## Why It Matters

Different companies answer to different frameworks. A US health-tech vendor needs HIPAA workforce training; a European SaaS needs GDPR staff-awareness; almost everyone selling B2B eventually needs SOC 2 or ISO 27001. Writing any one of those decks from scratch — the slides, a defensible quiz, a legally sound attestation — is days of work you shouldn't repeat per framework.

Kit ships a **template library**: a curated set of complete, audit-ready certification decks you can browse and seed in a couple of clicks. Pick the framework you're being audited against, answer a few questions about your company, and you have a finished program to refine — not a blank page.

## Browsing the Library

From the Training dashboard, click **Build from template** to open the gallery at `/training/templates`. The library shows one card per framework, each with its name, a short description, the language, and an approximate slide and question count. Click **Use this template** on the card you want.

> [!NOTE]
> The template library is **admin-only**. The **Build from template** link and the gallery are visible to account admins, the same people who author and publish programs. Participants never see it — they only take the training they're invited to.

## The Four Frameworks

Every deck follows the same shape: an ordered set of content slides, a multiple-choice knowledge check, and a sign-off attestation. Each is roughly **12–14 slides plus a knowledge check**, with company-specific facts written once as `{{ variables }}` and filled in from your answers.

| Framework | Deck covers |
|-----------|-------------|
| **SOC 2** | The all-hands annual security-awareness and business-continuity deck: phishing, credentials, MFA, device security, data handling, remote work, dependency hygiene, AI tools, incident reporting, and continuity. |
| **GDPR** | Data-protection staff awareness: the core principles, personal vs. special-category data, lawful basis and consent, data-subject rights, minimization and retention, processors and DPAs, international transfers, privacy by design, and breach handling with the 72-hour duty. |
| **ISO 27001** | Information Security Management System (ISMS) awareness: what the ISMS is and why certification matters, the security policy, everyone's role, risk treatment, information classification, access control, cryptography, clear desk, operations and supplier security, incident reporting, and business continuity. |
| **HIPAA** | Workforce training for the Privacy Rule and Security Rule: what counts as PHI and ePHI, the minimum-necessary standard, permitted uses and disclosures, patient rights, safeguards for devices and communications, Business Associate Agreements, breach reporting, and secure disposal. |

> [!TIP]
> Not sure which one you need? Pick the framework named in the audit or certification you're pursuing. If you're covering general staff security awareness with no specific regime in mind, **SOC 2** is the broadest starting point.

## Language Selection

Template **content** (slides, quiz, attestation) is authored in English today. Each card in the gallery is resolved to your account's language automatically: Kit reads your account's `default_locale`, shows the matching variant when one exists, and otherwise falls back to the English deck. More languages are planned — as localized decks are added, the same account setting will surface them with no change on your side.

The gallery **chrome** — headings, buttons, counts — is already fully localized into every language Kit supports, so the page reads naturally even while the deck content itself is English.

## From Template to Program

Picking a deck seeds a **complete program**, then hands you straight to the smart-template Q&A to make it yours:

1. **Choose** — On the gallery, click **Use this template** for the framework you want. Kit creates a program named after your account and seeds the full deck — every slide, the quiz, and the attestation.
2. **Fill in your specifics** — You land on the [smart-template questions](/docs/training-smart-template). Answer a short list about your company (name, password manager, incident contact, and so on); each answer fills the `{{ variables }}` across every slide and the attestation.
3. **Refine** — Review and edit slides, tune the knowledge check, and adjust the attestation text.
4. **Publish** — Once the program has at least one slide, a configured quiz, and attestation text, publish it and invite participants.

Each seeded program is independent and tenant-scoped: your content stays yours, and choosing a template never touches other programs.

## Re-seeding Is Safe

A program remembers which deck it came from. You can return to the [smart-template questions](/docs/training-smart-template) at any time, change an answer, and re-seed. Re-seeding is **idempotent** — each template slide is matched by its key and updated in place, so re-running never creates duplicates and never clobbers slides you added by hand.

> [!IMPORTANT]
> Re-seeding refreshes the template's own slides, quiz, and attestation from the deck it was seeded from. It always re-seeds **that same framework** — the deck you originally picked — so switching an answer and re-seeding safely pushes the new value through every template slide while leaving your custom slides untouched.

## For AI Agents (MCP)

The library is also reachable over Kit's MCP tools. `training_list_templates` returns the available frameworks with their counts for the account's language, and `training_seed_from_template` accepts a `template` parameter (a framework key like `soc2`, `gdpr`, `iso27001`, or `hipaa`) so an agent can seed the right deck. Omitting the parameter defaults to SOC 2.

## Next Steps

- [Build from the Smart Template](/docs/training-smart-template) — answer the company questions that fill in your seeded deck.
- [Editing Slides](/docs/training-editing-slides) — tailor the seeded slides or add your own.
- [Knowledge Check & Attestation](/docs/training-quiz-and-attestation) — tune the quiz and sign-off, then publish.
- [Reminders & Deadlines](/docs/training-reminders-and-deadlines) — how Kit follows up with participants who haven't finished.