Skip to content
English
Ask our team
Go to sensiba.com
  • There are no suggestions because the search field is empty.

Vanta Velocity Quick Start Guide

Get Audit Ready on Vanta in 5 Steps with Sensiba

Configuring your Systems & Scope

Your audit scope defines what systems, users, and resources will be included in the audit. Getting this right at the start avoids wasted effort and delays later.

Critical Systems to connect:

  • Infrastructure Cloud Providers

  • Identity Providers (IDP)

  • Version Control (GitHub, GitLab, Bitbucket, etc.)

  • HRIS (Human Resource Information Systems)

  • Databases

  • Mobile Device Management (MDM)

👉 In-scope = production systems, sensitive information, or user data
👉 Out-of-scope = test, sandbox, or non-production systems

💡 Tip: Always confirm that your in-scope inventory covers all production systems and sensitive data — and nothing unnecessary.

📖 For further step-by-step instructions, view more about configuring your scope in Vanta here.

Getting Your Vanta Instance Audit-Ready

Once your initial connections and system description are set up, there are a few core areas in Vanta that need attention to ensure you’re ready for audit. The focus areas differ slightly between SOC 2 Type 1 and SOC 2 Type 2, outlined below.

SOC 2 Type 1: The Essentials to Get Started

A Type 1 audit represents a point-in-time review, so the setup required is lighter. At a minimum, in addition to connecting your key systems outlined above, we need you to complete the following areas so we can begin the audit process:

  • Personnel in Scope - Make sure all relevant employees are added to Vanta — and that only those required are included. Contractors are typically excluded unless they have access to critical systems.
  • Policy Management Upload your required policies, assign them to the appropriate staff, and track acknowledgements and approvals.

     

    • Note: Policy acknowledgement is not enabled by default in Vanta — you’ll need to switch this on so we can verify acknowledgements, you can follow these instructions here.

    • You can use either:

      • Vanta-provided policies, or

      • PolicyTree (our Policy Generator) to create tailored, control-aligned policies. If using PolicyTree, simply upload the generated policies into Vanta. You can create them here.

  • Monitoring Basics - Enable key monitoring tests to validate the most important controls for your environment.
  • Vanta Agent - Install the Vanta Agent for all applicable personnel to track device compliance (e.g., disk encryption, antivirus).

These items represent the minimum required to get your Type 1 audit underway, and they help build a strong foundation for your Type 2.

SOC 2 Type 2: Build on the Foundation

A Type 2 audit assesses controls over time to confirm operating effectiveness, so you’ll need everything listed above plus a more complete operational picture. This includes:

  • Risk Management - Document your risks, assign owners, and outline mitigation plans — especially for high or critical risks.
    • Be sure to enable Auditor View for your risk register in Vanta so our Audit team can review it. Alternatively, you may upload a manual risk register.
  • Vendor Management - Add your critical vendors, set risk ratings, and complete reviews for any vendor rated high or critical.

📖 For a detailed step-by-step walkthrough, check out Vanta’s SOC 2 Checklist.

💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.

Scoping your Controls

Vanta comes with a broad set of default controls, but you don’t need all of them for your audit.

  • Your audit with us only requires a subset of controls.

  • There are approximately 50 controls relevant for Security, Availability, and Confidentiality Trust Service Criteria. We've included Processing Integrity & Privacy, however these are not tested by default and is an additional cost to add these TSC's in scope.
  • Please note: Vanta focuses on evidence items rather than controls, and automatically links some evidence to specific controls. However, in some cases, we may request different or additional evidence that better supports the control, as there are different evidence items that arise depending on which systems you have integrated into Vanta to ensure sufficient coverage. This is normal and ensures the most accurate and efficient audit process. 

📖 Download and View the full list here

Create the Audit

Set up your audit so we can join you in Vanta.

  1. Go to the Compliance tab → select Audits

  2. From here, select:

    • Framework

    • Audit type

📖 Read more about creating you Audit in Vanta here

Provide Sensiba Auditor Access

Once your audit is created, please add us as the Audit Firm and give our audit team access:

  • Audit Firm: Sensiba
  • Audit Email Addresses:
    • csplatform@sensiba.com - this ensures we can start supporting you right away, and help you with your audit readiness.
    • auditops@sensiba.com - this is our shared audit team access.

💡 Note: Your dedicated audit team member will be assigned after your Kick-Off call. They’ll let you know when to add their individual account.

Complete your System Description

This is a key step for your audit:

  • It forms the basis of your final SOC 2 report

  • It tells your auditor exactly which systems are in scope

You can complete it by following the instructions linked here.

💡 Note: While Vanta also has a system description, ours is different and required for the audit. The good news is you can re-use much of the information you’ve already entered into Vanta.

Need Help?

We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com.