Share this article

Our approach to lifecycle management at Vanta
Accelerating security solutions for small businesses Tagore offers strategic services to small businesses. | A partnership that can scale Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. | Standing out from competitors Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market. |
In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta secure. We’ll also share some guidance for teams of all sizes—whether you’re just getting started or looking to uplevel your operations.
In this post, you’ll hear from Janiece Caldwell, Senior Operations Engineer on Vanta’s Enterprise Engineering Team.
Overview of lifecycle management
Lifecycle management is the process of overseeing employees, their systems, and their hardware from onboarding to offboarding—or from provisioning to deprovisioning. Managing the lifecycle of your users, their systems, and their hardware also includes understanding and addressing the compliance and legal risks and requirements along the way.
At Vanta, the Enterprise Engineering team handles the onboarding and offboarding of our employees. Along the way, we partner closely with our Security and Privacy, Risk, & Compliance teams to ensure our policies and procedures consistently align with our controls and requirements.
Benefits of automation
As with many other processes, our Enterprise Engineering team likes to automate as much as we can. Not only does this free up the team’s time for less manual efforts, but automation also helps reduce the chance for user error—both upon onboarding and offboarding.
For example, one of the first user accounts we create for each new employee is their Okta account, which is automatically created from our HRIS (human resource information systems) once it’s inputted by our People team. In turn, we’re able to automate the creation of other accounts based on a user’s Okta account.
When an employee leaves, we also automate the process of removing access, which eliminates the need to manually remove access and reduces the risk of user error. Given that Vanta is a global company, this also eliminates the need for individual members of our team to manually offboard any tools and systems that are provisioned through Okta within different time zones.
While we’re confident in our automation, we also have reactive ways within the Vanta product to quickly catch any potential issues if, for any reason, a user’s access isn’t terminated.
Our teams review Tests in Vanta on a regular basis which would identify potential issues. Using Vanta’s Access Review tool, we run quarterly Access Reviews on a predefined set of systems and tools with access to sensitive data. This helps identify and remediate any potential issues on a reactive basis, just in case things slip through the cracks.
Our approach to onboarding
Our Enterprise Engineering team genuinely cares about ensuring that new hires have a productive, thorough, and welcoming onboarding experience.
To do so, new employees receive a dedicated onboarding session on their first day of onboarding to introduce new employees to our tools, processes, and importantly, ways to get help from our Enterprise Engineering team. We help curate team wiki pages and companywide resources to help make it easier to track down important information and understand company structure. We also hold regular Office Hours and encourage new hires to sign up if they have any questions—such as about password managers, which can be a common topic.
In order to be productive from day one, it’s important that new hires have what they need when they need it and that we strive to automate as much as possible to eliminate gaps or unnecessary manual effort. As an example, as a fully remote company, we provide access to a user’s email and calendar shortly prior to a new hire’s start date (with no access to sensitive data) in order to allow them the ability to look ahead and plan for their start date.
Once an employee formally joins, they automatically gain access to the foundational suite of tools deemed necessary from their team—instead of having to manually request access and create more busywork for managers to review and grant approvals.
Our approach to offboarding
While offboarding is a sensitive topic, our overriding principle is to treat all cases of employee offboarding the same way, whether a voluntary or involuntary departure. This is because voluntary terminations often seem less critical, but are equally critical from a security perspective.
In addition, we work closely in tandem with partners such as our People and Finance teams, as well as people managers.
Tips and suggestions
While each company and team has a different perspective on how to best approach lifecycle management, here are a few tips from Vanta’s Enterprise Engineering team:
- Put yourself in a new hire’s shoes: To give new hires the best possible experience, always put yourself in their shoes when designing new processes, content, and resources. Remember that the onboarding process can often include an overwhelming amount of information for new hires, so it helps to have resources to look back upon or reference.
- Seek continuous improvement: Actively seek out feedback about the onboarding experience from new hires, and evolve your processes, content, and resources as needed.
- Build strong partnerships: It takes strong cross-functional partnerships to help ensure your policies and procedures are robust and meet your company’s security, legal, and compliance obligations. Don’t forget about internal partnerships with your HR, Finance, and Security teams, as well as your people managers. And remember to cultivate important external partnerships such as with your logistics partner for hardware and equipment return, especially if you’re a remote-first company.





FEATURED VANTA RESOURCE
The ultimate guide to scaling your compliance program
Learn how to scale, manage, and optimize alongside your business goals.