With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems.
Establishing Access Review Settings
- From the left-hand navigation panel, select Access
- Select Settings from the Access menu
- Establish the following settings:
- Admin Point of Contact: Who will be primarily responsible for reviews?
- Recurrence: How often should your company be completing access reviews?
- Due Date: Once a review has been started, how many days are you allowing for completion?
- Reminders: When will notifications be sent to remind users before reviews start or are due?
- External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.
Starting an Access Review
- From the Access page, select Reviews
- From here, you can create a review or create a review schedule
- Give the review a clear title, and select the vendors that will be in-scope for this review
- Select Create draft review
- The review page will list your vendors and information related to the access data
- If the Access Data is listed as Synced, Vanta has brought in the necessary information.
- If you see Connect, the integration must be connected to obtain the needed information.
- If you see Upload File, you can follow the steps to upload a file manually
- Once access files are available for all in-scope vendors, select Start Review
When you start a review
-
All your assigned reviewers will be notified
-
Once started, you will not be able to
-
Add or remove vendors
-
Re-upload access files
-
Performing the Review
- Select Start Review
- Click on the vendor from the specified review page
- A list of accounts will appear
- You will need to choose
- Check: Maintain access: The user keeps access
- X Remove access: Clicking the "X" will not cause that user to lose access to the associated system. Rather, it will kick off a remediation flow. We cannot currently write any changes to your systems
- Clicking on the user will allow you to view detailed information and add notes.
- All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the > next to the owner's name and make the necessary changes.
- When all access accounts have been reviewed, select Submit
Import User Data
For unintegrated systems, users needed to fill out a user data template with all users and their roles in a system or upload a screenshot.
-
Upload screenshots or a PDF of user accounts.
- Capture your user accounts with screenshots or a PDF from the system. We’ll convert them into an access file using our AI-powered image parser. This is the easiest option if the account and role information is easily readable.
-
Prepare and upload your own access file
- Download our editable access file template (.csv) and fill out user accounts and details independently. This is a good option if the user list does not contain account details, such as role.
Creating a Schedule
- Select Create
- Select Create a schedule
- Select Create a custom schedule, or select one of the pre-provisioned schedules from the Select a Starting point page.
- Select Next
-
Configure the settings
- Identify the schedule owner and the schedule name. Select the start date, how long the access review will take, and how often you want this review to be done
- Define the scope by selecting the systems to include
- Finalize the schedule and select Save Schedule
- Access Review schedules can be found from the Settings tab
Deleting a Review
- Select the ... button next to the draft or review to be removed
- Select Delete
Exporting a Review
- Select the draft to be reviewed
- Select More, and then Export
Filter by Status
- From the Access Reviews Page, select Filter by Status
- Choose the status to filter by, and results will populate the page