Vanta’s priority security factors

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

MFA on GSuite, Github, and AWS

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Password manager used by all employees

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

All laptops encrypted

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Databases backed up

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

SSL on website

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Root infrastructure is locked down

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Log al actions taken in infrastructure provider (AWS)

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 0.1

Vanta’s priority security factors

This gap analysis maps Truework, Inc.’s compliance controls to the Vanta Standard. This can:

  • Provide an illustrative set of controls appropriate for an information security audit
  • Identify control gaps
  • Give advice on ways to satisfy the unimplemented controls
V 1.0

Data and privacy

V 1.1

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 1.2

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 1.3

Something else

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

V 1.0

Internal security procedures

V 1.1

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 1.2

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 1.0

Organizational security

V 1.1

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

V 1.2

Customer data policies

During new hire orientation, Truework requires employees to complete a Security Awareness Training, which includes a discussion of securing customer data. Part of the training includes employees signing an Acceptable Use Policy (AUP.)

Engineering and customer success teams can access customer data. Their access is granted on a least-privileged basis by a senior engineer, and each must sign Truework System Access Control Policy when hired.

Requirements

Job descriptions

COMPLETE

All positions have a detailed job description that lists qualifications, such as requisite skills and experience, which candidates must meet in order to be hired by Vanta.

Tests Performed: Observed that all jobs posted on Vanta’s job site have descriptions and expectations.

Organizational chart

IN PROGRESS

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.

Restrict access to customer data

COMPLETE

These are the most critical factors that ensure Truework has security coverage over the most common vectors of attack.