MyVCM-Knowbe4 Training Setup and Best Practices

This comprehensive how-to guide will walk you through how to set up both the Ostendio training module as well as selecting Knowbe4 training videos and rolling them out to your users.

Topics Covered in This Guide

  1. Setting Up Your Training User Groups
  2. MyVCM Training Module Setup
  3. Recurring Audit Tasks for Audit Compliance
  4. KnowBe4 Setup steps

MyVCM Setup

MyVCM can be used to support the awareness and training requirements in support of most security framework audits. 


This guide will show you how to make the most of your MyVCM platform to consistently manage and measure compliance with your awareness and training requirements.

This guide will use the following MyVCM features:

  1. User Groups (Dynamic)
  2. Training
  3. Audit tasks

Dynamic User Group Steps

The first task is to Create a Dynamic User Group for each department in your organization, if you are planning to roll out role-based training. If you are not ready for role-based training, you still need to create at least 1 Dynamic User Group, and you can call it “All Staff” or “All Employees.”


We recommend the following groups to start with:

  • All Employees
  • Engineering or Software Development
  • Security Operations/SIRT
  • Executive Training (optional)
  • HR (optional)
  • Contractors (optional, could be included in All Staff/Employees)

Pro Tip: It is helpful to have a dynamic group created for all of your departments for ease of assignment to role-specific documents, assets, access controls decisions, and audit tasks. 


  1. Scroll down to the Settings menu and select Groups

  1. In the Top Right hand corner, click on the Add Group Icon


  1. Enter the Name of your Group
  2. Select Dynamic (not static!)
  3. Add an optional description of your group (Optional)

4.   Click


5. Create All User Group Dynamic Group:
    1. Filter by: Status = Active 
      1. NOTE: This way the group will update automatically when you activate a new user or deactivate a terminated user.


6. Click Preview to validate all the correct users are in the All User Group

7. Click Save when finished

8. Create Department Groups

    1. Start group with filter status by Active
    2. Click on +Add Another Condition


MyVCM Training Module Steps

Once training user groups are set up, the next step is to set up the MyVCM training module to deploy and track user participation within MyVCM.


Once the training deployment structure is set up within MyVCM, we will log into KnowBe4 to select the training videos and associate them with the MyVCM training modules.


  1. Go to the MyVCM training module and select Manage Training:


2.   In the top right hand corner click on the Add New Training button: 


3.   Go to the details and fill out the following fields:
    • Name: Create a name for your training session. 

    • Hint: You can group multiple KnowBe4 modules into one training if they are related, such as “Annual Awareness Training”, or you can do a separate training for each KnowBe4 module if they are scheduled at separate times or for separate purposes.

4.   Priority: You can assign a priority to your training module depending on your own priority for this training, for example you might rate Annual Awareness Training as high priority because it is an audit requirement. The default is medium priority.

5.   Training Description: We recommend that you include a brief description of the purpose of the training or the topics covered in the training. If you are pressed for time, it is acceptable to copy the title of the KnowBe4 training. 

    • Pro Tip: You can include the following text in the Training description section: Click the link under Training Materials to take the KnowBe4 2022 Security Awareness Training. Upon completion, download the completion certificate from KnowBe4 and attach the certificate in MyVCM. (Pro Tip: Add the KnowBe4 link to your bookmarks as all training starts from that page)
6.   Scroll down to the Training Materials box, and include a link to the Knowbe4 website in the “Click to upload training materials” box as shown below:

7.   If KnowBe4 has a video module for the topic you would like to roll out training for, include the following link in that box: https://training.knowbe4.com/enrollments
8.   If you want to roll out customized training content that is specific to your organization, such as specific BCP or Incident Response process training, you can upload the document, PowerPoint or video content that you have created instead. (If you need help creating this content, let us know!)

9.   Lastly, scroll down to the Consumer Settings section as shown below:

10.   Assign your consumers: This is that dynamic group or groups that are required to take the training. 
  • You can include instructions to the consumer, such as the Pro-tip.
  • We recommend that you check the box to require consumers to Acknowledge Completion of Training.
  • You can also edit the acknowledgement text or leave the default text as-is.
  • Set the frequency for how often you want the training to occur: we recommend annually (yearly) at minimum for compliance purposes, but studies show that shorter quarterly or monthly trainings have more consistent results in impacting staff behavior. 

11.   Remember to hit Save!

12.   Once you save, click on the Create Quiz link as shown below:

13.   Click Add Quiz Question, and add the Pass Rate. It can be 100% or you can set it to 80% or another value to align with your training program policy.

14.   Select Add new Question, and either:
    1. Click on the Attachment question type if the KnowBe4 video has an embedded quiz and you only need your staff to upload evidence that they passed the Knowbe4 quiz, or
    2. Click on Single-Select if you will be creating your own quiz questions. 

15.   To upload the KnowBe4 certificate of completion, fill out the highlighted fields as shown below and select Save.


16.   Once you save, Click on Publish Training as Shown Below:

  • This will ask you to confirm when you want to publish the training, either immediately or on a schedule or at a specific date that aligns with your audit requirements.
  • To publish immediately, just select the Publish - Now radio button


17.   To publish at a specific date, select the Later radio button and enter your date for when the training campaign will launch. 

Audit Task Steps

We recommend using the MyVCM Audit Tasks as a mechanism to drive updates of your awareness program. Most security frameworks recommend training your staff at least annually, if not more often.


We recommend that you select the frequency that you want to roll out your training (e.g. annually, quarterly, monthly) and then set up an audit task to remind you to review the current set of training modules that you have set up, update them as needed to address your awareness risks and priorities, and then roll them out to your users. 


