SOC 2 Onboarding Checklist
Scroll to the bottom of this page for a PDF of this checklist!
1. Complete Company Information
- Fill out Company info applicable to your organization.
2. Add Administrator
- Add your Admins.
3. Add Connections
- Connections are how Vanta pulls data and scans your systems for any gaps applicable to SOC 2 controls. If you do not have admin privileges for key systems that need integration, add those Admins to the Users page.
Tip: Connect your identity provider first; this will populate your user lists in Vanta.
1. Create Policies and SLAs
These make up the framework your company will follow and your auditors will use to ensure you are SOC 2-compliant.
- Use our SOC 2-compliant policy templates to create your Policies.
Note: If you're only pursuing the Security Trust Category, do not complete the Business Continuity Disaster Recovery Plan. The Physical Security policy is not required if there's no physical office.
- Set up your company’s SLAs in line with your company’s workflow.
2. Set Up Employee Onboarding
Employees need to be aware of their roles and responsibilities at your company and become familiar with security best practices.
- Determine if you'd like to do your security awareness training through Vanta. If you do, you can use the training video created by our partner, LivingSecurity. Alternatively, you can add the URL to the training you already use.
- Determine your “Background check monitoring start date.”
Note: This is important if you have employees you do not want to background check now.
3. Monitor Computers
- Determine if you’ll be using the Vanta Agent. This lightweight tool runs on your employees’ laptops to ensure they’re using a password manager, hard disk encryption, and anti-virus software.
If you’re using an MDM tool:
- We fully integrate with Jamf Pro, Kandji, InTune, and Microsoft Endpoint Manager. Link this in Connections, and we pull in information to show that employee computers are protected.
- If Vanta doesn’t fully integrate with your MDM solution, use the script we’ve created to easily deploy the Vanta Agent on employee laptops.