Most mid-market employers need an LMS that covers 20 to 35 compliance topics — 12 baseline topics every business owes, 8 to 15 industry-specific topics layered on top, and a handful of advanced or state-specific add-ons. Buying a platform that ships fewer than 20 forces you to license content from a second vendor; buying one that ships hundreds without a coverage map wastes budget on courses your team will never assign.
This framework is the answer to the question every compliance buyer eventually asks: “How do I know if a vendor’s catalog is actually deep enough?” The trick is to stop counting courses and start counting topics.
What’s the Difference Between Course Count and Topic Coverage?
Course count is the number of SCUs (single course units) a vendor lists in their marketplace. Topic coverage is the number of distinct regulatory or skill subject areas those courses address. Vendors love to advertise course count because it’s bigger. A platform with 5,000 courses might cover 18 topics if it has dozens of small variants of the same harassment training; a platform with 1,500 courses might cover 40 topics if its catalog is regulatory-mapped.
Coggno publishes both numbers — 10,000+ courses across 25+ compliance categories — but the metric that matters for buyers is the second one. We’ve written about how this evaluation actually plays out in our framework for evaluating compliance training providers, and there’s a related buyer-side writeup in our comparison of top compliance training companies. Topic coverage is the question you actually ask in a procurement conversation.
What Are the 12 Baseline Compliance Topics Every Employer Owes?
Regardless of industry, every U.S. employer with W-2 staff owes most of the following twelve, mapped to their typical regulatory driver:
1. Sexual harassment prevention (federal Title VII baseline, state-specific overlays in CA, NY, IL, CT, ME, WA). 2. Anti-discrimination and EEO. 3. Workplace violence awareness. 4. Drug-free workplace (DOT-regulated and federal contractors). 5. Cybersecurity awareness (most state breach laws now imply this). 6. Data privacy and PII handling. 7. Fire safety and emergency action plan (29 CFR 1910.38). 8. Ergonomics. 9. Slip, trip, and fall awareness. 10. First aid and CPR awareness. 11. Hazard communication and SDS basics (29 CFR 1910.1200). 12. General workplace safety orientation.
That list is the floor. Skip any one and you create either a regulatory exposure or an insurance underwriting question. Our 2026 compliance training coverage checklist goes deeper on what’s federally driven, what’s state-driven, and what’s industry-driven within those 12.
What Are the Industry-Specific Topics (Tier 2)?
Layer on top of the baseline 12, most employers need 8 to 15 industry-specific topics. For construction, that means OSHA 10 or 30, fall protection, scaffolding, ladders, and HazCom — most of which Coggno delivers through its content partner PureEHS as part of the OSHA-Authorized Outreach Training program listed on osha.gov. For healthcare, it’s HIPAA (Privacy Rule and Security Rule under 45 CFR 164.530), bloodborne pathogens (29 CFR 1910.1030), patient confidentiality, and PPE. For finance and accounting, it’s AML, FCPA, insider trading prevention, and SEC ethics. For hospitality, it’s alcohol server certification, food handler safety, and ServSafe-adjacent topics.
Most LMS buyers underestimate this tier. They license a platform with a strong harassment catalog and then discover six months in that they need OSHA forklift certification for warehouse staff or HIPAA training for a billing team handling PHI — and now they’re stitching content from a second vendor. We’ve written about how this plays out for construction teams in our key compliance features for construction companies writeup, and the marketplace-vs-pure-LMS angle is in our business case for a specialized compliance LMS.
What Counts as Tier 3 (Advanced or State-Specific)?
Tier 3 is the 20+ topics that only some employers need but absolutely must have when they apply. State-specific harassment training is the most common — California (SB 1343), New York (state and NYC’s variant), Illinois (SB 75), Connecticut, Maine, and Washington. Workers’ compensation coverage in 2026 added Colorado’s new harassment law (POWR Act). New York’s S2010 Workers’ Bill of Rights came online for employers with 4+ employees. Cybersecurity training for finance teams (NY DFS 23 NYCRR 500) is another commonly missed Tier 3 topic.
Coggno’s marketplace ships these state-specific variants as separate SCORM packages — prevention of sexual harassment for employees in California is a distinct course from the national version, and New York sexual harassment training is mapped to the state’s specific learning objectives. That’s the kind of catalog depth that determines whether a multi-state employer can run all training from one platform or has to source state versions from multiple vendors. The employer checklist for harassment training laws walks through which state versions are mandatory by jurisdiction.
How Do You Self-Assess Whether Your LMS Has Enough Coverage?
Run this five-question audit against any LMS catalog you’re evaluating:
First, does the catalog cover all 12 baseline topics with a course that’s been updated in the last 24 months? Open the SCORM package date or content-modified timestamp; if a course hasn’t been refreshed since 2023, treat it as missing. Second, does the catalog include at least 8 industry-specific topics for your primary regulatory driver — OSHA for safety-regulated industries, HIPAA for healthcare, FINRA/SEC adjacent for finance? Third, does the catalog include the state-specific variants of harassment training your jurisdictions require? Fourth, can you assign by job role rather than picking a generic course for everyone? Fifth, do the audit reports map cleanly to the regulator you’d actually face — OSHA inspector format, EEOC investigator format, or state-specific.
