Employee tasks

  • Updated

Tasks are how you track in Vanta that each employee completed their security requirements. A task is a single security requirement for an employee in your company that is tracked and must be completed. Tasks can serve different purposes, such as ensuring employees have background checks, have accepted policies, or have installed a device monitoring tool onto their computer. 

 

 

 

Task Types

Ongoing tasks

  • Ongoing tasks are assigned to current employees. They include both onboarding tasks (tasks that must be completed when someone joins your company) and recurring tasks (for example, re-accepting company policies annually).

Offboarding tasks

  • Offboarding tasks are tasks assigned to former employees. An admin must complete these tasks for employees who left the company (for example, ensuring their access is removed from company systems).

 

Employee & Admin Tasks

Some tasks need to be completed by your employees, and some need to be completed by admins on behalf of employees. 

Employee tasks

  • Employee tasks are those that your employees need to complete. Usually, these tasks are ones that they can complete within Vanta. When an employee in your company has functions that can be completed in Vanta, they can sign in and access the Onboarding Page, which will walk them through completing their tasks. If you turn on employee notifications, your employees will automatically be sent reminders when they have tasks to complete within Vanta.

Admin tasks

  • Admin tasks are those that need to be completed by admins. Depending on the task, they can include running a background check or downloading an MDM onto an employee’s computer.

Assigning tasks to employees

Tasks are assigned to employees through groups and checklists. To assign a task to an employee, you should:

  • Add that employee to a group or find one of their existing groups
  • Edit that group’s checklist to include the new task (or create a new checklist for the group)

Task Due Dates / SLAs

  • Task due dates are calculated based on the SLAs configured for your account. When a new task is assigned, the due date will be X days after the task is assigned, as set in the SLAs
  • Task due dates are read from the tests mapped to each task. When a task is assigned, its due date will be populated once the corresponding test runs

 

Groups

A group is a grouping of employees within Vanta. All groups can be viewed and edited on the Groups Page.

Default group

  • The default group is created by default for all Vanta accounts. All employees are defaulted to this group, although they can be moved out.

Creating additional groups

You can manually create additional groups from the Groups Page:

  • Select Create new group
  • Fill out the information about the group
  • Once the group is created, you can add employees to it by clicking on the menu icon and Edit people in the group

 

Importing groups from an IdP

  • You can import groups from your IdP to use in Vanta. When employees are added to or removed from these groups in your IdP, this will also be reflected in Vanta. Vanta recommends IdP groups for customers with more than 100 employees who need additional groups, as they automate group management.

 

To import an IdP group:

  • Make sure your IdP is integrated
  • Click Import groups on the Groups Page
  • Select the group you want to import
  • Select the checklist to assign to this group

 

Employees in multiple groups

  • You are able to add a single employee to multiple groups. When an employee is in multiple groups, their tasks are the union of the tasks assigned to each of their groups (through that group’s checklist). This option is useful for customers who need to assign different tasks to different groups of employees that can overlap. For example, you might want to assign policy acceptances to all employees, background checks to US-based employees, and security training to engineers. In such a scenario, you can create groups for each with the corresponding tasks and assign a US-based engineer to all of these groups.

Checklists

A checklist is a collection of tasks that can be assigned to a group. Checklists can be created and edited from the Checklists Page.

 

Task status

What are the types of task status?

  • No tasks: No tasks are assigned to the employee
  • Tasks due soon: The employee has incomplete tasks whose due date is in the future
  • Tasks overdue: The employee has incomplete tasks whose due date has passed
  • Tasks complete: The employee has completed all their tasks

What kinds of tasks are there?

Tasks Employee Lifecycle Description How is this task completed? Corresponding tests
Background check Ongoing Checks whether an employee has a completed background check linked to them in Vanta.
  1. Run a background check on the employee (or prospective employee)
  2. Ensure the background check is linked to the employee in Vanta

Learn more.
Background checks on new hires
Accept policies Ongoing Checks whether an employee has accepted their company policies. The employee must sign into Vanta and accept the policies from the Onboarding Page. For every policy assigned to your employees, there will be a test “Employees agree to [name of policy” that checks whether each employee who is assigned the policy has agreed to it.
Device monitoring Ongoing Checks whether an employee has a computer that is monitored within Vanta.

If using the Vanta Agent: The employee must sign into Vanta and download the Vanta Agent onto their computer. Their computer will then appear on the Computers Page within the next hour.


If using an MDM: The steps here will depend on how your company provisions its MDM onto employee computers. For most customers, this happens before the computer is shipped to the employee.


Learn more.

Employee computers are monitored with the Vanta Agent or an MDM
Security & privacy training Ongoing Checks whether an employee has completed all their security and privacy trainings.

If using Vanta’s built-in trainings: The employee must sign into Vanta and watch the training videos.


If using an external tool (like an LMS or HRIS): The employee must complete the training within that tool and then it will be ported over to Vanta (the tool must first be integrated with Vanta).


Learn more.

For every training assigned to employees, there will be a test, “[Training name] training records tracked” that checks whether each employee who is assigned the training has watched it.
Access removal Offboarding Checks whether a terminated employee has had their access removed from all relevant systems.
  1. For any monitored account: Vanta will automatically detect whether this employee’s account was deactivated. For any accounts not deactivated, go to that tool to deactivate it.
  2. For any unmonitored account: Go to the tool to deactivate the account and then mark it as deactivated in Vanta.

Learn more.
Offboarding completed for ex-employees within SLA
Custom tasks Ongoing and offboarding Checks whether custom tasks have been completed for/by an employee.

If it is a custom task for employees: The employee must sign into Vanta and complete the task based on the instructions. This could include a text submission or file upload (depending on how you configure the task).


If it is a custom task for admins: The admin must mark that the task is completed.


Learn more.

N/a. Custom tasks do not have corresponding tests.

 

Employee notifications

  • Once you assign tasks to your employees, turn on notifications. Once notifications are turned on, Vanta will automatically notify your employees when they have incomplete tasks to complete in Vanta.
  • Turn on notifications by going to your Company Settings and enabling the toggle next to “Employee reminders.” You can choose to notify your employees through email, Slack, or both.