Step-by-step guide for Employee onboarding
This guide will walk you through how to set up the security tasks that you want your employees (end-users) to follow and complete in Vanta. We recommend having your policy stack in place before following the steps below (Policies are fully uploaded, approved, and ready for employees to read/accept).
Configure your Groups
The goal is to easily identify/organize your employees based on either department, job functions, or "level of access"
*Pro tip - depending on the size of your company or how many employees you have, its typically best practice to keep your number of groups to under 5, so it's streamlined + easier to manage. If you ever need to expand your number of groups, its easier to add those in the future, as needed.
Configure & customize your Checklists settings
- Checklists are where you assign a “checklist of security tasks” to your designated Groups that you’ve just set up
- You can create a specific checklist for people that don't touch any sensitive data (such as customer data, production environment, HR/employee data, or ePHI) and scope down their required policies & security tasks
- You can always use the same checklist for multiple groups
- Feel free to preview the employee onboarding workflow (app.vanta.com/onboarding)
*Pro tip - if you're unsure what security tasks should be required for your groups, its a Security Best Practice to treat them as a FTE and hold them to the same standard. That way you're covering all your bases as a company, and ensuring the best security posture
Send out an internal communication
- Leverage Vanta's provided templates to give your employees more context on what to expect
- The templates will have a precursor into what you're doing as a company to be secure & compliant, a brief intro to Vanta, and company-wide action items
- We recommend sending this out as a company-wide email & in your Slack's #general channel
- Also important to assign a deadline that way you can follow up with specific teams/people managers
Provide more info/context on the Vanta Agent - (Optional)
- If your company is on a BYOD policy - its typically helpful to give your employees more reassurance about installing/running the Vanta Agent on their machines
- The Vanta Agent is an extremely lightweight app, that doesn't hinder computer performance. It also has limited read-only capabilities, designed to prove the computer is secure.
- The agent does not read sensitive information like passwords, emails, or browsing history
Additional resources: Overview of the Vanta Agent, In-depth article outlining what information the Agent queries
Enable automated employee reminders on the Settings page
- Vanta will automatically send out e-mail reminders to your employees for their required security tasks - and you can set this to "weekly" or "daily"
- We recommend using "weekly" at first, then switching to "daily" reminders as the deadline approaches
- There is also a Vanta<>Slack integration that you can leverage for reminders, also found on the Settings page