ISO 27001 Onboarding Checklist

Scroll to the bottom of this page for a PDF of this checklist!

Activate Vanta:

1. Complete Company Information

2. Add Administrator

3. Add Connections

  • Connections are how Vanta pulls data and scans your systems for any gaps applicable to ISO 27001 controls. If you do not have admin privileges for critical systems that need integration, add those Admins to the Users page.

Tip: Connect your identity provider first; this will populate your user lists in Vanta.

Set Controls:

1. Create Policies and SLAs

These comprise the framework your company will follow, and your auditors will use to ensure you are ISO 27001-compliant. 

  • Use our ISO 27001-compliant policy templates to create your Policies.

  • Set up your company's SLAs in line with your company's workflow.

 

2. Set Up Employee Onboarding

Employees need to be aware of their roles and responsibilities at your company and become familiar with security best practices.

  • Determine if you'd like to do your security awareness training through Vanta. If you do, you can use the training video created by our partner, LivingSecurity. Alternatively, you can add the URL to the training you already use.

  • Determine your Background check monitoring start date.

Note: This is important if you have employees you do not want to background check now.

 

3. Monitor Computers

  • Determine if you'll be using the Vanta Agent. This lightweight tool runs on your employees' laptops to ensure they use a password manager, hard disk encryption, and anti-virus software.

If you're using an MDM tool:

  • We fully integrate with Jamf Pro, Kandji, InTune, and Microsoft Endpoint Manager. Link this in Connections, and we pull in information to show that employee computers are protected. 

  • If Vanta doesn't fully integrate with your MDM solution, use the script we've created to deploy the Vanta Agent on employee laptops quickly