Name: Personnel Management with Vanta
Uploaded: 2026-02-10T18:32:22.593Z
Duration: 55 min 32 s
Description: Personnel Management with Vanta

Transcript for "Personnel Management with Vanta": Hello, everyone, and welcome to Vanta's personnel security training. I am Jaquez, and I will be your facilitator for this training. We're gonna give another minute for those who signed up to get into the training. But in the meantime and let me get my screen right here because something's missing. Alright. Here we go. In the meantime, if you could introduce yourself in the chat, let us know where you're joining us from, and we're gonna get things started momentarily. I'm gonna mute myself in the meantime, but we're gonna give another minute for those who sign up to enter into the training, and we'll get things in motion soon. Okay? Alrighty. Let's go ahead and get things in motion here. Welcome again to those who just entered into the training. I am Jaquez, and I am the program manager for down market education here at Vanta. So you will hear from me a lot when you join our trainings and, you know, just me making sure that you get the most out of the product. Right? That's my goal. I want you to get the most value for your investment here. So we're gonna go through how to manage your team in Vanta, which is again, once you see the process, you're gonna love how simple and easy, we make it for you and automatic as well. Okay? So look forward to that. Now before we do that, let me check the chat here. Let me see who we have joining us. Let's see. We have Carolyn from Dublin, Ireland. Welcome. We have Todd from Pennsylvania. Newbie. Welcome. We have Jay from San Diego, welcome. Heather from South Dakota. I think I see some familiar names here. Welcome back to those I've met. I hope you had a great weekend and time in between. And, again, today, we're gonna definitely go through how to manage those teams in Vanta. Now the other component that we're gonna discuss is also how to perform those assets reviews in Vanta and really manage those different components so that way you can see how to confirm that you're pruning privileges effectively within your organization. Okay? So keep that in mind as well. We're gonna make sure we cover a lot of great ground here to get the most out of Vanta. For those who have worked with me, you know, I enjoy putting in bonuses. So as we go through our training, I'll probably share some some good tips and tricks, some extras that, you know, I just love to give, you know, certain segments like that. Alright, team. But before we actually do that, I have a couple of slides here just so we can kinda break down what to expect. Okay? And the first one is why do we perform access reviews? Okay. So the first is security. We want to ensure that only authorized users access sensitive data, and this is gonna reduce the risk of breaches or unauthorized activity. The second is compliance. So many frameworks such such as SOC twos, those ISO 2,700 and ones, those HIPAAs, they require proof that you're actively controlling and reviewing who has access to critical resources. And then finally, efficiency. So you wanna right size those permissions, and this is gonna prevent any excessive privileges. Okay? So this is gonna make sure that everyone's workflow is smoother while maintaining potential risk. Okay? Now one more slide. Bear with me. Why do we perform or what are those assets reviews? Now these are those regular check ins to evaluate and manage user permissions across various systems, applications, and data. Now by periodically confirming that each team member's assets matches their role, we can prevent accidental overexposure of data, we can keep our environment organized, and we can meet the principle of least privilege. Now we're gonna see exactly how Vanta does that later on in the session. Now let's go ahead and hop into the product, and let's just discuss the main components that we need to have in place in order for us to manage our team in Vanta. So let me go back here. Share my screen. One moment, team. Make sure you can see what I see. There we go. Now let's talk about how to set things up in Vanta. Now the first place we wanna go to is our integration section because the main component here is we need to connect the top I'll say five integration, the fifth one is a bonus, to really power up our Vanta account. Okay? We wanna make sure that we have every element that we need in order to be effective. The first is we want to connect our identity provider. Now if you've attended our Vanta Essentials training, the top four will sound familiar to you because these are integrations that we suggest in those Vanta Essentials trainings to at least power up the basics of your account. Now the reason why this IDP is important is because it brings all your personnel into Vanta. Okay? So you wanna make sure you connect that integration first. Now that second integration that's important is your task tracker. Okay? So once you connect that IDP, and, you know, let me discuss this very quickly too. We connect with a lot of your big name ones, but if you happen to not see the IDP or any software that your organization does not use, definitely select this request an integration button. There we go. It'll take you to a form that you can complete to share with our product team to let them know your interest in that particular software. Okay? And they'll try to do whatever is possible to make it a accessible feature in Vantem. Okay? So you have those options as well. Now once you connect that IDP, the second one we need to connect is your task tracker. Now you're gonna see why this is important once we go through our assets reviews. Okay? So we're gonna select task management here, and we integrate with a lot of your big name task trackers such as Jira, Notion, monday.com, Wrike, Shortcut, etcetera. The reason why this integration is key is because though Vanta has the ability to capture task, we want you to use your current workflow. Okay? So in other words, if your team is already using Jira to manage activities, you wanna make sure you're keeping it consistent. So in this case, what Vanta is going to do is we're going to have you integrate that specific task tracker with Vanta. And for example, in an access review, if you need to have a team member removed from a tool, you're gonna create that task using your task tracker. A link will then be generated within Vanta, and then every action performed on that task will be captured in your task tracker. Okay? So it keeps your normal flow in place. Up next is your HR information system. Now this integration is important because this helps to track your employee start and end dates. Now this is gonna make