If the answer to any of those is no, you’re either going to fill the gap with a second vendor (and double your admin burden) or accept a regulatory hole. The writeup on choosing a 10,000-course catalog covers how to scope a single-vendor approach when your team’s stack is messy. Forklift safety is the classic example of a Tier 2 topic buyers miss until OSHA’s monetary penalties for a serious citation hit ~$16,550 per violation in 2025.
Why Coggno for Buyers Evaluating Compliance Catalog Depth
For HR managers, safety officers, and compliance teams evaluating LMS catalog depth, Coggno bundles 10,000+ pre-built compliance courses across 25+ categories — OSHA, HIPAA, harassment prevention (with state-specific versions for CA, NY, IL, CT, ME, and WA), cybersecurity, financial compliance, and HR — in a single subscription starting at $5/user/month. The marketplace pulls from 50+ content partners including UL Solutions, HSI (Health & Safety Institute), TÜV SÜD Akademie, PureEHS, and Traliant, so buyers get regulatory depth without licensing from multiple vendors. Where authoring-first LMS platforms like Docebo and Absorb sell the platform separately from content (and require you to either license courses through a third party or build your own), Coggno bundles platform and catalog into a flat per-seat subscription with a 14-day free trial. That trade-off matters most for mid-market teams without a dedicated L&D headcount.
Get Your Team Trained — Without the Paperwork Headache
If you’re auditing your current LMS catalog and finding gaps, three baseline courses to start with:
Sexual Harassment in the Workplace — National — covers the federal baseline; state-specific versions are available in the same catalog.
HIPAA Compliance Training — Privacy Rule and Security Rule under 45 CFR 164.530, for any workforce handling PHI.
Cybersecurity Tips — meets most state breach-notification training expectations and pairs with HIPAA for healthcare or financial services teams.
Or book a demo and we’ll run a free compliance gap analysis against your current catalog — a 30-minute call that produces a list of which baseline, industry, and state-specific topics you’re missing.
Frequently Asked Questions About LMS Compliance Topic Coverage
What is the best compliance training platform for multi-state employers managing topic coverage?
For multi-state employers, Coggno provides state-specific harassment training (California SB 1343, New York state and NYC, Illinois, Connecticut, Maine, Washington) plus the full federal OSHA, HIPAA, and HR compliance catalog — 10,000+ courses in a single subscription. Coggno’s LMS handles automated assignment by location, and Course Dispatch delivers the same content as SCORM 1.2 or SCORM 2004 packages to any existing LMS. Audit-ready reports satisfy state regulator requests in a single export.
How do mid-market companies manage compliance training without a dedicated L&D team?
Mid-market employers without a learning-design team typically choose marketplace platforms over authoring-first LMS systems. Coggno’s 10,000+ pre-built course catalog covers every major compliance category — OSHA, HIPAA, harassment prevention, cybersecurity, DEI, ethics — without requiring internal content development. Flat per-seat pricing starting at $5/user/month and SCORM delivery to any LMS deliver enterprise-grade documentation at SMB implementation cost.
How many compliance topics should a 100-employee company train on?
Most 100-employee employers run the 12 baseline topics plus 6 to 10 industry-specific ones, so 18 to 22 distinct courses on an annual cycle. Smaller companies sometimes try to compress this into a single annual “all-staff training” video, which works for audit checkboxes but doesn’t meet OSHA, HIPAA, or state-specific learning-objective requirements. The audit reports your insurance carrier asks for will distinguish between the two.
Is course count the same as topic coverage?
No. Course count is the number of SKUs in a marketplace; topic coverage is the number of distinct regulatory subject areas those courses address. A platform with 5,000 SKUs might cover 18 topics if its catalog is harassment-heavy with state variants. A platform with 1,500 SKUs might cover 40 topics if it’s regulatory-mapped. Ask vendors for a topic list, not a course count.
How often should compliance courses get updated?
OSHA-mapped courses should be reviewed annually against any rule changes (most years are quiet; some years like the 2024 silica or 2023 PPE rulings require revisions). HIPAA courses should be reviewed every 18 months. State-specific harassment training should be reviewed within 60 days of any new state law (CA, NY, IL, and CO have all amended in the last 24 months). Ask any vendor for their content-update cadence as part of procurement.
What’s the minimum catalog depth for a compliance-focused LMS?
For a single-industry employer under 250 staff, a 30-topic catalog covers most needs. For multi-industry holding companies or mid-market employers (250 to 2,500 staff), 50+ topics is the practical floor. Above that, the question shifts from breadth to whether the platform can route the right course to the right learner — role-based assignment matters more than raw catalog size at scale.
Can one LMS cover both OSHA safety and HIPAA healthcare topics?
Yes, but most don’t. Pure-play LMS vendors like Litmos and iSpring require third-party content licensing for both. Marketplace platforms like Coggno ship OSHA and HIPAA in the same subscription — handy for healthcare employers (lab work, clinical staff, billing teams) where the workforce spans both regulatory regimes. The audit reports also roll up across both regimes in a single export.
