Contractors and Consultants
How should we go about adding a person who is a contractor or consultant?
In this specific example, the person does not have any access to our systems or accounts. We have regular meetings with them for expert advice, which would be conducted via tool such as Teams.
Is it necessary to add this person into Vanta?
Comments
2 comments
Hey Connor! I believe you're spot on here, it's probably not necessary to add this person to Vanta given their access level. We always recommend checking with our Auditor or CSM, as they can provide that extra stamp of approval!
If you decide to add them, we recommend adding them to a group with minimal onboarding requirements. This article is a great resource when setting up groups: Creating Groups
I hope this help! Have a great rest of your week🤜💥🤛
Big +1 to Denise! Thanks for the question, Connor! Sometimes it's helpful to think in reverse with access for contractors / consultants. Basically, if a security incident or breach of some kind happened, what is the likelihood it could be traced back to an individual? If no company email, no production access, and no login credentials to medium or high risk vendors, they're likely out of scope for an audit and for best internal security practices. That said, nothing wrong with still manually adding and putting into a "low/no access group" as Denise mentioned.
Hope that's helpful, cheers!
Please sign in to leave a comment.