What Employees Can Do
View & Acknowledge Policies
Read assigned company policies and confirm acknowledgment. Tracks which policies each employee has reviewed.
Complete Training
Access assigned security awareness training courses, complete them, and receive completion certificates.
Register Devices
Register work devices (laptops, phones, tablets) and view their compliance status.
Report Incidents
Submit security incident reports directly through the portal. Reports are routed to the security team automatically.
View MFA Status
Check whether MFA is enabled on their account and take action if it is not.
How the Employee Portal Works
The Employee Portal is a separate, simplified interface from the main LowerPlane dashboard. Employees access it through their own login and see only their personal compliance tasks and information.Employee receives an invitation
When an employee is added to the People directory (manually or via HR integration sync), they can be invited to the Employee Portal.
Employee logs in
The employee signs in using their credentials, SSO, or the link provided in the invitation email.
Dashboard shows outstanding tasks
The portal home page displays a summary of pending actions: policies to acknowledge, training to complete, devices to register.
Portal Home Dashboard
The employee’s home dashboard displays:| Section | Description |
|---|---|
| Pending actions | Count of outstanding tasks requiring attention |
| Policies | Number of policies awaiting acknowledgment vs. total assigned |
| Training | Training courses assigned, in progress, and completed |
| Devices | Registered devices and their compliance status |
| MFA status | Whether MFA is enabled on the employee’s account |
Why the Employee Portal Matters for Compliance
Employee engagement with security policies and training is a key requirement across all frameworks:| Framework | Employee Compliance Requirements |
|---|---|
| ISO 27001 | A.7.2.2 (Information security awareness, education, training) |
| SOC 2 | CC1.4 (Demonstrates commitment to competence), CC2.2 (Communication of responsibilities) |
| HIPAA | 164.308(a)(5) (Security awareness and training) |
| GDPR | Article 39 (Tasks of the DPO include training staff) |
| PCI-DSS | 12.6 (Implement a formal security awareness program) |
Compliance Evidence Generated
Every action in the Employee Portal generates evidence:- Policy acknowledgment records — Who acknowledged which policy, and when
- Training completion records — Course completions with dates, scores, and certificates
- Device registration records — Which devices are registered to which employees
- Incident report records — Submitted incident reports with timestamps
- MFA enrollment records — Whether the employee has MFA enabled
Access and Permissions
Employees accessing the portal can only:- View policies assigned to them
- Complete training assigned to them
- Manage their own devices
- Submit incident reports
- View their own compliance status
The Employee Portal is intentionally simple. Employees should be able to complete their tasks in a few minutes without any training on the tool itself.
Setting Up the Employee Portal
- Sync your people directory. Connect an HR integration or manually add employees in Personnel > People.
- Assign policies. Publish policies through the Policy Center and mark them as requiring employee acknowledgment.
- Assign training. Create or import training courses and assign them to employees or groups.
- Invite employees. Send portal invitations to employees, either individually or in bulk.
- Monitor completion. Track acknowledgment and training completion rates from the main LowerPlane dashboard.