With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems.
Establishing Access Review Settings
- From the left-hand navigation panel, select Access Reviews
- Select Settings from the top right-hand corner
- Establish the following settings:
- Admin Point of Contact: Who will be primarily responsible for reviews?
- Recurrence: How often should your company be completing access reviews?
- Due Date: Once a review has been started, how many days are you allowing for completion?
- Reminders: When will notifications be sent to remind users before reviews start or are due?
- External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.
Starting an Access Review
- From the Access Review Page, select Create Draft
- Give the review a clear title, and select the vendors that will be in-scope for this review
- Select Create Draft review
- The review page will list your vendors and information related to the access file.
- If the access file is listed as Synced, the integration between the platform and Vanta has brought in the necessary information.
- If you see, Connect, this means the integration must be connected to obtain the needed information.
- If you see Upload File, you can follow the steps to upload a file manually.
- Once access files are available for all in-scope vendors, select Start Review.
When you start a review:
-
All your assigned reviewers will be notified
-
Once started, you will not be able to
-
Add or remove vendors
-
Re-upload access files
-
Performing the Review
- Click on the vendor from the specified review page
- A list of accounts will appear
- You will need to choose
- Check, Maintain access: The user keeps access
- X, Remove access: Clicking the X will not cause that user to lose access to the associated system. Rather, it will kick off a remediation flow. We cannot currently write any changes to your systems
- If you would like to provide additional context, you Add a Note
- All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the pen icon next to the owner's name and make the necessary changes.
- When all access accounts have been reviewed, select Submit.
Deleting a Review
- Select the draft or review to be removed
- Choose Delete from the top right-hand corner
Exporting a Review
- Select the draft to be removed
- Choose Export from the top right-hand corner
Filter by Status
- From the Access Reviews Page, select Filter by Status
- Choose the status to filter by, and results will populate the page