Access Reviews

  • Updated

With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems. 

Establishing Access Review Settings 

  • From the left-hand navigation panel, select Access
  • Select Acces Reviews from the Access menu 

 

Screenshot 2023-08-25 at 4.07.56 PM.png

 

  • Establish the following settings:
    • Admin Point of Contact: Who will be primarily responsible for reviews?
    • Recurrence: How often should your company be completing access reviews? 
    • Due Date: Once a review has been started, how many days are you allowing for completion?
    • Reminders: When will notifications be sent to remind users before reviews start or are due?
    • External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.

AccessReviewSettings.png

Starting an Access Review

  • From the Access Review Page, select Create 

Screenshot 2023-09-07 at 4.46.06 PM.png

 

 

  • Give the review a clear title, and select the vendors that will be in-scope for this review
  • Select Create review

 

AccessReviewSelect.png

 

  • The review page will list your vendors and information related to the access file
  • If the access file is listed as Synced, the integration between the platform and Vanta has brought in the necessary information
  • If you see, Connect, this means the integration must be connected to obtain the needed information
  • If you see Upload File, you can follow the steps to upload a file manually
  • Once access files are available for all in-scope vendors, select Start Review

Screenshot 2023-08-25 at 4.11.08 PM.png

 

When you start a review:

  • All your assigned reviewers will be notified

  • Once started, you will not be able to

    • Add or remove vendors

    • Re-upload access files

Performing the Review

  • Click on the vendor from the specified review page
  • A list of accounts will appear
  • You will need to choose 
    • Check: Maintain access: The user keeps access 
    • X Remove access: Clicking the X will not cause that user to lose access to the associated system. Rather, it will kick off a remediation flow. We cannot currently write any changes to your systems

Screenshot 2023-08-25 at 4.13.07 PM.png

 

  • Clicking into the user will allow you to view detailed information, as well as add notes
  • All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the > next to the owner's name and make the necessary changes.
  • When all access accounts have been reviewed, select Submit.

 

Creating a Schedule 

  • Select Create
  • Select Create a schedule 

Screenshot 2023-09-07 at 4.50.08 PM.png

  • Select Create a custom schedule, or select one of the pre-provisioned schedules from the Select a Starting point page 

Screenshot 2023-09-07 at 4.52.12 PM.png

  • Select Next
  • Configure the settings
    • Identify the schedule owner, and the schedule name. Select the start date, how long the access review will take, and how often you want this review to be done
  • Define the scope by selecting the systems to include 
  • Finalize the schedule and select Save Schedule 
  • Access Review schedules can be found by clicking Settings in the top right-hand corner 

Screenshot 2023-09-07 at 4.54.59 PM.png

Deleting a Review

  • Select the draft or review to be removed 
  • Select More, and then Delete 

Screenshot 2023-08-25 at 4.15.56 PM.png

 

Exporting a Review

  • Select the draft to be reviewed
  • Select More, and then Export

Screenshot 2023-08-25 at 4.17.18 PM.png

 

Filter by Status

  • From the Access Reviews Page, select Filter by Status 
  • Choose the status to filter by, and results will populate the page

 

Screenshot 2023-08-25 at 4.18.05 PM.png

Was this article helpful?

Have more questions? Submit a request