SOC 2 Onboarding Checklist

Scroll to the bottom of this page for a PDF of this checklist!

Activate Vanta:

1. Complete Company Information

2. Add Administrator

3. Add Connections

  • Connections are how Vanta pulls data and scans your systems for any gaps applicable to SOC 2  controls. If you do not have admin privileges for key systems that need integration, add those Admins to the Users page. 

Tip: Connect your identity provider first; this will populate your user lists in Vanta.

 

Set Controls:

1. Create Policies and SLAs

These make up the framework your company will follow and your auditors will use to ensure you are SOC 2-compliant.

  • Use our SOC 2-compliant policy templates to create your Policies.

Note: If you're only pursuing the Security Trust Category, do not complete the Business Continuity Disaster Recovery Plan. The Physical Security policy is not required if there's no physical office.

  • Set up your company’s SLAs in line with your company’s workflow.

2. Set Up Employee Onboarding

Employees need to be aware of their roles and responsibilities at your company and become familiar with security best practices.

  • Determine if you'd like to do your security awareness training through Vanta. If you do, you can use the training video created by our partner, LivingSecurity. Alternatively, you can add the URL to the training you already use.

  • Determine your “Background check monitoring start date.”

Note: This is important if you have employees you do not want to background check now.

3. Monitor Computers

  • Determine if you’ll be using the Vanta Agent. This lightweight tool runs on your employees’ laptops to ensure they’re using a password manager, hard disk encryption, and anti-virus software.

If you’re using an MDM tool: