Need tips for marking policies and documents as confidential

Julia Wester Conversation starter

In my ISO 27001 audit, the auditor had the following finding:

Reviewed 05-isms-procedure-for-the-control-of-documented-information and policies management by Vanta. It was observed that documents don't have the labeling when exported from the portal based on the classification policy. Hence, this is considered an Opportunity for Improvement.

---

I am sure that I can do ensure this happens by creating my own PDFs and ensuring the footer is on before I upload them. But, that's a lot of hassle and it seems like some future functionality could easily handle that within Vanta. I am hoping others can tell me what tips and tricks they do to make this happen. 

In confluence, where I was planning to store our files and sync them to Vanta, I have updated the space to have a confidential footer on every page and on all PDF exports. But, that's not pulled into Vanta with the sync functionality.

In the policy editor in Vanta, is there a way to have a footer like this on all pages?

-- 

Also, I have the trust report and, while I can do a watermark on the doc and have people sign an NDA, it doesn't seem like there's any way to note which docs are confidential (on every page like the watermark).

curious how others have solved this problem? I have reached out to support and they are checking but are unsure of any features that help with this at present.

Comments

2 comments

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter

    Hello Julia!

    We had a little trouble with flagging posts, so I apologize for the delayed response. I've alerted the team to your question, and you'll see some responses rolling in shortly.

    Thanks so much for being a member of the Vanta community, and we look forward to continuing to build the community with you!

    0
  • Comment author
    Emmett Jones Community Moderator Vanta Team Member Conversation starter

    Hey this is a great question / flag for our team, thanks for brining it to us!  Often, areas for improvement in ISO can be very specific to auditor used, so the answers here / suggestions may not apply to all customers, but we definitely want to help you make this smoother in the future with regards to the classification labeling.  I'm going to proactively connect you to your CSM to walk through some options and get more context, if that's alright.  Thanks, again!

    1

Please sign in to leave a comment.