Skip to main content

Vanta Security & Privacy Training

S
Written by Shannon DeLange
Updated this week

Vanta Security and Privacy Training

Vanta offers its own security and privacy training modules for Security Awareness (required for SOC 2, ISO 27001, NIST, and more), HIPAA, GDPR, CCPA/CPRA, and PCI DSS—all developed by our in-house team of security, privacy, and compliance experts to help ensure your employees learn about essential and required principles for each framework.

Maintaining compliance with different standards and frameworks requires regular training to ensure employees are trained on best practices related to their roles, such as security and privacy. In addition, providing high-quality and memorable training helps ensure your company nurtures a strong culture of security and privacy.

Vanta’s security and privacy training library is housed directly within the Vanta platform—which means your employees can view and complete any required videos without leaving the Vanta onboarding page. Depending on the security and privacy framework(s) required, employees will see the required content on their onboarding page. Once watched in their entirety and submitted, any required onboarding tasks will automatically be marked as complete.

What are my options for security & privacy training?

Vanta offers security and privacy training videos developed by our in-house security, privacy, and compliance experts. These videos are automatically mapped to your Vanta account's appropriate compliance and security controls based on the frameworks you have enabled. Our videos are housed within the Vanta platform, so your employees can view and complete the videos without leaving the Vanta onboarding page. Learn more about Vanta’s built-in training library.

Topics covered

HIPAA

  • HIPAA Overview

  • Key HIPAA definitions

    • Covered entities and business associates

    • Business Associate Agreement

  • Personally Identifiable Information (PII)

  • Protected Health Information (PHI)

  • HIPAA Patient Rights

  • HIPAA Privacy Rule

  • Threats to patient data

  • Securing patient data and sensitive information

    • How to protect PII and PHI

    • Verification and confirming authorization

    • Security best practices

    • Removable media

    • Data handling policies

  • Reporting potential incidents

  • HIPAA violations and consequences

GDPR

  • GDPR Overview

  • Key GDPR definitions

    • Data controllers

    • Processors

    • Data subjects

  • Personal data

  • Special categories of personal information

  • Data Protection Impact Assessments

  • Privacy by Design

  • Key principles of GDPR

    • Lawfulness, fairness, and transparency

    • Purpose limitation

    • Data minimization

    • Accuracy

    • Storage limitation

    • Integrity and confidentiality

    • Accountability

  • Records of Processing Activity (ROPA)

  • Criteria for processing personal information

    • Consent

    • Protect vital interests

    • Legitimate interest

  • GDPR data rights for individuals

    • Right to be informed

    • Right of access

    • Right to rectification

    • Right to erasure

    • Right to restrict processing

    • Right to data portability

    • Right to object

    • Right to object to automated processing

  • Data Subject Access Request

    • Regulated response time

    • Verification of requests

  • Data Protection Officer (DPO)

  • GDPR reporting requirements and fines

CCPA/CPRA

  • CCPA and CPRA Overview

  • CPRA applicability

  • Personally Identifiable Information PII)

  • Sensitive Personal Information (SPI)

  • Consumers

  • Consumer privacy rights

    • Right to know

    • Right to delete personal information

    • Right to opt out of sale or sharing of personal information

    • Right to non-discrimination

  • Privacy policy requirements

  • Consent preferences

    • Opt out of the sale of consumer data

    • Global opt-out mechanism

    • Do not sell my personal information

    • Do not share my personal information

    • Opt-out for minors between 13-16 years old

    • Consent from parent or guardian for children

  • Receiving and reviewing CPRA requests

    • Requirements

    • Response time

    • Verification procedures

    • Fraudulent requests

    • Requirements and reasonable security

  • Maintaining CPRA compliance records

PCI DSS

  • PCI DSS overview

  • Key PCI definitions

  • Cardholder data

  • Data breaches and financial motivation

  • Principles for safeguarding cardholder data

    • Protecting your online accounts

    • Passwords and passphrases

    • Password managers

    • Entering credit card numbers

    • Secure disposal

    • Safeguarding payment devices

    • Tamper checks

    • Protecting payment information

    • Confidentiality

    • Office security best practices

  • PCI DSS compliance requirements and violations

  • Reporting potential incidents

→Learn more about Vanta’s Security Awareness Training

Setting up Security and Privacy Training

  • Go to Personnel, followed by Groups, and select the three dots next to +Add Group and then Manage task set

  • Open the task set you would like to enable training for, and select Training

  • Toggle the option to On and select Apply changes

  • Save Task set

  • From the Access page, you can email reminders to your employees to complete training and other security tasks.

  • Click the Owner Name

  • Select Tasks and then Remind

Screenshot 2025-03-25 at 10.18.55 AM.png

How do I leverage my LMS with Vanta?

Related Articles
Vanta PCI DSS Training
Vanta CCPA & CPRA Training
Vanta GDPR Training
Vanta HIPAA Training
Tracking Security Trainings Provided by a Third-party