Skip to main content

Custom Controls

S
Written by Shannon DeLange
Updated today

Custom controls in Vanta allow your organization to define and track security, compliance, or operational requirements beyond standard framework controls. They’re instrumental when aligning with internal policies, customer contracts, or niche regulations not fully covered by SOC 2, ISO 27001, HIPAA, or other supported frameworks. Custom controls also help fill gaps where default controls may not fully capture your unique implementation, for example, a specific data handling process or onboarding workflow. Additionally, they can showcase operational maturity by documenting best practices they want to formalize and monitor over time. Whether preparing for an audit or strengthening internal governance, custom controls offer flexibility to tailor Vanta to your real-world processes.

Creating Custom Controls

  • From the Controls Page, select +Add Control

  • Select + Add Custom Control

  • Complete the information related to the Control

    • Control ID

    • Control name

    • Description

    • Domain

    • Effective Date

    • Framework Code (optional)

  • Select Add Control

Screen_Shot_2023-05-10_at_12.53.33_PM.png

Manage Framework Mappings

  • Select the three-dot menu of the control you would like to map to a framework

  • Select Manage framework mappings

Screenshot 2024-03-21 at 2.47.41 PM.png

  • Select the Framework you would like the control to be mapped to by using the drop-down, or search bar

Screenshot 2024-03-21 at 2.49.51 PM.png

  • Select the appropriate requirement, and click add

Screenshot 2024-03-21 at 2.51.30 PM.png

  • The same control can be mapped to multiple frameworks and requirements

Uploading Custom Controls

  • From the Controls page, select + Control

  • Select Import Custom Controls

  • Download the Excel template and complete the appropriate information

Screenshot 2024-03-21 at 2.58.49 PM.png

    • Make sure your import contains the following columns

      • Control Summary

      • Control ID

      • Control Description

      • Domain

Editing Custom Controls

  • Click on the Control you would like to edit

  • From here, you can edit the control details as well as mapped elements

Screenshot 2024-03-21 at 3.19.02 PM.png

Mapping Tests

  • Select the + button

  • From here, you can choose from the full list of tests available in Vanta, or choose from a list suggested by Vanta AI

    • To enable or disable AI suggestions, toggle the Suggest by Vanta AI on or off

  • Select the test you would like linked to the control, and click Add

Screenshot 2024-03-21 at 3.18.05 PM.png

Mapping Documents

  • Select the + button

  • From here, you can choose from the list of Documents available in Vanta or choose from a list suggested by Vanta AI

    • To enable or disable AI suggestions, toggle the Suggest by Vanta AI on or off

  • Select the Document you would like linked to the control, and click Add

    • You can also upload a new document from this modal by selecting + New document

Screenshot 2024-03-21 at 3.21.18 PM.png

Mapping Risk scenarios to controls

  • Select the risk scenario you would like mapped to the control, and click Add

Screenshot 2024-03-21 at 3.23.40 PM.png

Assigning a Custom Control

  • Click directly into the owner column of the control

  • Search for the necessary person, and click their name

Screenshot 2024-03-21 at 3.24.55 PM.png

Delete a Control

  • From the main Controls page, choose the ... menu, and select Remove

Screenshot 2024-03-21 at 3.26.18 PM.png

  • Choose the delete effective date

  • Select Delete

Screen_Shot_2023-05-10_at_12.57.45_PM.png
Related Articles
Bringing your Current Compliance Program into Vanta
Custom Mapping Controls to Policies
Creating Custom Policies
Creating Custom Tests
Custom Controls & Frameworks: Frequently Asked Questions