it easy for that onboarding and onboarding process. Now integrate with a lot of your big name HR information system, which is also short for HRIS. So keep in mind, you do have those options as well. But we integrate with Bamboo HR BOB, which is another big one, Gusto, Humans. And what's that other one? Oh, Rippling, QuickBooks, Sage, HR, TriNet, and Workday. Okay? Oh, I forgot. These also do it as well. You got ADP. Why why is it segmented here? Let me check to make sure. I'm not sure why it was segmented, but you do have these other options as well. So we have a wide array that you can choose from. Now the fourth integration that we suggest is your mobile device manager, aka your MDM. Now this integration is important because it checks your company's devices to confirm that they are compliant. Okay? So it's gonna ensure that they meet the basic security standards like encryption, antivirus requirements, etcetera. Now we do know that some organizations do not have an MDM. We do have a lightweight alternative that you can use, which is called the mobile device I mean, the Vanta device monitor. I'm gonna share that link in the chat here. One rule of thumb that I suggest here is that well, two two strategies here is that if you have under 75 people, the Vanta device monitor is a great option if you don't have an MDM. If you do have over 75 people, highly suggest you invest in the MDM. It's gonna make things 10 times easier for you and your team. And the bonus is that if you have an MDM, have your contractors and service accounts use the Vanta device monitor. That way you free up some room on your MDM and only use it for employees. Okay? That makes it 10 times easier. It gives you more room in your normal resources, and your contractors are still, you know, following protocol without, you know, using your company MDM. Okay? So you do have that option as well. So keep that in mind. That is a great way to kinda balance it out. And then I'm gonna give you a bonus one, and this is your security trainings. So if you're using and let me locate it here. Security trainings. If you're using any of these vendors here, Curricula, Adaptive Security, Awarego, CaniFish, CybeReady, CyberLee, EasyLlama, Elba, Athena, Heca, KnowBe4, and all these other ones. Right? You're able to connect that integration with Vanta. And from that point, you can assign security trainings to your team. Okay? This is extremely proficient because it'll automatically run the process within Vanta without you having to do anything manually. Now if your security program is not listed here or you have a custom security program that was made in house, I will show you how to manually add in the link for that specific one. But just know that the tracking process will be more manual. You would have to go into whatever system you're using for your training program to take note of what items have been completed by who. Okay? So it's it's not gonna be documented as smooth as it would if you were using one of these integrations. However, you will have the ability to still achieve the goal of having your team complete those security trainings. Alright. So now that we have those integrations together to get our, you know, personnel side of things in motion, We're gonna now take a look at how these take effect with our team by looking at the people page. But let me check the chat. Let me see if have any questions here. Alright. Todd said, is breach secure now on the list? Let's check here. Let me just type that in first. Let me remove the category just in case it's someplace else. Yep. So we don't have that specific one here, but we do have breach lock. But definitely locate this request and integration link here or this link here. Fill out that form and let our team know exactly about this specific software. So that way they can see what we can do to make it possible. Great question, though. Great question. Alright, team. Let's take a look at the people side of things. Right? So we're gonna go to personnel. There we go. I was like, oh, where'd it go? And we're gonna go to people first here. Okay? Now the reason why this section is important is because this is where your entire team lives, and this is where we create our automations, which you're going to enjoy this process here. Okay? Now this area here is completely empowered by your IDP and your HRIS system. Okay? So by connecting your IDP, you're telling Vanta, here's my team, here's their roles, etcetera. And from that moment on, Vanta's gonna keep this list current automatically here. Okay? Now every single person that is listed here has a profile. I'm gonna quickly go through the profile, and then I'm gonna show you how to automate some of the items that are included inside of these profiles. Okay? So let me go to this one specific one here. The there we go. Admin. Admin. Now let's start from the top and work our way down because I want you to understand what you see here. So a lot of value on this page in terms of your team in general, and it gives you some good insight on the expectation of what is here when it comes to managing the team in real time. So the first thing that we're gonna see is the name and their email here, and then the status represents their employment status. So are they current or are they terminated are the two options. Job title, if you have the HRIS connected, you'll see their job title there. You can manually add it in if you select the three dots, select edit details. Oh, and, no, it's not. Okay. I you know, I don't have permissions here. My apologies. I don't have permissions in here to do that. But if you do in your end, you'll be able to add in that job title. Start date, you'll see that populate by your HRIS system, but you can manually add that. And if they were marked as terminated, you will see an end date here. Now these groups represents the specific components they've been added to, which we're gonna talk about after we go through this profile because this is how you automate these items below. Okay? I'm gonna show you how to do that very soon. So we're gonna revisit that. Frameworks, it lets you know exactly which frameworks they have access to. The source, this is that MDM. This is where the info is coming from and how is that. And then, of course, the note is where you can add a specific, you know, text about this specific person there. Now let's take a look at these tabs here. The first is your task tab. Now this shows the task status of items they need to complete or have already been completed. Okay? Now what's beautiful is that Vanta keeps a historical account of every single item they complete over time. So this is gonna be great for audit time frames and etcetera. Okay? So you're able to revisit