Personnel Tasks

  • Updated

Tasks 

Tasks are how you track completed security requirements for your organization's personnel in Vanta. Tasks can serve different purposes, such as ensuring personnel complete background checks, accept policies, or install a device monitoring tool onto their computer.

 

 

Task Types 

Onboarding and recurring tasks

  • Onboarding and recurring tasks are assigned to current personnel. They include onboarding tasks (which must be completed when someone joins your company) and recurring tasks (which must be completed on an ongoing basis, for example, watching a security training video annually).

Offboarding tasks

  • Offboarding tasks are tasks assigned to former personnel. These tasks need to be completed by an admin for personnel who left the company (for example, ensuring their access is removed from company systems).

Task due dates (SLAs)

Task due dates are calculated based on the SLAs configured for your account. When a new task is assigned, the due date will be X days after the task is assigned, as set in the SLAs. Task due dates are read from the tests that correspond to each task. When a task is assigned, its due date will be populated once the corresponding test runs.

Groups

A group is a grouping of personnel within Vanta. All groups can be viewed and edited on the Groups Page. For tasks to be assigned to personnel, they must belong to a group.

Default group

  • All Vanta accounts are automatically added to the default group, which includes all personnel, although they can be moved out.

Creating groups

You can manually create additional groups from the Groups Page:

  1. Select Add group and Create a group.
  2. Fill out the information about the group.
  3. Once the group is created, you can add people to it directly from the group’s page or the People's Page.

 

Importing groups from your IdP 

You can import groups from your IdP to use in Vanta. When personnel are added or removed from these groups in your IdP, this will also be reflected in Vanta. Vanta recommends IdP groups for customers with over 100 personnel who need additional groups, as it automates group management.

To import an IdP group:

  1. Make sure your IdP is integrated
  2. On the Groups Page, click Add group and then Add from [your IdP]
  3. Select the group(s) you want to import

People in multiple groups

  • You can add a single person to multiple groups. When a person belongs to multiple groups, their tasks are the union of the tasks assigned to each group (through that group’s checklist).
  • This option is helpful for customers who need to assign tasks to different groups of personnel that can overlap.
    • For example, policy acceptances should be assigned to all personnel, background checks should be done on US-based personnel, and security training should be provided to engineers. In such a scenario, you can create groups for each with the corresponding tasks and assign a US-based engineer to all of these groups.

Assigning Tasks 

Assigning tasks to a group

Once a group is created, you can click into the group and assign tasks to the group directly from its page. Any tasks assigned to the group will be assigned to everyone in that group.

Task status

Each person in your organization has a task status, which indicates whether they have incomplete tasks. All your personnel must complete their tasks so that your company is compliant.

What are the types of task status?

  • “No tasks”: No tasks are assigned to the person
  • “Tasks due soon”: The person has incomplete tasks whose due date is in the future
  • “Tasks overdue”: The person has incomplete tasks whose due date has passed
  • “Tasks complete”: The person has completed all their tasks

What kinds of tasks are there?

Tasks Personnel Lifecycle Description How is this task completed? Corresponding tests
Background check Ongoing Checks whether a person has a completed background check linked to them in Vanta.
  1. Run a background check on the person (or prospective personnel)
  2. Ensure the background check is linked to the person in Vanta
Background checks on new hires
Accept policies Ongoing Check whether a person has accepted their company policies. The person must sign into Vanta and accept the policies on the onboarding page. For every policy assigned to your personnel, a test, “Personnel agree to [name of policy],” will check whether each person has agreed to it.
Device monitoring Ongoing Check whether a person has a computer that is monitored within Vanta.

If using the Vanta Agent: The person must sign into Vanta and download the Vanta Agent onto their computer. Their computer will then appear on the Computers Page within the next hour.


If using an MDM: The steps here will depend on how your company provisions its MDM onto personnel computers. For most customers, this happens before the computer is shipped to the person.


Learn more.

Personnel computers are monitored with the Vanta Agent or an MDM
Security & privacy training Ongoing Checks whether a person has completed all their security and privacy training.

If using Vanta’s built-in training, The person must sign into Vanta and watch the training videos.


If using an external tool (like an LMS or HRIS), the person must complete the training within that tool, which will then be ported over to Vanta (the tool must first be integrated with Vanta).

Learn more.

For every training assigned to personnel, there will be a test, “[Training name] training records tracked,” that checks whether each person assigned the training has watched it.
Access removal Offboarding Checks whether a terminated person has had their access removed from all relevant systems.
  1. For any monitored account: Vanta will automatically detect whether this person’s account was deactivated. For any accounts not deactivated, go to that tool to deactivate it.
  2. For any unmonitored account: Go to the tool to deactivate it and then mark it as deactivated in Vanta.
Learn more.
Offboarding completed for ex-personnel within SLA
Custom tasks Ongoing and offboarding Checks whether custom tasks have been completed for/by a person.

If it is a custom task for personnel: The person must sign into Vanta and complete the task based on the instructions. This could include a text submission or file upload (depending on how you configure the task).

If it is a custom task for admins: The admin must mark the task is completed.

Learn more.

N/a. Custom tasks do not have corresponding tests.

Personnel notifications

Once you assign tasks to your personnel, turn on notifications. Once notifications are turned on, Vanta will automatically notify your personnel when they have incomplete tasks to complete in Vanta. 

Turn on notifications by going to your Company Settings and enabling the toggle next to “Personnel reminders.” You can choose to notify your personnel through email, Slack, or both.

 

Set up your first personnel tasks program

If you’re unsure what tasks to assign to your personnel, we recommend keeping it simple. You can do this by keeping all your personnel in the Default group and assigning Vanta's recommended tasks to this group.

Please Note: This advice is geared towards a company pursuing compliance for the first time and doesn’t have its own personnel onboarding and offboarding tools such as an MDM, LMS, or background check tool.

  1. Go to the Groups Page and click on the Default group.
  2. Assign the below tasks to the Default group. These are the tasks most commonly assigned by customers to their personnel to be compliant. Once assigned, these tasks will need to be completed by everyone in your company (assuming you haven’t removed anyone from the Default group). Vanta makes it easy to assign these tasks to your Default group - just click Add recommended tasks at the banner on the top of the page (note: this banner only appears if the group has no tasks).
    • Policy acceptances: Assign all your company’s policies. Typically, auditors want to see that your personnel accepted all company policies, although this can vary.
    • Security & privacy trainings: Assign all the available trainings in your account, since Vanta automatically makes available all the trainings you need for the frameworks you’re pursuing. We recommend leveraging Vanta’s built-in training videos, which are comprehensive and your personnel can watch in Vanta.
    • Device monitoring: Assign this task with the requirement that personnel install the Vanta Agent. The Vanta Agent is a lightweight device monitoring tool that Vanta offers for free, and it is a quick way to ensure your personnel meet this requirement. If you already have an MDM, you can connect it to Vanta and toggle the Agent requirement off. Learn more.
    • Background checks: Assign this task to your personnel with an effective date starting today, which means only personnel who join your company in the future will need a background check. Typically, auditors want to see that you run background checks on your personnel going forward, but you don’t need to run background checks retroactively on existing personnel. You can run background checks directly within Vanta.
  3. Preview what your personnel will see: In the menu bar at the top-right, click Preview tasks, and you will be able to see what will be displayed to your personnel when they log into Vanta to complete tasks.
  4. Turn on personnel notifications: Once you finish assigning tasks to your personnel, turn on personnel notifications. Once you do, Vanta will notify your personnel via email or Slack that they have incomplete tasks.