Set up Audit Task
  1. Go to Audit Task icon on the left column
  2. Click on Manage Audit tasks

3. Click Add New Audit

4. Enter a Name for your Audit Task

    • Recommended Name: Annual Review of Security Awareness Program 

5. Complete Audit Information

    • The audit number is an optional field for you to use if you want to track audit tasks; some organizations include the year or year-month as part of the identifier or point to a control ID or category if your task is related to a specific framework. 
  • Audit Descriptions: Recommended description:
    1. Review last year's training program.
    2. Validate whether these are the modules you want to run against this year, or if KnowBe4 has new modules that may be of interest

6.   Submit Audit task as “Compliant”

7.   Go to MyVCM Training Module 

    1. Follow steps in the KnowBe4 Adding Training Material to be included in Campaign section below to roll out your new training modules, if any
    2. Remove any outdated modules 

8. Complete Task Settings
    1. If you select Individual, the task will automatically be assigned to the owner of the asset or process being audited. 
    2. If you select Collective, then the owner of the audit task will be assigned as the project manager to follow up with the owners of the individual assets or processes being audited. 
    3. Task scheme: This allows you to define if your task is owned by a specified individual or default to the owner of the object that is being audited. 

9. Select Task Frequency
  • Select the frequency for your audit task - at minimum annually but consider whether shorter, quarterly trainings may benefit your organization. 
10.   Select Audit begins on
  • What date do you want this audit to start
11.   Select Task first due date

12.   Click on: Show upcoming task due dates

 

13.   This will be a pop out to display the upcoming due dates,
    • Example below: use this to confirm your schedule is running as expected.

14. Electronic Signature
  • Select this option to allow your users to submit tasks past their original due date. This is recommended so that your users can complete tasks within the assigned cycle.
15.   Select this option to allow your users to submit an audit task more than once. This option is recommended to make it easier for your users to report non-compliance, and resubmit once the non-compliance has been resolved.
    1. Select this option if you want users to verify their identity using 2FA electronic signature when submitting their assigned audit tasks.
    2. Allow late submissions
    3. Allow multiple submissions

16.   Certification Text
    1. Choose what message your user is required to attest to when submitting an audit task.
    2. Compliance certification text is for submissions with no issues to report.
    3. Non-compliance certification text is for submissions with issues to report.

Option 1: Default text

Option 2: Customize Certification Text
    • Type in your personalized certification test for compliance and non compliance. 

17.   Audit Items: Audits are performed against specific artifacts in MyVCM. You can perform an audit against an asset, policy or procedure document, or training. When you select the item or artifact that you will perform your audit against, MyVCM will auto populate.

  • Select the items that are related to the audit task:

  • Select the Items such as: Asset, Training, ect.

  • Click Submit

18.   Access Control
    1. Owner: This person owns the task and submission
    2. Custodians: These are people who are able to edit this Audit and upload files. They are not able to submit the audit task
    3. Consumers: These people have view access only.  
    4. Access control to an Audit designates who has read/write access to the overall audit details and can review task submissions.

19.   Links
    • Add collections allows you to associate your Audit to a MyVCM Project entity.

20. Tags
    • Smart tags are tied to the organizations Compliance/Regulatory Standard Requirements selections in the Corporate Profile.

21.   Attachments
    • Add documents to Audit Task, when applicable






KnowBe4 Setup


A KnowBe4 Training Campaign needs to be created in order for the KnowBe4 Training Material to be deployed through MyVCM. This configuration needs to be completed in the KnowBe4 Console. Before a campaign can be deployed, Users must be added and Groups created. Training Material must also be selected and added to your KnowBe4 Library. 



Adding Users and Groups to KnowBe4:


KnowBe4 has extensive step-by-step instructions on how to add or import Users as well as set up groups in your console. We recommend using the Users and Groups resources from the KnowBe4 Knowledge base, here: Creating Users and Groups in KnowBe4


Pro Tip: *THE USERS ADDED TO KnowBe4 SHOULD MATCH THE USERS IN MyVCM* 


Pro Tip: *Import First Name and Last Name, not just email so that the name appears in the certificate of completion for each training.*



Adding Training Material to be included in campaign:


  1. Navigate to the Modstore.
  2. Find training material by browsing content types, topics, or by using the search function. Reach out to your Ostendio representative for suggestions on recommended trainings if you would like hints on where to start.



3.   Click on the training material to be used in a Training Campaign.


4.   This will provide you with an introduction to the training material, and allow you to ‘Add To Library.” Click Add to Library.

5.   Once the content has been added to your library, you are now ready to set up the campaign to deploy it to Users.


Creating a Training Campaign in KnowBe4


To create a training campaign, log in to your KnowBe4 console and click the Training tab. Then, click the +Create Training Campaign button at the top-right corner of the page. Once you click this button, you will see the Create New Training Campaign page.



  1. Complete the ‘Campaign Name,’ ‘Content,’ and ‘Enroll Groups’ fields as they are required to deploy the campaign. If all KnowBe4 Users are required to complete the training, select All Users in the Enroll Groups field. If only certain groups are required, select the Specific Groups option.

 

Pro Tip:  *ENSURE THAT THE USERS BEING ASSIGNED TO THE TRAINING IN KnowBe4 MIRRORS THE CONSUMERS ASSIGNED TO THE TRAINING IN MyVCM AND VICE VERSA*


2.   Determine a start date as well as any additional campaign settings. Be sure to have your start date set for a date coinciding with or following the publication of the training in MyVCM.

3.   Choose the training content to be deployed from the ‘Content’ field. This dropdown will allow you to select material that has been previously added to your KnowBe4 Library.

4.   Once all required campaign settings are customized for your training, click ‘Create Campaign.’

5.   Additional assistance to help set up Training in KnowBe4 can be found in the KnowBe4 Knowledge Base, here: Creating and Managing Training Campaigns in KnowBe4