Vanta Security and Privacy Training
Vanta offers its own security and privacy training modules for Security Awareness (required for SOC 2, ISO 27001, NIST, and more), HIPAA, GDPR, CCPA/CPRA, and PCI DSS—all developed by our in-house team of security, privacy, and compliance experts to help ensure your employees learn about essential and required principles for each framework.
Maintaining compliance with different standards and frameworks requires regular training to ensure employees are trained on best practices related to their roles, such as security and privacy. In addition, providing high-quality and memorable training helps ensure your company nurtures a strong culture of security and privacy.
Vanta’s security and privacy training library is housed directly within the Vanta platform—which means your employees can view and complete any required videos without leaving the Vanta onboarding page. Depending on the security and privacy framework(s) required, employees will see the required content on their onboarding page. Once watched in their entirety and submitted, any required onboarding tasks will automatically be marked as complete.
What are my options for security & privacy training?
Vanta offers security and privacy training videos developed by our in-house security, privacy, and compliance experts. These videos are automatically mapped to your Vanta account's appropriate compliance and security controls based on the frameworks you have enabled. Our videos are housed within the Vanta platform, so your employees can view and complete the videos without leaving the Vanta onboarding page. Learn more about Vanta’s built-in training library.
Topics covered
HIPAA
- HIPAA Overview
- Key HIPAA definitions
- Covered entities and business associates
- Business Associate Agreement
- Personally Identifiable Information (PII)
- Protected Health Information (PHI)
- HIPAA Patient Rights
- HIPAA Privacy Rule
- Threats to patient data
- Securing patient data and sensitive information
- How to protect PII and PHI
- Verification and confirming authorization
- Security best practices
- Removable media
- Data handling policies
- Reporting potential incidents
- HIPAA violations and consequences
GDPR
- GDPR Overview
- Key GDPR definitions
- Data controllers
- Processors
- Data subjects
- Personal data
- Special categories of personal information
- Data Protection Impact Assessments
- Privacy by Design
- Key principles of GDPR
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
- Records of Processing Activity (ROPA)
- Criteria for processing personal information
- Consent
- Protect vital interests
- Legitimate interest
- GDPR data rights for individuals
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to object to automated processing
- Data Subject Access Request
- Regulated response time
- Verification of requests
- Data Protection Officer (DPO)
- GDPR reporting requirements and fines
CCPA/CPRA
- CCPA and CPRA Overview
- CPRA applicability
- Personally Identifiable Information PII)
- Sensitive Personal Information (SPI)
- Consumers
- Consumer privacy rights
- Right to know
- Right to delete personal information
- Right to opt out of sale or sharing of personal information
- Right to non-discrimination
- Privacy policy requirements
- Consent preferences
- Opt out of the sale of consumer data
- Global opt-out mechanism
- Do not sell my personal information
- Do not share my personal information
- Opt-out for minors between 13-16 years old
- Consent from parent or guardian for children
- Receiving and reviewing CPRA requests
- Requirements
- Response time
- Verification procedures
- Fraudulent requests
- Requirements and reasonable security
- Maintaining CPRA compliance records
PCI DSS
- PCI DSS overview
- Key PCI definitions
- Cardholder data
- Data breaches and financial motivation
- Principles for safeguarding cardholder data
- Protecting your online accounts
- Passwords and passphrases
- Password managers
- Entering credit card numbers
- Secure disposal
- Safeguarding payment devices
- Tamper checks
- Protecting payment information
- Confidentiality
- Office security best practices
- PCI DSS compliance requirements and violations
- Reporting potential incidents
→Learn more about Vanta’s Security Awareness Training
Setting up Security and Privacy Training
- From the left-hand navigation panel, select People followed by Checklists
- When creating or editing a checklist from the Checklists tab, you can toggle on the privacy training you want to include in a group's security tasks
- We recommend not making this change during an audit window, but Vanta maintains all prior evidence of training completions if a change is made
-
- From the people page, you can email reminders to your employees to complete training and other security tasks.
- Select the three-dot menu and click Send reminder
How do I leverage my LMS with Vanta?
- First, integrate your LMS with Vanta and associate campaigns from the tool with trainings in Vanta.
- Second, assign training tasks to your employees by adding the task for each video to the relevant group(s). When assigning the tasks, “Custom training” will be auto-selected. Once your employees complete the associated training in your LMS, the task will auto-complete.