Vanta Security & Privacy Training

  • Updated

Vanta Security and Privacy Training

Vanta offers its own security and privacy training modules for Security Awareness (required for SOC 2, ISO 27001, NIST, and more), HIPAA, GDPR, CCPA/CPRA, and PCI DSS—all developed by our in-house team of security, privacy, and compliance experts to help ensure your employees learn about essential and required principles for each framework.  


Maintaining compliance with different standards and frameworks requires regular training to ensure employees are trained on security and privacy best practices related to their roles. In addition, providing high-quality and memorable training also helps ensure your company nurtures a strong culture of security and privacy all around.


Vanta’s security and privacy training library is housed directly within the Vanta platform—which means your employees can view and complete any required videos without leaving the Vanta onboarding page. Depending on the security and privacy framework(s) required, employees will see the required content on their onboarding page. Once watched in their entirety and submitted, any required onboarding tasks will automatically be marked as complete.



Topics covered



  • HIPAA Overview
  • Key HIPAA definitions
    • Covered entities and business associates
    • Business Associate Agreement
  • Personally Identifiable Information (PII)
  • Protected Health Information (PHI)
  • HIPAA Patient Rights
  • HIPAA Privacy Rule
  • Threats to patient data
  • Securing patient data and sensitive information
    • How to protect PII and PHI
    • Verification and confirming authorization
    • Security best practices
    • Removable media
    • Data handling policies
  • Reporting potential incidents
  • HIPAA violations and consequences



  • GDPR Overview
  • Key GDPR definitions
    • Data controllers
    • Processors
    • Data subjects
  • Personal data
  • Special categories of personal information
  • Data Protection Impact Assessments 
  • Privacy by Design
  • Key principles of GDPR
    • Lawfulness, fairness, and transparency
    • Purpose limitation
    • Data minimization
    • Accuracy
    • Storage limitation
    • Integrity and confidentiality
    • Accountability
  • Records of Processing Activity (ROPA)
  • Criteria for processing personal information
    • Consent
    • Protect vital interests
    • Legitimate interest
  • GDPR data rights for individuals
    • Right to be informed
    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restrict processing
    • Right to data portability
    • Right to object
    • Right to object to automated processing
  • Data Subject Access Request
    • Regulated response time
    • Verification of requests
  • Data Protection Officer (DPO)
  • GDPR reporting requirements and fines



  • CCPA and CPRA Overview
  • CPRA applicability
  • Personally Identifiable Information PII)
  • Sensitive Personal Information (SPI)
  • Consumers
  • Consumer privacy rights
    • Right to know
    • Right to delete personal information
    • Right to opt out of sale or sharing of personal information
    • Right to non-discrimination
  • Privacy policy requirements
  • Consent preferences
    • Opt out of the sale of consumer data
    • Global opt-out mechanism
    • Do not sell my personal information
    • Do not share my personal information
    • Opt-out for minors between 13-16 years old
    • Consent from parent or guardian for children
  • Receiving and reviewing CPRA requests
    • Requirements
    • Response time
    • Verification procedures
    • Fraudulent requests
    • Requirements and reasonable security
  • Maintaining CPRA compliance records



  • PCI DSS overview
  • Key PCI definitions
  • Cardholder data
  • Data breaches and financial motivation
  • Principles for safeguarding cardholder data
    • Protecting your online accounts
    • Passwords and passphrases
    • Password managers
    • Entering credit card numbers
    • Secure disposal
    • Safeguarding payment devices
    • Tamper checks
    • Protecting payment information
    • Confidentiality
    • Office security best practices
  • PCI DSS compliance requirements and violations
  • Reporting potential incidents 

→Learn more about Vanta’s Security Awareness Training


Setting up Security and Privacy Training

  • Admins can set up the desired security and privacy training modules from the Checklists settings page. We'd like not to make this change during an audit window, but Vanta has all prior evidence of training completions if a change is made.