the first task this employee has ever completed. The second tab is that access tab. So remember, we're gonna perform an access review today. So this shows you which tools they have access to, okay, which is very important. Offboarding tab, this is the admin view only, and it only showcases when the employee is marked as terminated. But since this one this one is current, you're not gonna see anything here. But if we were to take a look at this specific employee who is marked terminated, we can find tasks here that have already been completed. Let me select reset off board. Let's see if we can actually get the list here. There we go. And you'll see okay. It did its own thing again. Alright. So you'll see that since this employee is marked as terminated, there would be tasks here if they were incomplete, and you'll be able to complete those tasks and move forward. Let's go back to our current employee. And then we're gonna go to computers tab. This is the devices they have connected to their profile. You're able to find that info there. Now all of this information is located on every single profile. So keep that in mind as you maneuver in Vantum. This info is found on every single individual that you have listed. Now before we move on, I wanna share some features within these three dots. The first is you're able to set an employee on leave. Why is this important? Let's just say that they're on leave during a time period where an audit is about to be performed. You wanna go ahead and mark them on leave so that way their security task and any requirements can be paused during that time frame, which is extremely helpful not just for your audit but also for them because you wanna make sure that they're meeting SLAs. And you don't wanna see a lot of missed SLAs because you have team members who are on leave and they haven't been identified as such. Okay? The second component is that if you select these three dots again, you can change an account from an employee to a service account. So if it happens to, you know, cross over and you realize, oh, this person is not an employee. This is a contractor. We're you know, we have a different setup with them. You can definitely switch that over from an employee to a service account, and then, you know, the category of that account would be segmented from there. Now we spoke about these profiles, but the real power comes in the group settings. Okay? Now I'm gonna teach you these how to really function and use these groups because there's a lot of power when it comes to setting up and using your default group in Vanta. Let me clear this out here because we wanna take a look at the default group first. Now I'm gonna briefly share this process, but then we're gonna manually do the process when we create a specialized group. So just bear with me because I wanna give a quick refresher for those who either it's been a minute since they've went to our Vanta essential training or this is brand new info right out the gate. Okay? Now when it comes to our default group, this is your catch all group, and I want you to look at it as your company wide initiatives. So whenever you add an employee into Vanta, right, they're automatically added to this default group. Automatically. So you wanna treat this group as requirements that every individual in your company must achieve. So if there is company wide policies, trainings, onboarding task, you wanna make sure those are captured here. Okay? So default group, we wanna look at that as company wide initiatives that every employee must meet. Now for those other initiatives that are not company wide that requires more specialized attention, this is where those specialized or, you know, those custom groups come into play. Okay? Now this is where I'm gonna show you the nitty gritty of how to create that. So let's leave this default group. Just remember, again, this is your catch all group, company wide initiatives. Don't put anything in here that you don't want everyone in the company to complete because whatever you add here, everyone is gonna receive an email to get it done. Okay? Now let's just say you have a specific component. Let's just say product team, right, that has a specific level of other items they have to complete. What you wanna do is you wanna go to select add a group and create a group. And let's just do j product oh, there we go. J product team. Okay. Why did I just do that? One moment to you. Alright. And the description is helpful if you want to provide details. Remember, it helps you to have some understanding of just what to expect in terms of, you know, why this group is and what their function is. Okay? Now the point of contact. The reason why this is important, this person should be the person that has a good scope of this specific team. So they're a great point of contact. Alright? They're gonna be some someone who's involved with the entire process. They're familiar with the who, what, when, why, and where they need to get specific info. So I highly suggest that whoever you add here be a person that is very active with this team. Okay? They're they're probably over this specific items of the team. So it could be a manager. It could be an admin in that department, but you wanna make sure this person that is the point of contact is the person that really has the authority to get the info, put things in place that we need to have in place. Okay? I'm just gonna make myself as point of contact just so you can see how this looks, And then we're gonna select create here. Now our group has been created. We have to search for it and we have our new group here. Now this is a bare group. There's no members been added, so it's completely empty. And there's no products that we have in place for this group to be a functionable, actionable group. Okay? So we're in a place where this is bare bones. Now let's just work through some of the caveats here. Let's start with policies. Now the way the policy section work, right, when it comes to any of these specific elements here is that you wanna make sure that you're let me clear this out here. Is that the policies listed here are all the policies that you wanted to have approved in the policy section. Because if you happen to go here, you looking for a specific policy, you know you just saw it in your policy section, but you don't see it here. The reason why you wouldn't find that policy here is if you did not approve the policy on the policy page. So let me show you exactly what I'm talking about. We're gonna revisit this. Let's just say we're looking for the third party risk management policy. Right? I'm gonna type it in so you can see exactly what I'm talking about. So I typed that in. It says we can't find that