Please note: This feature is currently in Preview.

Vanta allows you to manage compliance requirements at an even more granular level by defining compliance scope across distinct units within your organization. This new functionality, Adaptive Scoping for Business Units, is designed to help you, the administrator, easily model and manage your company's organizational structure within Vanta, especially if you manage multiple products or operational areas within a single workspace.

Setting Up Business Units and Segments

To begin using Adaptive Scoping, your first step is to create your Business Units and define the corresponding Segments. A Segment is Vanta's term for the combination of a Business Unit and a specific compliance framework (e.g., your Payments Product requiring SOC 2 compliance).

Creating Your Business Units

Follow these steps to establish your first Business Units:

Navigate to Settings in the left-hand navigation menu.
Locate and select the Business Unit configuration area.

Please note: You must contact your Customer Success Manager for assistance in adding business units or frameworks to your account before proceeding with configuration.

Once your Customer Success Manager has enabled the Business Units feature, click the appropriate button to create a new Business Unit.
You may create up to 20 business units in a single Vanta workspace.

Defining a Segment

After creating your Business Units, the next step is assigning the required compliance frameworks to complete the creation of your Segments.

Please note: To activate the Business Unit feature and assign enabled frameworks to your new Business Units, you must contact your Customer Success Manager (CSM). Your CSM must complete these steps to finalize the creation of your Segments before you can configure scoping.

Configuring Scope for Your Segments

After defining your Segments, you can configure exactly which systems, assets, groups, and people are included in their scope. The functionality and behavior for scoping are the same as Vanta’s existing Adaptive Scoping features, but the configuration is applied only to the specific Segment you are editing.

Scope Overview

The Scope Overview page provides a high-level summary of your Segment configuration, making it easy to confirm that the correct people and systems are in scope for each compliance requirement. To access and review your Segment scope:

Select Frameworks under the Compliance section in the left-hand navigation menu.
Click on the specific compliance framework you wish to review.
Select the Scope tab.
In the Segment dropdown menu, you can easily switch between your Segments to review the scope overview for each one.

Inventory Page

After configuring your systems and assets, the Inventory page allows you to view the final scope status of your assets based on the configuration settings you applied to the Segment.

To view the scope of assets based on your Segment configuration:

Select Inventory under the Assets section in the left-hand navigation menu.
Click the Segments dropdown and select the specific Segment you want to view.
The list of assets will now filter to display the assets and their corresponding scope for the chosen Segment.
This allows you to confirm that the systems and assets you intended to include are correctly marked as in scope.

Including Systems and Assets

Here is how you define the in-scope systems and assets for a Segment:

Select the Segment you wish to configure (e.g., the "Payments Product (PCI)" Segment).
Use the scoping interface to include or exclude a system and all of its assets as in or out of scope.

You can configure the scope at a granular level, either per account or per individual asset.
Decide how Vanta should handle any new assets that are added to the system in the future.