for a




Our client is a retailer and distributor of food and pharmaceutical products. With corporate and franchise supermarkets, pharmacies, banking, and apparel, the company is Canada’s largest retailer. Its portfolio of drugs, groceries, wireless mobile products, food items, apparel, health and beauty products, and general merchandise provides customers with an unparalleled mix of value, assortment, and convenience. With nearly 1,400 stores that operate under 22 regional and market segment banners, and more than 200,000 employees employed at its various locations, the company aims to provide the building blocks to help their customers create the best life and future that they can.




Given the nature of their business, the organization had access to large amounts of different types of information. To counter the risks of information security breaches, they had a training program in place for employees to recognize, rectify, and report risks as appropriate.

The training that was aimed at all their employees was in the form of a mandatory eLearning course that discussed the various ways through which data could be compromised. But when the employees participated in a Security Awareness challenge (after completing the Information Security eLearning course), it was found that most of them did not retain the learning from the course.

So, it was decided to revamp the training content, making it more engaging and relevant, through scenario-based challenges. The main objective of the course was for the learner to identify secure and unsecure practices, and respond appropriately. The requirement, therefore, was for a ‘question-driven’ course, where learners had to apply their understanding of information security to answer different scenario-based questions.

The brief also included translating the English course into French.


As the objective of the course was for learners to identify and respond to unsecure practices, CommLab India decided on a ‘story’ approach “a day in the life of an employee” where the learner follows the said employee as he is faced with situations (in the form of mini scenarios) that they are likely to face in their day-to-day work (e.g., “Employee gets to work but forgot pass card. What should they do”).

These 16 mini scenarios would set the stage for a variety of information security threats that learners might encounter while performing their professional duties. Each mini scenario would be followed immediately by challenge questions related to that scenario.

Gamified eLearning with Scenarios for Information Security – A Success Story 1

The course opens with an introduction to information security and the role of employees in preventing security threats. After that, they are asked to choose the persona that represents them based on their potential for risky behavior from 4 given personas – Risky Renee, Carefree Corey, Delusional Donnie, or Vigilant Vicki. As no one considers themselves as risky, delusional, or carefree, most if not all learners choose the character of Vigilant Vicki to best represent them.


A background story ‘a day in the life of the (fictional) employee’ runs throughout the course, with the 16 scenarios woven through it. The learner is supposed to advice this character (Jake) on how to respond to a variety of information security threats that he encounters during his working day.

Gamified eLearning with Scenarios for Information Security – A Success Story 2

Learners are presented with 16 scenarios (on phishing, security incidents, acceptable use of corporate devices, and passwords), each followed by a question on what Jake should do in that situation. The questions are aimed to test learners’ understanding of the threat to information security in the context of the scenario and help them apply what they have learned, in a way that they can relate to and remember.

A gamified system in the course keeps track of the ‘information security’ score, which goes up or down based on the learner’s answers, and a security dial indicates how safe the learner is. Finally, based on the learner’s choices and scores, his/her behavior is matched to one of the 4 personas they were shown at the start of the course. Their final persona and score also decides whether they need to retake the course.


The tools used to create the course included Vyond (for the characters in the scenarios), Flash (for the introduction video), Adobe Illustrator (for the score meter), and Photoshop. The course was developed in Storyline 3.

A project manager, two instructional designers, two courseware developers, and a visual designer worked on the course. Our ID team found it challenging but fun to create the different scenarios and weave them through the background story as a day in an employee’s life.

We could complete the entire project (the English course and its French version) in about four months.


The course was very well received and helped create awareness among employees on the different types of threats they might face and how to handle them correctly.


Here are a couple of reviews on eLearning Industry from the stakeholders.


Want to see the same results in your organization?
Get in touch with our Sales Team!