Access Reviews

  • Updated

With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems. 

Establishing Access Review Settings 

  • From the left-hand navigation panel, select Access Reviews
  • Select Settings from the top right-hand corner 

 

Screen_Shot_2022-11-22_at_11.09.38_AM.png

 

  • Establish the following settings:
    • Admin Point of Contact: Who will be primarily responsible for reviews?
    • Recurrence: How often should your company be completing access reviews? 
    • Due Date: Once a review has been started, how many days are you allowing for completion?
    • Reminders: When will notifications be sent to remind users before reviews start or are due?
    • External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.

AccessReviewSettings.png

Starting an Access Review

  • From the Access Review Page, select Create Draft

 

Screen_Shot_2022-11-22_at_11.18.07_AM.png

 

  • Give the review a clear title, and select the vendors that will be in-scope for this review
  • Select Create Draft review

 

AccessReviewSelect.png

 

  • The review page will list your vendors and information related to the access file.
  • If the access file is listed as Synced, the integration between the platform and Vanta has brought in the necessary information. 
  • If you see, Connect, this means the integration must be connected to obtain the needed information. 
  • If you see Upload File, you can follow the steps to upload a file manually.

AccessReviewDraft.png

  • Once access files are available for all in-scope vendors, select Start Review.

When you start a review:

  • All your assigned reviewers will be notified

  • Once started, you will not be able to

    • Add or remove vendors

    • Re-upload access files

Performing the Review

  • Click on the vendor from the specified review page
  • A list of accounts will appear
  • You will need to choose 
    • Check, Maintain access: The user keeps access 
    • X, Remove access: Clicking the X will not cause that user to lose access to the associated system. Rather, it will kick off a remediation flow. We cannot currently write any changes to your systems
  • If you would like to provide additional context, you Add a Note

 

Screen_Shot_2022-11-22_at_11.31.36_AM.png

 

  • All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the pen icon next to the owner's name and make the necessary changes.

 

Screen_Shot_2022-11-22_at_11.33.06_AM.png

 

  • When all access accounts have been reviewed, select Submit.

 

Deleting a Review

  • Select the draft or review to be removed 
  • Choose Delete from the top right-hand corner 

 

Screen_Shot_2022-11-22_at_11.36.07_AM.png

 

Exporting a Review

  • Select the draft to be removed 
  • Choose Export from the top right-hand corner 

 

Screen_Shot_2022-11-22_at_11.37.27_AM.png

 

Filter by Status

  • From the Access Reviews Page, select Filter by Status 
  • Choose the status to filter by, and results will populate the page

 

Screen_Shot_2022-11-22_at_11.38.57_AM.png

Was this article helpful?

Have more questions? Submit a request