policy. We wanna go look at our policies here because we know we have it. So what we wanna do is take a look at our list, and we do see there's a third party management policy. But here's why we don't see it. It has not been approved. Okay? And it's not in a position to where we can actually issue it out to our team because we haven't went through the process of approval. Okay? So if you're ever going through and you're noticing a specific policy is not there, but you know for sure that it's in the policy section, that is probably the main culprit as to why you're not seeing that policy listed. So to resolve that, you'll definitely just go through the process. I'm not gonna do it with this one because of the fact that this is a template we're using in another training here. But you wanna go through, assign approvers, submit it, get it approved. And then from that point, when you go back to your group, you're going to find that policy listed. So for this for the sake of this demo, we're just gonna choose some random policies here, and we're gonna add those in. Let me pull up I think I saw some with my name on it here. We'll just do that. Let's just yeah. Let's do some j. So we're gonna do security project management policy, request test, request duplicate, and we'll just add those in. Now remember, you only wanna add in items that are representative of not representative. That's how you know I've been talking about it. That is a reflection of this specific group or this department that is actually a part of who this group is. Okay? You don't want anything that is in your default group. Now we're gonna go to our training section. Now we spoke about this previously. If you have any of those integrations that we shared for the security trainings, you can simply add in those trainings here. You'll you'll matter of fact, you'll already see them listed You'll just choose to turn them on or toggle them on if you have your integration connected. The other caveat that you have is that Vanta has their own trainings as well. I believe those are automatically given to everyone. I may be wrong. I'm not a part of the sales process, but I I think that everyone gets access to the security trainings. But if that's the case, you can use Vanta security trainings. I think this is one right here. Yeah. You have it here. So you can actually add that in if you wanted to as well. And for those who have their own custom trainings, let me show you how to make that possible. You'll select add training and the type of training you wanna choose the best one that makes sense for that specific training here in terms of the segment. So we'll just do let's do AI risk training. And then you're gonna choose custom training. Now from that point, you're gonna add a URL to that specific website for them to take that training. Okay? And you can add in instructions if necessary as well. That's another component that you can also put in there. Now remember, once you add in that manual link here, you're gonna have to go into whatever that software is to manage the completion rate because Vanta won't be able to because we're we're not we're not integrated with that software. Right? So we're not able to document it on our end that this person actually did the thing. Right? So you'll have to go in and manually make sure that they did complete that process, and then from that point, things will be good to go. So keep that in mind. When it comes to that security training process, you wanna make sure that you actually go in and you confirm that those actions have been completed if you're gonna use the custom training option. Now let me just show you what it looks like once you add the thing in here. Let me And now you see it listed there as our custom training. I'm a select save so you can just see we got the two trainings listed, and that's how that will go. Okay? Up next, we have device monitoring. Okay? Now this again, if you are using, again, the default group, which everyone should be, if you're gonna use device monitoring, you should have you should have it activated in that group and not your subgroup, so keep that in mind. But you can have it if you wanted to, but I highly suggest that it's required, excuse me, in your default group and not your subgroups here. Background checks as well, same thing. You know, this is a feature you can use especially if you're onboarding, you know, company employees. You can perform background checks as an onboarding activity. Now these custom onboarding tasks, we're gonna select add here. This can be extremely powerful here. Okay? Because this gives you the ability to create custom tasks that need to be completed, whether it be for the admin or the employee. Okay? Now let me show you what I mean here. We have some examples listed of some tasks created over time here, And you can tell the difference between who is required to complete it based off of these two icons. So you have personnel, which means the team member, the employee has to complete this task. And then the admin means this is something that you have to complete. So maybe the onboarding process consists of you having to grant them permissions to specific software or, you know, activating a badge or something of that nature. Right? You can create those key tasks that you need to complete on this segment here. Now let me show you how this works. We're gonna select create a custom onboarding task here. Now I wanna show you how powerful this specific segment is because you can get as detailed as possible when it comes to creating task. Let me show you what I mean. We're gonna just do something here, something silly. We're gonna say, you know, share a custom Slack message in the team channel. Alright. So that's the task name. We can give even we go even further. Right? Gives strategic instructions here. Share a make sure we'll do it like this. Let's do this. Head to hashtag team channel and share a funny GIF or GIF or Jiffy, however you wanna call it. You can get as granular as possible, more detailed here. And then from this point, you have your assigning. Now remember, admin means this is something you're gonna complete. Personnel is for the team member. We're gonna choose personnel. And here's where you can get even more granular with this task. You can have it to where the employee can upload a file after they complete the task. So maybe we'll say, like, hey. After you upload it, take a screenshot. Take a screenshot. I don't know why I said that other word. And share it here. So now we have a task. We have instructions, and then we have an additional action after they complete the task that they can put that you can put in this one single task requirement. Okay? Now if you need them to