Your security and compliance program requirements include ensuring that personnel's laptops are protected effectively. This is often done through an MDM (Mobile Device Manager) or the Vanta Device Monitor. These tools report back security information to Vanta. However, there may be instances when personnel prefer not to download these tools on their devices, and manual evidence should be collected instead.
Evidence Collection
Vanta requires four types of security checks on personnel's devices. These include hard drive encryption, a password manager, anti-virus software, and a screen lock. Typically, the Vanta Device Monitor or an MDM collects this information and feeds it back into Vanta.
If personnel under the scope of your audit do not want to download the MDM or Vanta Device Monitor onto their device. In that case, it is still essential to provide evidence detailing that the relevant security checks have been met. There are a few ways to provide manual evidence within Vanta for this purpose.
Creating a Custom Document
The first option would be to create a custom document for personnel who do not have an MDM or Vanta Device Monitor installed on their device.
From the Documents page, select Add document.
Add the relevant details as they pertain to the document, and then select Create document.
Collect evidence from your personnel indicating they have the proper security checks enabled; screenshots are a common practice for evidence collection.
Upload evidence as needed, and mark the document complete when ready.
The controls you will want to map to this custom document will be the following:
If you have added users who won't be downloading an MDM or the Vanta Device Monitor into a specific group, we suggest adding this manual evidence collection as a custom task for their onboarding task list.