One custom policy fulfils multiple SOC2 policy requirements
I have a single, custom policy that fulfils both the "Information Security Policy" and the "Information Security Roles and Responsibilities" policy items in the policy list in Vanta's Policy page. How do I handle this situation since I don't want to split the policy up in two? Do I upload it twice to fulfil both requirements? Or is there a way to remove the "Information Security Roles and Responsibilities" policy from the list and provide justification that it's captured under the uploaded "Information Security Policy"?
Comments
1 comment
Hi Kevin!
Sorry for the delay in response here. I've opened a ticket with our team - they'll be able to walk you through this process more effectively with a bit more context into what you're looking to achieve!
Please sign in to leave a comment.