## Why It Matters

Writing a security-awareness program from scratch means researching what to cover, drafting a dozen slides, building a quiz, and writing a legally sound attestation. The **smart template** does all of that in one step. It seeds a complete program from Kit's built-in SOC 2 security-awareness template, then asks you a short list of company questions to fill in the specifics.

## Seeding a Program

From the Training dashboard, click **Build from template**. Kit creates a new program (named after your account, e.g. *Acme Security Awareness Training*) and immediately seeds it from the template. You land on the **Smart template** questions.

The seeded program includes:

- **12 slides** covering: Welcome, How this works, Phishing & Social Engineering, Passwords & Your Password Manager, MFA / 2-Step Verification, Device & Endpoint Security, Data Handling & Classification, Safe Remote Work, Secure Software & Dependency Hygiene, Acceptable Use & AI Tools, Incident Reporting, and Business Continuity.
- A **7-question knowledge check** with a default pass mark of **86%** (6 of 7 correct).
- A **sign-off attestation** summarizing the controls each participant agrees to follow.

## Answering the Template Questions

The smart template asks structured questions. Each answer fills in a `{{ variable }}` that appears across the slides and attestation. Most have a sensible default; only some are required.

| Question | Required | Default |
|----------|:--------:|---------|
| Company name | Yes | — |
| Company password manager | Yes | 1Password |
| MFA / 2-Step Verification policy (one line) | Yes | Any factor except verification codes via text or phone call |
| URL where staff confirm their MFA enrollment | No | A Google 2-step settings URL |
| VPN used for internal access | No | the company VPN |
| Who staff report incidents to (name and contact) | Yes | — |
| Payment processor that tokenizes card data | No | Stripe |
| Where production runs (cloud + region) | No | Google Cloud, us-west1 |
| Public status page URL | No | — |
| Dependency cooldown in days before adoption | No | 3 |
| How often phishing simulations run | No | periodically |
| Compliance / evidence tracker | No | Vanta |
| Is there a separate IT/Security help desk? | No | No |

Fill in your company's details and save. Kit re-seeds the deck with your answers substituted in. If you leave the form untouched and seed with defaults, you still get a complete, sensible program to refine.

> [!TIP]
> The most important answer is **who staff report incidents to**. That contact appears throughout the slides and in the attestation, so use a name and channel people can actually reach.

## Re-seeding Is Safe

You can return to the **Smart template** at any time (from the program editor) and re-seed. Re-seeding is **idempotent**: each template slide is matched by its key and updated in place, so re-running never creates duplicates.

> [!IMPORTANT]
> Re-seeding updates the template's own slides and refreshes the quiz and attestation. Any slides you added by hand are left untouched — re-seeding never clobbers hand-authored content.

This means you can confidently change an answer (say, you switch password managers) and re-seed to push the new value through every slide, without losing custom slides you wrote yourself.

## What Happens to Your Answers

Your answers are stored once on the program and interpolated into slide copy and the attestation at render time. Only plain text values flow into the `{{ variables }}` — the substitution is a simple, safe fill-in, not executable logic.

## Next Steps

- [Edit Slides](/docs/training-editing-slides) — tailor the seeded slides or add your own.
- [Knowledge Check & Attestation](/docs/training-quiz-and-attestation) — review the quiz and sign-off, then publish.