If you’re transitioning your security and compliance program from another platform into Vanta, this guide will walk you through the process. The goal is to ensure a seamless migration, maintaining your compliance posture while setting up Vanta’s automated monitoring and evidence collection.
1. Add Administrative Users
Invite any team members who were administrators in your previous tool. This ensures continuity of program ownership and provides the necessary access for configuration.
2. Connect All Relevant Integrations
Establish connections to your cloud providers, identity providers, device management tools, ticketing systems, and other integrations. These connections are essential to enable Vanta’s automation and real-time monitoring.
3. Upload Key Documents
Transfer critical documents from your previous platform into Vanta’s Documents section. Examples include:
Company policies and attestations
Background checks
Vendor due diligence materials
Security training records
SOC 2, penetration test, or other audit reports
Historical audit evidence (as needed)
4. Review Engineering Test Results
After integrations are connected, review the tests page. If a significant number of tests are failing, it may be necessary to adjust the scope of your integrations (e.g., connected cloud accounts or code repositories) to ensure complete coverage.
5. Reupload Policies and Background Checks
To maintain compliance tracking, upload current policy documents and background check confirmations. This ensures these requirements are being monitored within Vanta.
6. Adjust Policy Monitoring Where Needed
Some policy-based tests may not map directly from your previous system. In these cases, you may need to:
Deactivate monitoring for unmatched tests
Re-upload and relink documents using Vanta’s policy management tools
7. Match Users and Access Accounts
On the People and Access pages, ensure individuals are accurately matched to their corresponding accounts. This step supports correct access tracking and helps maintain least privilege principles.
8. Manage Security Awareness Training
You can either:
Export security training completion records from your previous tool and upload them into Vanta, or
Complete a new round of training through Vanta’s workflow (recommended to ensure freshness of training data)
If prior training is not being imported, consider disabling monitoring for those tests to avoid inaccurate alerts.
9. Migrate Vendor Information and Reports
Manually transfer vendor profiles and upload key documents such as SOC 2 reports, security questionnaires, and other risk-related materials. This will allow you to maintain a complete third-party risk register.
10. Complete or Import a Risk Assessment
You may either:
Upload your prior risk assessment as a document
Or complete a new assessment using Vanta’s built-in Risk Assessment Workflow (recommended to ensure alignment with your current controls and audit cycle)
11. Review Test Coverage
Compare the tests and control areas covered in Vanta with those in your previous tool. This ensures no critical tests are missed and your program remains audit-ready.
12. Final Walkthrough
Before concluding your migration:
Review all sections of the Vanta platform
Confirm that all relevant data has been transferred
Upload any remaining documents or evidence files