Skip to main content

Training Video Access by Framework

Updated this week

Feature availability: General Security Awareness training is included with all Vanta plans. Additional training categories are unlocked based on the frameworks enabled in your account. Training videos are not available as standalone add-ons.

Regular training helps organizations maintain compliance while reinforcing a strong culture of security and privacy. Vanta's security and privacy training library includes on-demand videos developed by our in-house security, privacy, and compliance experts. These trainings support key frameworks, helping ensure employees understand essential security and regulatory principles. The training categories available to you depend on the frameworks enabled in your Vanta account.

Training per framework

To explore additional frameworks, visit the Frameworks page in your Vanta account and open the Available tab to browse options or to schedule a call with a Vanta team member.

Training

Frameworks

General Security Awareness

  • Included with all Vanta plans

AI Risk

  • EU AI Act

  • ISO 42001

  • NIST AI RMF

CCPA

  • CCPA

  • GDPR

  • US Data Privacy

GDPR

  • GDPR

HIPAA

  • HIPAA

Insider Threat

  • CMMC 2.0

  • FedRAMP

  • NIST 800-53

  • NIST 800-171

  • PCI DSS

PCI DSS

  • PCI DSS

Secure Code

  • CIS Controls v8

  • ISO 27001:2022

  • Minimum Viable Secure Product (MVSP)

  • NIST CSF

  • PCI DSS

Social Engineering

  • NIST 800-53

  • OFDSS

  • PCI DSS

Training topics

Vanta’s training videos are developed by our in-house security, privacy, and compliance experts to help employees understand essential security and regulatory principles. The content is designed to be clear and practical, supporting a strong culture of security and privacy across your organization.

General Security Awareness

  • Reporting suspicious activity

  • Protecting your accounts

  • Passwords and passphrases

    • Password managers

    • Multi-factor authentication (MFA)

  • Common attacks

    • SIM swapping

    • Credential stuffing

    • Malware

    • Ransomware

  • Social engineering

    • Phishing

    • Patterns and tactics

    • Social media best practices

    • Reporting suspicious messages

  • Protecting your devices

    • Screen locking

    • Biometrics and passcodes

    • Device updates

  • Protecting sensitive information

    • Principle of least privilege

    • Secure data handling

  • Office security and remote work

    • Whiteboard hygiene

    • Clean desk best practices

    • Secure document handling and disposal

    • Remote work best practices

AI Risk

  • AI overview

  • Emerging laws and regulations

  • Key definitions

  • Machine learning

  • Neural networks

  • Deep learning

  • Workplace applications

  • AI risk and context

    • Context and data

    • Potential for harmful impacts

    • Unintended harms

    • Intentional abuses

    • Examples of risks

    • Data poisoning

    • Tampering or exploitation

  • Principles to follow

  • Industry frameworks and resources

    • NIST AI RMF

    • ISO 42001

    • OWASP AI Privacy and Security Guide

CCPA

  • CCPA and CPRA Overview

  • CPRA applicability

  • Personally Identifiable Information PII)

  • Sensitive Personal Information (SPI)

  • Consumers

  • Consumer privacy rights

    • Right to know

    • Right to delete personal information

    • Right to opt out of sale or sharing of personal information

    • Right to non-discrimination

  • Privacy policy requirements

  • Consent preferences

    • Opt out of sale of consumer data

    • Global opt-out mechanism

    • Do not sell my personal information

    • Do not share my personal information

    • Opt-out for minors between 13-16 years old

    • Consent from parent or guardian for children

  • Receiving and reviewing CPRA requests

    • Requirements

    • Response time

    • Verification procedures

    • Fraudulent requests

    • Requirements and reasonable security

  • Maintaining CPRA compliance records

GDPR

  • GDPR overview

  • Key GDPR definitions

    • Data controllers

    • Processors

    • Data subjects

  • Personal data

  • Special categories of personal information

  • Data Protection Impact Assessments

  • Privacy by Design

  • Key principles of GDPR

    • Lawfulness, fairness, and transparency

    • Purpose limitation

    • Data minimization

    • Accuracy

    • Storage limitation

    • Integrity and confidentiality

    • Accountability

  • Records of Processing Activity (ROPA)

