Skip to content
English
Ask our team
Go to sensiba.com
  • There are no suggestions because the search field is empty.

Vanta Quick Start Guide

Get Audit Ready in 5 Steps with Sensiba

This guide is designed to help you fast-track your audit readiness, save you time, and reduce stress along the way.

    1. Configuring your Systems & Scope

    Your audit scope defines what systems, users, and resources will be included in the audit. Getting this right at the start avoids wasted effort and delays later.

    Systems to connect in Vanta (if applicable): 

    • Cloud Providers
    • Databases
    • Version Control (GitHub, GitLab, Bitbucket, etc.)
    • Identity Providers (IDP)
    • Mobile Device Management (MDM)

    👉 In-scope = production systems, sensitive information, or user data
    👉 Out-of-scope = test, sandbox, or non-production systems

    💡 Tip: Always confirm that your in-scope inventory covers all production systems and sensitive data — and nothing unnecessary.

    📖 For further step-by-step instructions, view more about configuring your scope in Vanta here.


    2. Scope your Controls

    Vanta comes with a broad set of default controls, but you don’t need all of them for your audit.

    • Your audit with us only requires a subset of controls.
    • There are approximately 50 controls relevant for Security, Availability, and Confidentiality Trust Service Criteria. We've included Processing Integrity & Privacy, however these are not tested by default and is an additional cost to add these TSC's in scope.
    • Please note: Vanta focuses on evidence items rather than controls, and automatically links some evidence to specific controls. However, in some cases, we may request different or additional evidence that better supports the control, as there are different evidence items that arise depending on which systems you have integrated into Vanta to ensure sufficient coverage. This is normal and ensures the most accurate and efficient audit process. 

    📖 Download and view the full list here

    3. Add Sensiba as your Auditor

    Granting auditor access early enables us to provide targeted guidance, streamline your preparation, and accelerate your audit readiness.

    Add Sensiba as your auditor by navigating to settings, then user permissions in Vanta. 
    Create the Audit package

    a) Go to the Compliance tab → select Audits

    b) From here, select:
    • Framework: Engage audit framework (SOC 2 Type 1, SOC 2 Type 2, HIPAA, GDPR…) - refer to your Sensiba engagement letter if uncertain. 
    • Audit firm: Sensiba
    • Auditors: csplatform@sensiba.com 
    • Audit as of date or Audit period:
      For Type 1 - select today’s date
      For Type 2 - select your observation period - if not confirmed yet, select any date range (this can be updated at a later stage by your team or the audit team). 

    📖 If you would prefer to watch a step-by-step video, follow this link to a loom video on how to grant Sensiba access and create your audit package in Vanta. 

     

    4. Complete your System Description

    This is a key step for your audit:

    • It forms the basis of your final report
    • It tells your auditor exactly which systems are in scope

    You can complete it by following the instructions linked here.

    💡 Note: While Vanta also has a system description, ours is different and required for the audit. The good news is you can re-use much of the information you’ve already entered into Vanta.


    5. Key Focus Areas to Get Your Vanta Instance Audit-Ready

    To ensure a smooth and efficient audit, we recommend reviewing and configuring the following focus areas in your Vanta instance:

    • Personnel in Scope:
      Ensure all personnel in scope are listed in Vanta. Manually mark personnel out of scope that do not maintain access to your critical systems and/or sensitive data (contractors if applicable). 
    • Policy Management:
      Create or upload your policies, and track acknowledgements and approvals.
      Vantas helpful resources. 
    • Alternatively, PolicyTree (Optional):
      Use our Policy Generator to create robust, tailored policies aligned with your controls. If you choose PolicyTree, upload those policies into Vanta. https://knowledge.assurancelab.cpa/policy-tree 
    • Risk Management:
      Document your risks, define mitigation plans, and assign ownership.
      How to provide auditor access: https://help.vanta.com/hc/en-us/articles/13619481189524-Creating-a-Risk-Snapshot for your risk register, or upload a manual risk register. 
    • Vendor Management:
      Add your critical vendors, assign risk ratings, and complete annual reviews for those rated high or critical.
    • Monitoring Tests:
      Configure key monitoring checks so controls are continuously validated within Vanta.
    • Device Compliance:
      Integrate your MDM or use the Vanta Agent to monitor personnel devices in scope.

    📖 Another helpful resource - Vanta’s SOC 2 Readiness Checklist.

    💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.

    Need Help?

    We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com 

    To discuss the above, book a meeting with a Customer Success team member, use this link.

    Ready to kick off your audit? Book a meeting here.