Frequently Asked Questions: Scoping

Scoping determines what application accounts, user accounts, and monitored devices are part of the company. These connections can be made automatically through integrations or manual linking made by a process owner within the Access page.

Scoping allows us to determine what controls and policies an item may be checked against. When certain services or individuals are brought on, they may have different expectations of how they engage with the business. We want to reflect on how tests and other checks run against them within Vanta.

Sometimes, these accounts haven't integrated with the platform to perform these actions automatically and require manual linking. The process can require multiple steps depending on the lack of information for the desired user to link to.

If the user doesn't exist because an IDP or HRIS integration populates it. In that case, it may require manually creating the person within the Access page and creating a new person on the People's page

External Person: Various companies could apply different controls to persons and external persons. For example, an Employee must complete security awareness training, and an external person doesn't.

When an account on the People page is marked as a Service account, Vanta will not check for email configuration, monitored accounts, application access, onboarding tasks, and computers associated with that user. This will also include checking these profiles against any tests for the resources mentioned.

A Vanta-created user is now a duplicate after an integration connection.

A company whose computers are used by multiple users but have one shared account.

A company that is using a group mail account.