Connecting task tracker accounts
If you already have your task tracker connected to your Vanta account, you can skip this step and head down to step 2.
- Navigate to the Integrations section on Vanta's navigation panel
- Select the Available Integrations tab, search for your task tracker, and select Connect
- You can enable read and write access if you want to be able to create task tracker issues from Vanta, but for VRM, you only need to allow read access
- Selecting Connect {task tracker} will take you to the platform website, where Vanta will request relevant access to your account.
- Your task tracker will then be connected, and you're ready to pull in security review tickets.
Create a procurement security review ticket in your task tracker
- From anywhere in your Task Tracker instance, create a ticket
- You don't need to use the vendor's name or any specific information about security reviews in the name or description of the ticket
- Add the label of your choice
- Add the labels you would like brought into Vanta from the Integrations page.
- Select Manage on the integration
- Choose Task Tracking Labels
-
- Specify the vendor procurement labels you established in the task-tracking platform.
-
- Select Save
- Within an hour, Vanta will pull that ticket into your procurement requests in Vanta
Run a security review
- When the ticket populates in Vanta, you can click on the ticket title to see the ticket it's referencing or click anywhere else on the row to go to the vendor's procurement request page.
- On the vendor's procurement request page, you can input the vendor's name, the software category, and, optionally, your internal security owner for that vendor.
- Make sure to save changes
- Once you've added vendor information, you can navigate to the Complete security review section to add a security assessment (and, optionally, any other files you want to add - like your contract with the vendor or their data processing agreement), send a questionnaire via email or check out their Trust Page, if they have one.
- Once you upload a security assessment and write a quick summary of your findings and overall decision, you can mark the security review as complete! At that point, you can add this vendor to your managed vendor list.
- This vendor will now be visible in your vendor list