Your security and compliance program requirements include ensuring that personnel's laptops are protected effectively. This is often done through an MDM (mobile device manager) or the Vanta agent. These tools report back security information to Vanta. However, there may be instances when personnel prefer not to download these tools on their devices, and manual evidence should be collected instead.
Evidence Collection
Vanta requires four types of security checks on personnel's devices. These include hard drive encryption, password manager, anti-virus, and screen lock. Typically, the Vanta agent or an MDM would collect this information and feed it back into Vanta.
If personnel under the scope of your audit do not want to download the MDM or Agent onto their device, it is still essential to provide evidence detailing the relevant security checks have been met. There are a few ways to provide manual evidence within Vanta for this purpose.
Creating a Custom Document
The first option would be to create a custom document for the personnel without an MDM or Vanta agent installed on their device.
From the Documents page, select Add document
Add the appropriate details as they relate to the document, and select Create document
Collect evidence from your personnel indicating they have the proper security checks enabled; screenshots are a common practice for evidence collection.
Upload evidence as needed, and mark the document complete when ready.
The controls you will want to map to this custom document will be the following:
If you have added users who won't be downloading an MDM or the Vanta agent into a specific group, we suggest adding this manual evidence collection as a custom task for their onboarding task list.