Getting Started with the Personnel Hub

  • Updated

During your compliance journey, an important step is ensuring all personnel linked to your company (employees, contractors, etc.) meet compliance requirements.  You can monitor your employees, devices, and access through Vanta's Personnel hub and ensure your company is compliant and secure.

What is the Personnel Hub? 

The personnel hub groups pages related to your employees, assets, and level of access users have to systems.

  • People Page: Assign compliance tasks to your employees and track their completion
  • Computers Page: Monitor computers and ensure they are configured properly
  • Access Page: Track that your only employees have access to only the systems they’re supposed to

Getting Started in the Personnel Hub

First, you need to import your employees into Vanta so that we have a full list of your company's employees. After this step, your People Page will accurately represent your company's employees.

1. Import Personnel

a. Connect your Identity Provider 

Vanta imports your list of employees from Identity Providers (IdPs). This information is critical to keeping track of their compliance requirements. You can connect your IdP from the Integrations Page

Once you import your employees, you should scope out any employees unrelated to your audit. You can scope employees by finding any integrated IdP on the Integrations Page and selecting Configure Scope.

If you cannot integrate your IdP with Vanta, you can manually add employees

b. Connect your HRIS

Vanta uses human resources information systems (HRIS) to track more information relevant to compliance and security. HRIS systems enable us to track who your current employees are when employees go on leave, team managers, and more.

Vanta will automatically link accounts in your HRIS to employees in Vanta based on matching emails and names. If we can’t automatically link employees, we’ll show a banner on the People Page, through which you can manually link HRIS accounts to employees.

c. Manage Employees

After connecting your IdP/HRIS, review the People Page to ensure the information is accurate. You can take the following steps:

  • Mark as “not a person”: You can mark service accounts or other non-human accounts as Not a person. These accounts can still be accessed but will not be assigned tasks.
  • Scope out employees: You can scope out anyone on your People Page who isn’t relevant to your audit.
  • Mark on leave: If someone is on leave, you can mark them as such, and all their tasks will be paused.

2. Assign tasks to your employees

Tasks are how you track in Vanta that your employees complete their security requirements. A task is a security requirement assigned to an employee in your company and must be completed. Tasks can serve different purposes, such as ensuring employees have background checks, have accepted policies, or have installed a device monitoring tool onto their computer. See the full list of tasks here. Tasks are assigned to employees through groups and checklists. A task is assigned to an employee by adding the task to their group’s checklist.

You can assign tasks to employees by adding an employee to a group and assigning a checklist. Once you do, the functions in that group’s checklist will be transferred to that employee.

  • Default group: New Vanta accounts automatically have a default group with an empty checklist assigned. This group has all your company’s employees; any new employees will automatically be added. If you’d like to keep things simple, we recommend only using the default group and assigning tasks to it by editing its checklist.
  • Create additional groups: If you’d like to assign tasks to only certain segments of your employees, you can create additional groups with their checklists.
    • For example, some customers only need their full-time employees to accept policies, not contractors. In this scenario, they would create a group for full-time employees, add their full-time employees, and assign a checklist to that group with the policy acceptance task enabled.
    • If you plan to create more than 5 groups, we recommend importing groups from your IdP. This way, you’ll be able to manage all your groups in one place and not need to move employees around within Vanta.

If you’re unsure what tasks to assign, we recommend assigning all the security tasks in Vanta to your full org using the default group.

How do tasks relate to tests?

  • Tasks feed directly into tests, which is how your auditor will know you’ve kept your security commitments. When a task is assigned to an employee, the corresponding test will fail until the task is completed. See here to learn more about which tasks map to which tests.
Questions or want to go deeper? See our in-depth article on tasks, groups, and checklists.

a. Background checks

A background check is a process through which employers leverage private and public information to screen prospective or current employees. There are different background checks, but common ones include criminal history checks, employment verifications, and education verifications. Most compliance frameworks require that you screen your employees. Running background checks is usually the easiest and most automated way to fulfill this requirement. You typically don’t need to run background checks on existing employees, just going forward on new employees.

Set up background checks with Vanta

If you already have a background check provider, you can integrate it with Vanta on the Integrations Page. Once connected, Vanta will pull all the background checks and automatically link them to your employees based on name and email.

  • Sometimes, we can’t auto-link background checks because they are run using personal emails that are not in Vanta (Vanta fetches personal emails from HRIS tools when feasible). If this occurs, you can manually link background checks to your employees or upload URLs that link to an employee’s background check. 

Assign background check tasks

  • Add background check tasks to the relevant group(s) to assign them to your employees. If you want to run background checks only on employees who joined your company after a specific date, select Choose start date.
When in doubt, we recommend assigning background check tasks to all employees

 

 

By this point, you should have your company’s policies created through the Policies Page (if not, we recommend doing so before assigning this task). Once your company’s policies are in Vanta, your employees must agree to these policies.

