Creating Custom Policies

  • Updated

Creating Custom Policies 

  • From the left-hand navigation panel, select Policies 
  • From the top right-hand corner, select + Custom Policies
  • Add a policy title and policy description
  • Select Create 

Screenshot_2023-04-25_at_11.18.51_AM.png

  • Use the policy editor tool to draft the policy, upload it from your computer, or sync a file from Confluence or Google Drive
  • Once the policy is drafted, you can continue to edit, or submit it for approval 

Screenshot_2023-04-25_at_11.21.14_AM.png

  • When submitting for approval, choose the approver or approve the policy yourself if you have admin permissions. 

Screenshot_2023-04-25_at_11.21.14_AM.png

  • Approve the employee assignment. When approved, the listed Employee Groups will be asked to accept this policy. 
    • Note: These are all the Employee Groups with a checklist that has "Select All" checked in the Policy Acceptance category for Ongoing Tasks

Screenshot_2023-04-25_at_11.23.58_AM.png

Linking Custom Policies to Frameworks and Controls

Two new policy tests will be created for each custom policy. These tests will monitor that these custom policies are revised and approved annually and that each approved version is accepted by all relevant employees. All new tests appear on the Tests page under the Policies category.

To link the policy to related Frameworks and Controls:

  • From the left-hand navigation panel, select Tests 
  • Search for the test related to your custom policy
  • Select the test you want to link to a Framework or control, then scroll down to the Related frameworks and controls section. Click + Add Control

Screenshot 2024-06-13 at 3.13.56 PM.png

  • Search for the control you want to link. Results can be filtered by searching keywords or using the Framework filter options

Screenshot 2024-04-08 at 9.28.36 am.png

  • Once the applicable control has been found, click Add. The frameworks and controls will be linked to this test and the related policy. Repeat these steps for each test. 

Deactivate Unused Policy Tests

Once all your custom policies have been imported and mapped to relevant controls, you must deactivate any unused policy tests corresponding to Vanta policy templates you are not using. As an example, if you’re pursuing SOC 2, you will automatically see 15 Vanta policy templates in your Policies page. Let’s say you import a custom asset management and information security policy, meaning you do not plan to use Vanta’s Asset Management and Information Security Policy templates. You will need to deactivate the corresponding policy tests associated with these policies to remove them from your Policies page and unmap these tests from the related controls. If you do not deactivate these tests, your controls will continue to show as they need attention.

  • On the Tests page, find the policy tests corresponding to the Vanta policy templates you do not plan to use.  You can do this by searching the name of the policy and finding the test that indicates “Company has an approved <policy name>.”

 

  • Click the policy test and select Deactivate. 

 

  • Repeat this for any policy templates you do not plan to use.  Once the policy test is deactivated, this policy template will no longer appear on your Policies page, and the test will be removed from your controls. 
    • You can always reverse this action by going into your deactivated tests and clicking reactivate monitoring on the test you want to reactivate.