  • Criteria for processing personal information

    • Consent

    • Protect vital interests

    • Legitimate interest

  • GDPR data rights for individuals

    • Right to be informed

    • Right of access

    • Right to rectification

    • Right to erasure

    • Right to restrict processing

    • Right to data portability

    • Right to object

    • Right to object to automated processing

  • Data Subject Access Request

    • Regulated response time

    • Verification of requests

  • Data Protection Officer (DPO)

  • GDPR reporting requirements and fines

HIPAA

  • HIPAA Overview

  • Key HIPAA definitions

    • Covered entities and business associates

    • Business Associate Agreement

  • Personally Identifiable Information (PII)

  • Protected Health Information (PHI)

  • HIPAA Patient Rights

  • HIPAA Privacy Rule

  • Threats to patient data

  • Securing patient data and sensitive information

    • How to protect PII and PHI

    • Verification and confirming authorization

    • Security best practices

    • Removable media

    • Data handling policies

  • Reporting potential incidents

  • HIPAA violations and consequences

Insider Threat

  • Insider threat overview

  • Key definitions

  • Intentional and malicious threats

    • Fraud

    • Workplace harassment and violence

    • Leaks of sensitive information

    • Intentional sabotage

    • Theft

    • Security incidents

    • Data manipulation

    • Malware

  • Behavioral changes and situations

  • Complacency and negligence

    • Ignoring security and IT updates

    • Misplacing sensitive information

    • Ignoring secure processes and systems

  • Accidental disclosure and impact

  • Reporting suspicious incidents

  • Protecting sensitive information

    • Principle of least privilege

    • Sharing and level of access

    • Best practices for sharing sensitive information

PCI DSS

  • PCI DSS overview

  • Key PCI definitions

  • Cardholder data

  • Data breaches and financial motivation

  • Principles for safeguarding cardholder data

    • Protecting your online accounts

    • Passwords and passphrases

    • Password managers

    • Entering credit card numbers

    • Secure disposal

    • Safeguarding payment devices

    • Tamper checks

    • Protecting payment information

    • Confidentiality

    • Office security best practices

  • PCI DSS compliance requirements and violations

  • Reporting potential incidents

Secure Code

  • Secure code training overview

  • Guidelines and examples for secure coding

  • Principles for secure software design

  • Secure Software Development Lifecycle (SSDLC)

  • Threat modeling

  • Organizational policies

  • OWASP Top 10

  • Additional resources

Social Engineering

  • Social engineering overview

  • Social media best practices

  • Phishing

  • Reporting suspicious incidents

  • Recognizing patterns and tactics used

    • Urgency

    • Fear

    • Greed

    • Curiosity

    • Helpfulness

    • Time pressure

Previewing a training

When you use Vanta’s built-in training videos, they're housed directly within the Vanta platform, where employees can view and complete them from their onboarding page. Once assigned, employees must watch the video in full before the task is automatically marked complete. Vanta’s training videos follow a standardized format and they aren't customizable.

These videos are automatically mapped to your Vanta account's appropriate compliance and security controls based on the frameworks you have enabled.

To preview a training video available in your account:

  1. In the Personnel section of your account, open the People page.

  2. Click the Groups tab and open any group.

  3. In the Tasks tab, click Trainings.

  4. In the Manage trainings modal, turn on a training category and select Vanta as the training source.

  5. Click the ••• menu and select ✎ Edit to preview the video.

  6. Click Cancel to close the modals without making changes.

When you assign trainings to personnel, you can choose your training source—including Vanta’s built-in videos, a supported integration, or custom training content.