Policy exceptions
Given that the organization publishes policies via Vanta, it would be nice to have the capability to document policy exceptions in Vanta.
For example, assume that the policy for "Access Controls" mandates MFA and that the organization wants to allow a user to not use MFA.
This will pop up as a finding in the "Check MFA" test and can be snoozed / disabled at the test level. But I argue that it would be very nice to also be able to link this "snoozing" as a policy exception back to the "Access Control" policy.
Comments
2 comments
Hi Dimitrios Stergiou!
Thank you so much for the feedback; I've passed this along to our product team! Please let us know if you have any other suggestions in the comments!
This is an absolutely outstanding request. I only want to add, that the exception could automatically suggest a risk entry for the exception to the risk registry that has to be managed accordingly.
Please sign in to leave a comment.