Assign policy acceptance tasks

  • Add policy acceptance tasks to your employees by adding the task to the relevant group(s). You can select which policies your employees must agree to in the task. Once employees are assigned a policy acceptance task, they will be notified to log into Vanta and prompted to read and accept those policies.
When in doubt, we recommend selecting all of your policies witin the policy acceptance task 

 

c. Device monitoring

To build a strong security and compliance foundation, organizations need to be able to view, manage, and secure devices such as laptops and desktops. Through Vanta, you can monitor your company’s computers, ensure every employee has a monitored computer, and ensure that your company’s computers are secure.

Set up device monitoring with Vanta

  • Many customers monitor their company’s computers through a Mobile Device Management (MDM) tool or other device monitoring software. If you don’t already have an MDM, you can leverage the Vanta Agent, a lightweight software that your employees can install onto their computers to monitor them for compliance requirements. Once your employees install the Vanta Agent onto their computers, the computers will appear on the Computers Page. 

If you already have a supported MDM, integrate it with Vanta on the Integrations Page. Once connected, Vanta will pull all the computers from the MDM and automatically link them to your employees based on name and email. These computers will appear on the Computers Page.

Assign device monitoring tasks

Assign device monitoring tasks to your employees by adding the “Require device monitoring” task to the relevant group(s). The next steps depend on whether you’re leveraging the Vanta Agent or an MDM:

  • Vanta Agent: Select “Prompt employees to install the Vanta Agent within the device monitoring task.” If this is selected, employees with this task can log into Vanta and install the Vanta Agent onto their computer. Once they do so, the computer will appear in Vanta, and the task will be completed.
  • MDM: Select “Don't prompt employees to install the Vanta Agent.” If this is selected, employees with this task will be required to have a computer monitored by your MDM, and they will not be able to download the Vanta Agent.
If you don’t have an MDM, we recommend leveraging the Vanta Agent - it’s simple and free! If you have an MDM, we recommend leveraging that by integrating it with Vanta..

d. Security & privacy training

Security and privacy training are training (often through videos) that your employees must complete for you to complete compliance requirements.

Set up training with Vanta

  • Vanta offers a built-in training video library covering all the topics your employees need to meet compliance requirements. We recommend leveraging this library. Learn more about Vanta’s built-in security and privacy training.

If you have a learning management system (LMS) that you leverage for employee training, you can integrate it with Vanta on the Integrations Page and link the pieces of training to compliance requirements. Learn more about integrating third-party LMS tools with Vanta.

Assign device monitoring tasks

Assign security & privacy training tasks to your employees by adding the “Security and privacy trainings” task to the relevant group(s) and turning it on for each video in your account. The next steps depend on whether you’re leveraging Vanta’s built-in library or a third-party tool: 

  • Built-in videos: Click the “Vanta training” option for each video. Once assigned, employees with this task can log into Vanta and watch these training videos. Once they watch the videos, the tasks will automatically be completed.
  • External/custom videos: If you’re leveraging an LMS integrated with Vanta, the “Custom training” option will be auto-selected. Employees assigned to this task will need to watch the training in your LMS, and the task will auto-complete once they do. If your LMS is not integrated with Vanta, you can provide your employees with a custom URL and instructions. Once assigned, they can log into Vanta, be redirected to those trainings, and verify that they completed them. Learn more.

e. Custom tasks

You can create additional custom tasks within Vanta to track requirements for your employees that Vanta may not support. These tasks can be for admins or include screenshots or text entries that employees must sign in and complete.

Set up custom tasks

  • From the Checklists Page, you can create or edit a custom task. Learn more.

Assign custom tasks

  • Assign custom tasks to your employees by adding a custom task to their groups’ checklists. Learn more. You can select whether this task is for admins or employees and optionally submit custom instructions. For employee custom tasks, you’ll also be able to set optionally:
    • File upload requirements: If set, the employee must upload a file to complete the task.
    • Text submission requirements: The employee must submit a text answer if set.

3. Turn on notifications for your employees

We highly recommend turning on automatic notifications. Customers with notifications enabled are more likely to have their employees successfully complete their tasks.

Once you assign tasks to your employees, turn on notifications. Once notifications are turned on, Vanta will automatically notify your employees when they have incomplete tasks to complete in Vanta.  Turn on notifications by going to your Company Settings and enabling the toggle next to “Employee reminders.” You can notify your employees through email, Slack, or both.

4. Monitor task completions

You can monitor your employees’ progress toward completing their tasks on the People Page.

  • You can filter the People Page by “Tasks due soon” and “Tasks overdue” to see all your employees with incomplete tasks.
  • Click on an individual employee to view their tasks (both incomplete and complete). From this drawer, you can also take action depending on the types of incomplete tasks.
    • Employee task: If the incomplete task requires action by the employee, they must sign in to Vanta to complete the task. Make sure you have notifications enabled. You can also send a one-time reminder from the drawer.
    • Admin task: If the incomplete task requires admin action, such as linking a background check to the employee, you can take that action directly from the drawer.
Once your employees’ tasks are complete, the corresponding tests on the Tests Page will pass