / first-line-responder designation | Workplace-violence enhanced module | Designated manager |
| On promotion to people-manager | Whistleblower manager briefing | New manager |
Annual schedule (program-wide; first cycle dates from v1.0 effective date 2026-05-08)
| Quarter | Items due (first cycle) |
|---|
| Q2 2027 (by 2027-05-08) | First annual policy re-acknowledgement — all 24 policies (CHRO + Vanta) |
| Q2 2027 (by 2027-05-08) | First annual security-awareness training cycle (CHRO via Vanta) |
| Q2 2027 (by 2027-05-08) | First annual AI Acceptable Use refresh (CTO + CHRO via Vanta) |
| Q2 2027 (by 2027-05-08) | First annual anti-bribery refresh + higher-risk-role certifications (General Counsel) |
| Q2 2027 (by 2027-05-08) | First annual insider-trading refresh + Access-Person certifications (General Counsel) |
| Q2 2027 (by 2027-05-08) | First annual trade-compliance role-specific cycle (General Counsel) |
| Q2 2027 (by 2027-05-08) | First annual whistleblower refresh + manager-briefing cycle (General Counsel) |
| Q2 2027 (by 2027-05-08) | First annual workplace-violence refresh; TAT / first-line-responder enhanced module (CHRO) |
| Q2 2027 (by 2027-05-08) | First annual secure-development / OWASP refresh for engineers (CISO + Engineering) |
| Q2 2027 (by 2027-05-08) | First annual production-access acknowledgement re-sign (CISO) |
Triggered re-takes (no fixed cadence)
| Trigger | Re-take |
|---|
| Material change to AI Acceptable Use Policy | AI Acceptable Use re-acknowledgement |
| Material change to any of the 24 policies | Policy re-acknowledgement (affected policy) |
| New sanctions program, BIS AI rule update, or other material trade-compliance regulatory change | Trade-compliance ad-hoc training |
| New or previously unrecognized workplace-violence hazard identified | Workplace-violence targeted re-training for affected staff |
| Returning leave-of-absence employee (workplace violence timing exception) | CHRO written approval; re-take on return |
| Change in CRM platform / major release | Sales CRM re-training |
Records, retention, and evidence
| Record | Location | Retention | Source |
|---|
| Training completion (all programs) | Vanta LMS | Term of employment + 7 years | Records Retention Schedule |
| Policy acknowledgements | Vanta | Term of employment + 7 years | Records Retention Schedule |
| Anti-bribery and insider-trading annual certifications | Vanta + SharePoint (Legal) | At least 7 years from disposition (insider-trading per 17 C.F.R. §240.17a-4) | Insider Trading → Recordkeeping |
| Trade-compliance training | Vanta + SharePoint (Legal) | At least 5 years from the date of the export / transaction (15 C.F.R. Part 762; 31 C.F.R. §501.601) | Trade Compliance → Recordkeeping |
| Workplace-violence training records (completion dates and content) | Vanta export → SharePoint (HR/Legal/CISO restricted) | At least 5 years | Workplace Violence → Recordkeeping |
| Production-access acknowledgements | Vanta + SharePoint | Term of employment + 7 years | Records Retention Schedule |
How this catalog is maintained
- Source of truth. The linked policy or procedure is authoritative. If this page disagrees with a policy, the policy wins and this page is corrected.
- PR coupling. Any change to a policy that adds, removes, or retimes a training requirement must update this page and the Compliance Calendar in the same PR.
- Annual review. The CHRO (with the CISO and General Counsel for their respective programs) reviews this page annually. Stale rows are corrected; new rows are added for any new training introduced since the last review.
- First-cycle dates track the v1.0 policy effective date (2026-05-08); see Finalization Tasks → Effective dates.
Version history
| Version | Date | Description | Author | Approved by |
|---|
| 1.0 | May 9, 2026 | Initial version — catalogs all v1.0 training requirements | Cameron Wolfe | Ishan Jadhwani |
