1. Vanta
  2. FAQs & Troubleshooting
  3. Frequently Asked Questions

Frequently Asked Questions

Frequently Asked Questions: Scoping

  • Updated

 

What is Scoping? 

  • Scoping determine's what application accounts, user accounts, and monitored devices are part of the company. These connections can be made automatically through integrations or manual linking made by a process owner within the Access page

 

Why do we use Scoping? 

  • Scoping allows us to determine what set of controls and policies an item may be checked against. When certain services or individuals are brought on, they may have different expectations of how they engage with the business. We want to reflect on how tests and other checks run against them within Vanta. 

blob

 

When to manually link accounts? 

  • Sometimes these accounts haven't integrated with the platform to perform these actions automatically and require manual linking. The process can require multiple steps depending on the lack of information for the desired user to link to. 
  • Suppose the user doesn't exist from either being populated by an IDP or HRIS integration. In that case, it may require manually creating the person within the Access page and creating a new person on the People's page.

 

 

Screen_Shot_2022-09-12_at_3.25.57_PM.png

 

 

What happens when you assign an account to an external person? 

  • External Person: Various companies could apply different controls to persons and external persons. For example, an Employee must complete security awareness training, and an external person doesn't. 

 

 

 

What happens when you mark an employee as "Not a Person"? 

  • When an account on the People page is marked as Not a Person, Vanta will not check for email configuration, monitored accounts, application access, onboarding tasks, and computers associated with that user. This will also include these profiles being checked against any tests for the resources mentioned.

mceclip3.png

A User Marked as a Person.

 

mceclip0.png

  • Prompt for when setting an employee as Not a Person.

 

mceclip2.png

 

 

What accounts you'd want to mark as "Not a Person"? 

  • A Vanta-created user is now a duplicate after the connection of an integration. 
  • A company that's computers are used by multiple users but have on shared account. 
  • A company that is using a group mail account. 

If there's any uncertainty about when you'd want to mark as Not a Person, please reach out to Vanta support for advisement.

 
 
 
 
 
 
 

Was this article helpful?

Have more questions? Submit a request