provide a text response, so maybe it's like a question. Right? Maybe your task your original task is, you know, I don't know. Let's just say, what's your favorite kind of dog or something like that. Right? And you want them to type up a response, you can choose this option to where they can actually type and submit something to you. Okay? So you do have options to get very robust when it comes to your onboarding task. Just keep in mind that you wanna make sure strategic to what this team needs. Okay? So you wanna make sure that everything listed is valuable for this specific team and for the personnel in general. So keep that component in mind. We're gonna select create here, and we should find it at the bottom of this list. And as you can see, I love using that example a lot. And now we see that we have it listed. Okay? Now you can edit by selecting the three dots or delete it if necessary. And one thing you wanna keep in mind is that your onboarding task list list, it builds up over time. So it continuously to grow as you add more items to it. Okay? So you're able to reuse a lot of these things over and over if necessary. Now let me add an additional task here so you can see the diversity of thought. And there we go. Boom. We're gonna select add, and now we have those tasks listed there. Now the onboarding section has been completed. We have everything we need for this specialized group to activate it in a way that is effective for our for our team, okay, or for this specific department. Now the onboarding task is where you wanna make sure specific items are completely off boarded when that employee is no longer with the organization. Okay? So for example, if there are specific tools in your department that is given to each employee, you wanna make sure that you select these tools from the access removal list to confirm that when this employee leave, we we will we will remove them from this specific tool. Okay? This is gonna be extremely helpful because you wanna make sure that they don't still have access to key things or key data if they're terminated. K? So this is gonna make things 10 times easier for you and your team. I'm just gonna choose some random ones here so you can just see it, but definitely choose the ones that make sense for that department. We're gonna select add here. We have our systems added. And then our onboarding task, this is a admin view only. So these are tasks that you know that you need to complete consistently when an employee is no longer with your organization. Okay? So keep in mind, all of this, when it comes to the onboarding process, is admin related. So you wanna be strategic with it and make sure that the items that you have to complete are items that are consistently needed to be done for this specific segment. Okay? So you may have to actually evaluate because remember, this list will continue to grow over time. So you may need to evaluate, okay, what are the key items I must, you know, complete in order to successfully off board an employee when they leave our department? Alright. One moment, team. Let me take a sip of water real quick. Alright. There we go. Alright. So I'm just gonna add some of these in, and we're just gonna just so we can see how this looks. And then boom. We have the onboarding task added. Okay? Now in essence here, if this was our department that we wanted to build out, it is now complete. We have all of our items added, and we are good to go. Now let me just share some some good strategies here. Before you add team members to your group, you want to complete this process first of going through each section and adding in those key items. The reason why is because once you add team members to that specific group and you do that before you add the items, they're gonna receive an email every time you add something brand new to it. Okay? So as soon as you add something to it well, not let me let me let me clarify that a little bit further here. If you were to go in one by one and select save after you add in, you know, one item after the next, they're gonna receive an email every single time. So it's best to kinda build the group out, add the items in, you know, build it out to be robust with every component that you want to have addressed. And then from that point, add the team members in so that way they'll be notified at one time. Okay? Now when you have added in your items, you can actually preview how it looks or how the team member will see to confirm that you have addressed and captured everything that you want to have in this specific group. So we have our policies here. We have our trainings here, which is the company wide one. I mean, not the company wide one, the Vanta one, and the one that is at a different website here. So that's where they go to the the training in. You can see they can upload the screenshot of that security training. Then we have those different task items. Right? Onboarding task. There's the welcome to the team thing. Here's the one I actually created here where they head to the team channel, share a funny jiffy, then take a screenshot of the message and share it here. You're able to see that info there as well. Okay? Remember that onboarding tab, you're not gonna find that info here because that's an admin view only. Okay? Also, the employee will not be able to see any admin tasks, so you don't have to worry about that being an issue as well. They will only see what has been assigned to them as an employee. Now once you're ready to make this live, you're gonna select save here. Save again. It's just confirming everything. We're gonna hit the miss, dismiss, and then we're gonna go to members. And when you go to members, this is where you add in those team members that you want in this group. And from that point, you're good to go. Okay? And that's how you make that specialized group in Vantam. Now remember, the way Vansome works is you set up you set up the group and it automates everything further. Now feel free quarterly or however, you know, frequent you make updates to your onboarding process. You can go in and make changes to policies, add in different things that are more important that should be addressed, and then from that point, you're good to go. So keep that in mind. There are those specific components that you can have in place that will make things 10 times easier for you and your team. So definitely take the time to review and confirm that your program is still active or functioning this way, at least every quarter at least. I'll I'll say that. Now up next, we're gonna do that access review. But before we do that, let me check the chat here, see if have any questions. Alright. Jay said, will service accounts be managed here or under