For more information about plan types and capabilities, see Vanta's pricing page
With Vanta, access reviews are fast, automated, and simplified. Vanta automatically pulls system access through pre-established integrations. Vanta users can also upload access files directly into Vanta to consolidate account access data across dozens of systems.
Establishing Access Review Settings
From the left-hand navigation panel, select Access
Select Settings from the Access menu
Establish the following settings:
Admin Point of Contact: Who will be primarily responsible for reviews?
Recurrence: How often should your company be completing access reviews?
Due Date: Once a review has been started, how many days are you allowing for completion?
Reminders: When will notifications be sent to remind users before reviews start or are due?
External Notifications: This takes you to the notifications page to configure who should receive notifications for access reviews.
Starting an Access Review
From the Access page, select Reviews
From here, you can create a review or create a review schedule
Give the review a clear title, and select the vendors that will be in-scope for this review
Select Create draft review
The review page will list your vendors and information related to the access data.
In the synced column, you will see
Synced: Vanta has pulled the access data from the integration
Upload file: Access information must be uploaded into Vanta
Once access files are available for all in-scope vendors, select Start Review
When you start a review:
All your assigned reviewers will be notified
Once started, you will not be able to
Add or remove vendors
Re-upload access files
Performing the Review
Select Start Review
Click on the vendor from the specified review page
A list of accounts will appear
You will need to choose
Check: Maintain access: The user keeps access
X - Remove access: Clicking the "X" will not cause that user to lose access to the associated system. Instead, it will kick off a remediation flow. We cannot currently write any changes to your systems.
Clicking on the user will allow you to view detailed information and add notes.
All accounts must be assigned an owner before submission. If an owner needs to be assigned or edited, select the > next to the owner's name and make the necessary changes.
When all access accounts have been reviewed, select Submit
Import User Data
For unintegrated systems, users needed to fill out a user data template with all users and their roles in a system or upload a screenshot.
Upload screenshots or a PDF of user accounts.
Capture your user accounts with screenshots or a PDF from the system. We’ll convert them into an access file using our AI-powered image parser. This option is easiest if the account and role information is easily readable.
Prepare and upload your own access file
Download our editable access file template (.csv) and independently fill out user accounts and details. This is a good option if the user list does not contain account details, such as role. Go here to read more about formatting your Access File.
Creating a Schedule
Select Create
Select Create a schedule
Select Create a custom schedule, or select one of the pre-provisioned schedules from the Select a Starting point page.
Select Next
Configure the settings
Identify the schedule owner and the schedule name. Select the start date, how long the access review will take, and how often you want this review to be done
Define the scope by selecting the systems to include
Finalize the schedule and select Save Schedule
Access Review schedules can be found from the Settings tab
Deleting a Review
Select the ... button next to the draft or review to be removed
Select Delete
Exporting a Review
Select the draft to be reviewed
Select More, and then Export
Filter by Status
From the Access Reviews Page, select Filter by Status
Choose the status to filter by, and results will populate the page