We use Curricula (Huntress) integrated with Vanta to support SOC 2 compliance.

Vanta evaluates security awareness training on a rolling 365-day basis, requiring evidence that users have completed an approved security awareness training within the last year.

Currently, security awareness trainings in Curricula are assigned as one-time or admin-scheduled assignments. When users re-take the same training, the original completion date is retained, and there is no way to automatically re-assign or renew the training based on an individual user’s completion date.

This creates challenges for compliance workflows:

Users with more than one year of tenure are flagged as non-compliant in Vanta, even if they re-complete the training

Administrators must manually re-assign the same training to all users on a fixed schedule, even when some users completed it recently

There is no way to notify users when a training is due again based on elapsed time since last completion

Requested Enhancements

We would like to request support for one or more of the following capabilities:

Per-user annual renewal of a training (e.g. re-assign 365 days after last completion)

Ability to reset or update the completion date when a user re-completes a training

Automated notifications when a user is due to complete a recurring security awareness training

Native support for annual security awareness requirements aligned with compliance tools such as Vanta

These features would significantly improve alignment with SOC 2 and similar compliance frameworks, and reduce manual administrative overhead.