vendors if here is it best to create a custom roof for service accounts? That's a great question. So when it comes to service accounts, so vendors alright. So let's let's kinda break that down too because that's the other component too because the the the terminology can also get a little bit confusing. The way that we look at vendors is the vendor is separate from that service account. So the service account, in terms of how they function, you can actually add them into specialized groups. You can create a group like how we did previously here, and then you can add them to that specialized group that's just for them. From that point, they'll just be required to fulfill any requirements just for that specialized group, and then they're, you know, they're good to go. They're good to go. So you're able to manage them in this section here, the people section, group section. Now for the vendor side, which this is where, you know, the terminology can get tricky because the vendor is also it's more so, like, either and they're working on this terminology, which is why they changed the VRM side to third party risk management. I think they're gonna start blending the tool together, which, Jay, this is a great question because you're at a a perfect time where we definitely gave some feedback about them trying to make this more clear. Right? But when you look at vendor, they want you to look at it more of a person that your organization is using their tool to do things with. So in other words, you know, Microsoft or ChatGPT, your company's using that tool to do x y z, but your service provider is actually doing something physically for like, they're it's a human that is assigned to your organization that is producing a specific act. So you can, within the people side of things, create a group just for those humans that are active doing things. It sounds weird when I say it. That's why I laughed. It sounds weird because I I'm having to overly expound because I know it it just sounds extremely tricky, and I don't want any of you confused. But service accounts, you wanna think human activity. Vendor, you wanna think tooling. You wanna think software. Okay? So when it comes to your service accounts, definitely manage them on this side of things, create a group just for them, and then you can add in different components there that that makes sense for that specific, you know, service account. So if you got specific policies with them, you know, definitely create a group just for them. If there's some some trainings you want them to go through, that that'll be a great segment to do as well. And, of course, that's really where the background checks become, you know, the most helpful because, again, most of those service accounts are contractors. You may wanna perform periodic background checks, right, to confirm credentials or etcetera. So highly suggest you do it that way, Jay, and then manage your products that your company use in the vendor section. That's gonna make it a smoother process. That's a great question. And I think you had a part b. You said it's best to create customers. I already answered that. You said it makes sense. Vendors use their own tools to execute the services they provide. Contractors are not employees, but use your yep. Exactly. Exactly. That's exactly what it is. Soon we'll have better terminology, though, to make it more clear because we've revamped the third party I mean, the vendor risk management tool to third party risk review, and they're gonna update some verbiage so it's more clear because we definitely wanna make sure it's clear. But great question. Alright, team. Let's take a look at those assets reviews, and we got some good time here. So what I'm gonna do, we're gonna go to personnel and go to assets. And what I'm gonna do is kinda just speak I'm gonna speak through the automated method because that's the a quick method to kinda, you know, put in place. Right? And then we're gonna do a manual one so you can see how that process looks like. Okay? Because I want you I see what it looks like. So that way you can understand just how to segment it effectively. But to access that feature, you wanna go to reviews here. And from this point, you have the option to create either a scheduled review or just a review in real time. The scheduled review easy setup. K? Those are the ones where you're setting up a renewal cadence or a review cadence. It can be quarterly. It can be monthly. It can be annually. And it's like a set it and forget it. Okay? Once you set it up, you'll be reminded via email when it's time for it to be ran. And then from that point, you're able to conduct it in real time. Okay? Now let's just say you had a company restructure or maybe you had department changes. Right? Maybe there's an entire department that was combined with a new department, and there's different tools that need to be adjusted, right, or permissions. This is where creating a actual review in real time comes into play. We're gonna select create review here. Now once you do that, it's gonna take us to the review page where we create the name of the review and we choose our systems. Okay? Now you feel free. You can leave the date if you want to, or you can just name it something particular. Okay? I'm just gonna do j what do we call that team that we created? I think I called it product team. We're gonna do that product review. Just do it like that. Alright. So we got a name right. And then from that point, we wanna choose the tools. Now remember, when you're performing a review in real time, it's because you have specific tools in mind that you wanna check. So we're gonna choose tools that we wanna check to confirm who has access to it. I'm gonna strategically choose some here because there is something I want you to see. Okay. Boom. Alright. We have four tools selected as we can see here. If you happen to select tools and you wanna start all over, definitely select deselect and it will restart the process. We're gonna select create draft review, and we're gonna see a list of our tools here that we selected once it loads up. Perfect. Now we have our data status here. Okay? Four systems. And then we can see those four systems below. Now here's what's great about Vanta. Remember, one of the things that we suggest if you went to our Vanta central training is that you integrate all of your tools with Vanta. And the reason why is because from that point, we can automatically run those security tests in the background. We can confirm who has access to the tool and see if there are certain things that, you know you know, we can we can see things in real time. There's no manual, you know, input or output. But when you don't have those integrations