A task is a single security requirement for personnel in your company that must be completed to adhere to security controls. Tasks can serve different purposes, such as ensuring personnel have completed background checks, accepted policies, or have installed a device monitoring tool onto their computer.
Task Types
-
Ongoing tasks
- Ongoing tasks are assigned to current personnel. They include both onboarding tasks (tasks that must be completed when someone joins your company) and recurring tasks (for example, re-accepting company policies annually).
-
Offboarding tasks
- Offboarding tasks are tasks assigned to former personnel. An admin must complete these tasks for personnel who leave the company (for example, ensuring their access is removed from company systems).
Tasks
Some tasks need to be completed by your personnel, and some need to be completed by admins on behalf of personnel
-
Personnel tasks
- Personnel tasks are those that your personnel need to complete. Usually, these tasks are ones that they can complete within Vanta. When a person in your company has functions that can be completed in Vanta, they can sign in and access the Onboarding Page, which will walk them through completing their tasks. If you turn on personnel notifications, your personell will automatically be sent reminders when they have tasks to complete within Vanta.
-
Admin tasks
- Admin tasks are those that admins must complete. Depending on the task, they can include running a background check or downloading an MDM onto a person's computer.
Assigning tasks to people
Tasks are assigned to personnel through groups and checklists. To assign a task, you should:
- Add that person to a group or find one of their existing groups
- Edit that group’s checklist to include the new task (or create a new checklist for the group)
Task Due Dates / SLAs
- Task due dates are calculated based on the SLAs configured for your account.
-
When a new task is assigned, the due date will be X days after the task is assigned, as set in the SLAs
- If a task is assigned at 10:00 am on 03/01/2025, and the SLA is 20 days, the person will need to complete the task by 03/21/2025 at 10:00 am.
- Task due dates are read from the tests mapped to each task. When a task is assigned, its due date will be populated once the corresponding test runs
Groups
A group is a grouping of people based on common security tasks within Vanta. All groups can be viewed and edited on the Groups Page.
-
Default group
- All Vanta accounts are automatically created with a default group. All personnel are defaulted to this group, although they can be moved out.
-
Creating additional groups
-
You can manually create additional groups from the Groups Page:
- Select Create new group
- Fill out the information about the group
- Once the group is created, you can add personnel to it by clicking on the menu icon and Edit people in the group
-
You can manually create additional groups from the Groups Page:
Importing groups from an IdP
- You can import groups from your IdP to use in Vanta. Vanta will also reflect when personnel are added to or removed from these groups in your IdP. Vanta recommends IdP groups for customers with over 100 personnel who need additional groups, as they automate group management.
To import an IdP group:
- Make sure your IdP is integrated
- Click Import groups on the Groups Page
- Select the group you want to import
- Select the checklist to assign to this group
Personnel in multiple groups
- You can add a single person to multiple groups. When a person is in various groups, their tasks are the union of the tasks assigned to each group (through that group’s checklist). This option is useful for customers who assign tasks to different personnel groups that can overlap. For example, you might want to assign policy acceptances to all personnel, background checks to US-based personnel, and security training to engineers. In such a scenario, you can create groups for each with the corresponding tasks and assign a US-based engineer to all of these groups.
Checklists
A checklist is a collection of tasks that can be assigned to a group. Checklists can be created and edited from the Checklists Page.
Task status
What are the types of task status?
- No tasks: No tasks are assigned to the person
- Tasks due soon: The person has incomplete tasks whose due date is in the future
- Tasks overdue: The person has incomplete tasks whose due date has passed
- Tasks complete: The person has completed all their tasks
What kinds of tasks are there?
Tasks | Personnel Lifecycle | Description | How is this task completed? | Corresponding tests |
Background check | Ongoing | Checks whether a person has a completed background check linked to them in Vanta. |
Learn more. |
Background checks on new hires |
Accept policies | Ongoing | Checks whether personnel has accepted their company policies. | Personnel must sign into Vanta and accept the policies on the onboarding page. | For every policy assigned to your personnel, there will be a test, “Personnel agree to [name of policy,” that checks whether each person assigned the policy has agreed to it. |
Device monitoring | Ongoing | Check whether personnel has a computer that is monitored within Vanta. |
If using the Vanta Agent: Personnel must sign into Vanta and download the Vanta Agent onto their computer. Their computer will then appear on the Computers Page within the next hour. If using an MDM: The steps here will depend on how your company provisions its MDM onto personnal computers. For most customers, this happens before the computer is shipped to the person. |
Personnel computers are monitored with the Vanta Agent or an MDM |
Security & privacy training | Ongoing | Check whether personnel have completed all their security and privacy training. |
If using Vanta’s built-in training, The person must sign into Vanta and watch the training videos. If using an external tool (like an LMS or HRIS), personnel must complete the training within that tool, which will then be ported over to Vanta (the tool must first be integrated with Vanta). |
For every training assigned to personnel, there will be a test, “[Training name] training records tracked,” that checks whether each person has watched it. |
Access removal | Offboarding | Checks whether a terminated person has had their access removed from all relevant systems. |
Learn more. |
Offboarding completed former personnel within SLA |
Custom tasks | Ongoing and offboarding | Checks whether custom tasks have been completed |
If it is a custom task for personnel: The person must sign into Vanta and complete the task based on the instructions. This could include a text submission or file upload (depending on how you configure the task). If it is a custom task for admins, The admin must mark it as completed. |
N/a. Custom tasks do not have corresponding tests. |
Personnel notifications
- Once you assign tasks to your personnel, turn on notifications. Once notifications are turned on, Vanta will automatically notify your personnel when they have incomplete tasks to complete in Vanta.
- Turn on notifications by going to your Company Settings and enabling the toggle next to “Personnel reminders.” You can notify your personnel through email, Slack, or both.
Personnel can view their completed and pending tasks on the Onboarding page.