Policy exceptions

Given that the organization publishes policies via Vanta, it would be nice to have the capability to document policy exceptions in Vanta.

For example, assume that the policy for "Access Controls" mandates MFA and that the organization wants to allow a user to not use MFA.

This will pop up as a finding in the "Check MFA" test and can be snoozed / disabled at the test level. But I argue that it would be very nice to also be able to link this "snoozing" as a policy exception back to the "Access Control" policy.

Comments

2 comments

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter

    Hi Dimitrios Stergiou!

    Thank you so much for the feedback; I've passed this along to our product team! Please let us know if you have any other suggestions in the comments! 

    0
  • Comment author
    Michael Jackson

    This is an absolutely outstanding request. I only want to add, that the exception could automatically suggest a risk entry for the exception to the risk registry that has to be managed accordingly.

    3

Please sign in to leave a comment.