Assign, track, and evidence compliance training across your workforce.
The challenge
Training is assigned but not tracked. Completion rates are unknown. Refresher timelines slip. You have no evidence that staff understand their security responsibilities.
How Fig helps
Training assigned by role, location, or clearance level. Reminders escalate automatically. Progress tracked through course completion and assessment scores. Joiner-mover-leaver automation syncs with Workday, SuccessFactors, BambooHR, and ADP - new starters automatically receive training assignments, access provisioning, and policy sign-off requirements.
Courses delivered as videos, interactive modules, quizzes, and phishing simulations. Content adapts based on staff role and learning history.
Training expiry dates managed automatically. Refresher scheduling based on framework requirements (CMMC, ISO 27001, SOC 2, DORA). Escalations trigger for approaching expirations. Integrates with KnowBe4, Moodle, and LinkedIn Learning for content delivery.
Audit-ready proof of training assignment, completion, and assessment scores. Training effectiveness correlated with security incidents and compliance breaches.
Fig tracks mandatory training completion by role, enforces onboarding training gates before access is granted, escalates overdue training to line managers, and triggers remedial training automatically after policy violations.
Audit-ready workflow
Staff Training should not be treated as a standalone tool surface. In Fig it is part of a governed workflow: a signal is captured, an owner is assigned, a control or risk is updated, and evidence is retained so the organisation can prove what happened later.
Lifecycle
The Prove phase is where this capability sits in the wider Fig operating model. Training is assigned but not tracked. Completion rates are unknown. Refresher timelines slip. You have no evidence that staff understand their security responsibilities. Fig turns that problem into a repeatable lifecycle so MSPs, risk teams, and auditors are not relying on static spreadsheets or ad hoc screenshots when a buyer asks for proof.
Evidence captured
For staff training, useful evidence normally includes the triggering record, the affected asset or supplier, the control requirement, the assigned owner, the decision made, the timestamp, and the outcome. That evidence is mapped back to frameworks such as Cyber Essentials, ISO 27001, NIS2, DORA, GDPR, CMMC, and internal policy requirements where relevant.
Implementation checks
Useful references
The exact evidence required still depends on your scope, risk profile, sector, and framework obligations.
Built for you
Standardised training programmes across all clients. Completion metrics and white-label certifications demonstrate client security posture to their customers.
Learn moreMandatory security training embedded into onboarding and annual compliance cycles. Training tied to role changes and incident response requirements.
Learn moreComplete staff training records and assessment scores provided as evidence for security awareness and control effectiveness audits.
Learn moreProve
Map controls to 65+ frameworks. Collect evidence automatically. Stay audit-ready.
Automate policy lifecycle from drafting through approval, distribution, and attestation.
Plan, execute, and report on audits with structured evidence packs and findings tracking.
Common questions
Yes. You can upload custom videos, documents, and quizzes. Fig handles scheduling, reminders, completion tracking, and certification expiry management.
Phishing simulations are assigned alongside awareness training. Results feed into analytics showing which user groups are most vulnerable and need targeted remediation.
Yes. MSPs can manage training programmes across all client organisations from a single dashboard. Each client has isolated training records with portfolio-wide completion reporting.
Fig automatically assigns targeted remedial training to repeat offenders. Their progress is tracked separately, and managers receive escalation reports. You can configure the threshold for what counts as a repeat failure and the remediation path that follows.
Fig includes a built-in library of security awareness courses, phishing simulations, and compliance training modules. You can also upload your own content if you have organisation-specific material. Both types are managed through the same scheduling and tracking system.
Next step
Book a walkthrough tailored to your frameworks and tooling.
We only load non-essential analytics and advertising tags after explicit consent. You can review our cookie register in the cookie policy section and update your choice at any time via “Cookie settings” in the footer.