connected, there's some manual work that will be involved. Okay? And we can see this with the Anthropic system here. Now it is not connected to Vanta, and we can tell because it doesn't show synced right here. It shows need access data. We can tell that Bitbucket box and Dropbox, they're synced with Vanta. We got real time updates on here. We know the exact last time it was synced. All this great info. But when it comes to this Anthropic, we have to manually upload or connect the data. We're gonna select the need access data here, and there's two methods that is gonna provide you in order for you to access or provide the data to Vanta. The first is you can upload screenshots of user accounts, okay, which is where you go inside of your system and take screenshots of who have access, and then you can upload those files into Vanta. Or you can choose, and this is a great option too, prepare and upload your own access file. Now what's great is that Vanta will provide you with the template. You'll simply select the download new template. Or if you're using Google Docs, you can actually open up Google Docs in a different tab. And from that point, you'll just complete the template with the information that we need to confirm who has access to that particular tool. Once you have satisfied the requirements of that template, you'll simply upload it. And then once you've added that data in, this will no longer show an error message, but it won't show sync. I think it'll just show, a green check mark and data gathered or something like that. And then from that point, you're good to move forward. Okay? Now do not move forward if you have this error message appearing. Okay? Because it's gonna give you a bad access review. Alright? If you're looking for, you know, assets I mean, not assets, but data from this specific tool and you have this error message, you wanna, you know, provide the info that's necessary there in order for you to make the decision or get the info that you need in order for you to prune those privileges. Okay? So keep that in mind. Now I'm gonna act like I provided that data. It's gonna warn me though. Just watch this process. I hit start review. It warned me and said, hey. This one system, we have no access files. What's going on here? We're gonna act like we did it already. We're gonna hit start review, and the review process has begun. So we're gonna let this load real quick, and then I'm gonna speak on what we see on the next page. There we go. Perfect. So now we're here. We have things running. It has pulled the data that we need. Now we need to go through each tool and confirm that every team member here needs to have access. So we're gonna select Bitbucket and start there first. Alright. What's going on with the load here? Let me refresh my screen. Let's see. There we go. Perfect. Perfect. And when we're at this screen here, we're able to approve, deny, change roles. We're able to go through the entire process of reviewing these specific members who have access to this tool. Okay? Now I'm not gonna actually choose an option here because it'll actually flag some things. I'm in a test environment that everyone use. But let's just say you chose deny. After you do that, this will open up and it's gonna show that you reviewed it, okay, which is great for documentation purposes. And then from that point, you can add an additional note about your decision, which is great for feedback and, you know, context. And you wanna create, depending on your third party task tracker that you're using, whether you're using Jira, Notion, money.com, etcetera, you wanna create a ticket within your note I mean, not note taking, your task tracking software so that way you can connect with whoever owns the permission sides of things when it comes to your tools, and they can manually go in and remove those permissions form from that team member. Now let me show you how Vanta helps you with the task creation process. If you were creating a Jira task, we're just gonna act like we're doing some things here even though I don't have that full permission. I'm just gonna choose some things so I can show you task. You can make it to an assignee, etcetera. Now here it goes. What will happen is Vanta will create the task for you. We'll even provide the text where you don't have to type anything. So we're gonna create a task that says account access update, Bitbucket, Chris Brown in parentheses. And what's the description? What do we need fixed here? Go to Bitbucket systems, access settings, and revoke access for Chris Brown. We're gonna automatically create that for you and add it to that task. Okay? So it it makes it to where you don't have to worry about that process because we're gonna make that easy for you anyway. We're gonna take care of it for you. Once it has been created, you're gonna see a link here to that Jira task, and you're able to reflect on it anytime to confirm the changes that have been made. And from that point, your work continues within your own task tracking software. Okay? Now this process is extremely easy and smooth, and you'll just, you know, repeat repeat that same process through each team member listed within the tools that you're verifying. Okay? Once you're done with this section, you'll hit submit and then it'll take you back to let me go back here. Your other product and you continue that process there. Okay? Once you complete with the entire thing, you'll then select complete and your entire access review process will be done. Okay? Smooth, clean, very efficient process. And remember, it's great because auditors like to see that you're pruning those privileges and you're checking in from time to time to confirm that whoever has access to whatever tool needs to have access to it. Alright. Let me check chat here. I think I saw a question. No. Let's see. Here we go. Jay said, what does the integrated test actually test? Yeah. If you're talking about the integration, so, basically, what's happening in the background is that it's confirming that all functionalities are occurring. So, for example, let me actually open up a section here. Let me go to our integration sections real quick. I'm gonna just pull you up one here. Let's just do this. So here we go. If you go to integrations and you actually pull up the integration, you're gonna see the exact test here. So for example, when you connect this for me, it's gonna check and confirm that the accounts associated with each user is being documented. And then it's gonna also take a look for any deprovisioned accounts. So it's it's running those continuously in the background, and it's gonna flag you to let you know if any of these have been occur event I'm not gonna say that backwards. If any