One custom policy fulfils multiple SOC2 policy requirements

Kevin Lageweg Conversation starter

I have a single, custom policy that fulfils both the "Information Security Policy" and the "Information Security Roles and Responsibilities" policy items in the policy list in Vanta's Policy page. How do I handle this situation since I don't want to split the policy up in two? Do I upload it twice to fulfil both requirements? Or is there a way to remove the "Information Security Roles and Responsibilities" policy from the list and provide justification that it's captured under the uploaded "Information Security Policy"?


1 comment

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter

    Hi Kevin! 

    Sorry for the delay in response here. I've opened a ticket with our team - they'll be able to walk you through this process more effectively with a bit more context into what you're looking to achieve!


Please sign in to leave a comment.