With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems.
Establishing Access Review Settings
- From the left-hand navigation panel, select Access
- Select Acces Reviews from the Access menu
- Establish the following settings:
- Admin Point of Contact: Who will be primarily responsible for reviews?
- Recurrence: How often should your company be completing access reviews?
- Due Date: Once a review has been started, how many days are you allowing for completion?
- Reminders: When will notifications be sent to remind users before reviews start or are due?
- External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.
Starting an Access Review
- From the Access Review Page, select Create
- Give the review a clear title, and select the vendors that will be in-scope for this review
- Select Create review
- The review page will list your vendors and information related to the access file
- If the access file is listed as Synced, the integration between the platform and Vanta has brought in the necessary information
- If you see, Connect, this means the integration must be connected to obtain the needed information
- If you see Upload File, you can follow the steps to upload a file manually
- Once access files are available for all in-scope vendors, select Start Review
When you start a review:
-
All your assigned reviewers will be notified
-
Once started, you will not be able to
-
Add or remove vendors
-
Re-upload access files
-
Performing the Review
- Click on the vendor from the specified review page
- A list of accounts will appear
- You will need to choose
- Check: Maintain access: The user keeps access
- X Remove access: Clicking the X will not cause that user to lose access to the associated system. Rather, it will kick off a remediation flow. We cannot currently write any changes to your systems
- Clicking into the user will allow you to view detailed information, as well as add notes
- All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the > next to the owner's name and make the necessary changes.
- When all access accounts have been reviewed, select Submit.
Creating a Schedule
- Select Create
- Select Create a schedule
- Select Create a custom schedule, or select one of the pre-provisioned schedules from the Select a Starting point page
- Select Next
- Configure the settings
- Identify the schedule owner, and the schedule name. Select the start date, how long the access review will take, and how often you want this review to be done
- Define the scope by selecting the systems to include
- Finalize the schedule and select Save Schedule
- Access Review schedules can be found by clicking Settings in the top right-hand corner
Deleting a Review
- Select the draft or review to be removed
- Select More, and then Delete
Exporting a Review
- Select the draft to be reviewed
- Select More, and then Export
Filter by Status
- From the Access Reviews Page, select Filter by Status
- Choose the status to filter by, and results will populate the page
<%= heading %>