of these have occurred. Okay? Been talking all morning. Y'all forget So keep in mind that this is something that is available in each integration. So if you wanna know specifically which type of test or what kind of function is occurring within a specific integration, definitely head to your integration section. Select view details. And then when the test section loads up, like here we go. Automation. There we go. You're able to see exactly what type of test is gonna be performed. But that's a great question. That's a great question. But it's gonna continuously run that. And Vishal said, what if I only want to review admin users and not the full user group? So that's a great question. When it comes to that though, let me check here because I don't think I mean, you could. Yeah. So what you could do is you could go through and you can segment it by role. Excuse me. One moment, Tim. Let me take a sip of water here. There we go. You can segment it by role, and then from that point, only audit those specific people. You can do that, and then you can just say submit when you're done and not review the other team members. So you could do that. That is one method you could follow as well. You just wanna make sure, though. I think the biggest component is that the actual integration segments the roles. Like, they give some type of identifier to confirm that this person is the admin and etcetera. Okay? Long as it has that, we should be able to pick it up in Vanta, and then you can segment it based off of role. Let's see here. What's the next question, Chase? Is the review, once completed, saved as a reviewable report or evidence for future audit? That is a great question. When it is done, let me take you back here. Go to your assets reviews. Let me see if you can actually download that because that's actually good. Okay. There we go. Yeah. You can. You can export it. You can export it to use it for reporting purposes, and it will definitely be used for auditing time frame. So when you go to that audit and you create it, it's going to there's gonna be a segment where it shows your your reviews from your assets components, and your auditor is able to see, you know, the different reviews that have been performed during that time frame. So, you know, I wanna don't know I don't know if they can actually see I'm thinking out loud. That's why I had that instant word jumble and just come together. I don't think the auditor can actually go, like, heavily in-depth into your assets review. They can see, like, the link to the Jira, etcetera, actions performed, who was pruned. But downloading yeah. They're not able to see, like, a report layout of it. They can just see a listing of it. I think the most they can actually see is really the, you know, the systems based on risk score, which is important for them because they wanna see that if you have a lot of critical or high systems that you're, you know, pruning privileges or checking those pretty often. And then from that point, they're able to, you know, kinda look at things from there. And then the other component too, they're gonna be looking at SLAs more than anything in this area as well because they wanna make sure that, you know, if you have, like, reoccurring assets reviews, like, annually, that you're meeting those SLAs and things like that. That's a great question. That's a great question. Alright. Oh, Michelle, I think you had another question inside your question. Can I create the review activity that way? Yeah. I think well, yeah, just the second the second component of your question, Michelle. Yeah. You'll still have the filter just to achieve that goal. Only because, you know, when it comes to the review process, when it comes to assets in general, auditors are looking for, like, an entire company evaluation. You know, they just wanna make sure that we're evaluating the entire organization because of the fact that, you know, when there's shifts in departments, there's, you know, people that have left. You wanna make sure they don't have access to those specific permissions or, you know, tools, and they just wanna make sure that data is being protected. But you can do roles. Like, you can definitely segment it via roles, and then from that point, keep things together. And I'm sure it'll probably give the, you know, the story that you did that sort of thing once you, you know, once things are showcased towards the end of that assets review. So for example, you know, you segment it based on role, and then from that point, as they're reviewing your data, they're noticing, okay. There's a lot of admins we're looking at that's being reviewed. I'm sure it it'll help to tell the story. And plus, you can add notes in your reviews to provide context to your auditor if they you know, just in case, you know number one, we're not gonna be able to remember everything right. And then number two, just to provide provide context just in case, you know, your audit has a little bit more of that storyline. Alright. Alright, team. Well, this consists of our personnel security review training. Hope you got a lot of great info on this. Like I said, it's a great feature. The the bulk of the work is setting up the automations. After that, easy to manage. You're easy to manage your team, to manage the review process, and to get things in motion in a very quick time frame. Okay? Now if you don't have any questions, thank you so much for attending this session. I hope you got a lot of value out of this. Oh, one thing before you go, please, before you leave. I have a new program that I just released, and my first session is next week. We have finally released the Vanta AI training. Let me give you the link here. I would love to see y'all there. It is going to be awesome. In this training, I am showing you how to use vanta.ai to really get the most out of your program in Vanta. I'm going to take you through all the tips and tricks. I know I've shared, like, you know, little snippets in between some of my other sessions that if you've attended, you've seen it. But in this training, I'm gonna give you the full layout on how to use Vanta AI to manage your entire security program. So I would love for you to sign up. We're gonna be hosting these every two weeks on a Wednesday, if I'm not mistaken. And definitely check out and choose a session that makes sense for you and your time frame. I would love to see you there. It's gonna be a great, great breakdown of how to use that feature. Other than that, if you don't have any other questions, enjoy the rest of your week. I look forward to seeing some of you in our other trainings this week as well. And, yeah, have a great Tuesday, Wednesday for others. No. Thank you. Goodbye, everyone.