The main use cases are all healthcare related and specifically SOC and HIPAA compliance.
Vanta
VantaExternal reviews
2,124 reviews
from
and
External reviews are not included in the AWS star rating for the product.
User-Friendly and Customizable, But Notifications Fatigue is Real
What do you like best about the product?
Customization and user friendly platform that allows for easy day-to-day use.
What do you dislike about the product?
Integrations are not always work optimally. Notifications can be superfluous and unclear on what actions need to be taken to resolve.
What problems is the product solving and how is that benefiting you?
We use Vanta primarily for SOC2 review.
Seamless SOC2 Compliance with Exceptional Integration
What do you like best about the product?
I like Vanta's wide range of product integrations, which effectively supports our third-party tools like AWS, GitLab, Intruder, and Zoho Vault, ensuring we always have the integrations we need. I appreciate Vanta's proactive support, which helps address issues swiftly, even when integrating complex platforms. The initial setup was super easy due to detailed and clear documentation, guides, and the assistance of Vanta AI.
What do you dislike about the product?
I was having problems while integrating GitLab. The support team did help me with that, but it was not showing the error in integration for merge request templates as the community version of GitLab, which we were running, doesn't support it.
What problems is the product solving and how is that benefiting you?
Vanta centralizes categorization and integrates multiple data sources for SOC2 compliance, helping me manage tasks, assign responsibilities, and track progress easily.
Effortless Tech Organization with Intuitive To-Do Lists
What do you like best about the product?
Vanta organizes all your tech accounts into ease to-do lists.
What do you dislike about the product?
Vanta feels expensive and new features feel like they are all add-ons instead of general product improvements.
What problems is the product solving and how is that benefiting you?
Vanta organizes all your tech accounts into ease to-do lists. We know which vendors are staying on top of security and have dialed in our license and asset management as a result.
Lightning-Fast Compliance Made Effortless for Startups and SMBs
What do you like best about the product?
Vanta’s biggest strength is how quickly it gets companies from zero to audit-ready by automating evidence collection and mapping controls in a way that’s simple, intuitive, and auditor-friendly. Its broad integration ecosystem (cloud, identity, devices, source control) removes a huge amount of manual work, while the clean UX and clear remediation guidance make it easy for non-security teams to follow without constant hand-holding. It’s not a deep GRC or risk platform, but as a compliance execution engine, it excels at speed, clarity, and reducing audit friction — which is exactly why it’s so effective for startups and SMBs.
What do you dislike about the product?
Vanta is a strong compliance automation platform, but its main limitation is that it’s optimized for speed and standardization rather than highly complex or bespoke security programs. For organizations with unique architectures, custom frameworks, or advanced risk management needs, some controls and workflows can feel a bit rigid and require manual workarounds. That said, this trade-off is intentional and aligns well with Vanta’s goal of making compliance accessible and efficient for most growing teams, especially those pursuing common frameworks like SOC 2 or ISO 27001.
What problems is the product solving and how is that benefiting you?
Vanta solves the problem of manual, time-consuming compliance work by automating evidence collection, continuously monitoring controls, and centralizing everything needed for audits in one place. This significantly reduces the operational overhead of preparing for frameworks like SOC 2 and ISO 27001, minimizes last-minute audit scrambles, and provides clear visibility into compliance posture at any point in time. As a result, it saves time, reduces stress for internal teams, improves audit readiness, and allows us to focus more on higher-value security and risk work rather than chasing screenshots and documentation.
Effortless Tracking and Integrations Across Certifications
What do you like best about the product?
Ability efficiently track tests/controls/policies across different certifications with whole bunch of integrations.
What do you dislike about the product?
When an error occurs with one or more entities during synchronization with an integration, there is no way to manually refresh the process using a button—the error remains and the sync stays stuck. I need to wait for the next sync.
What problems is the product solving and how is that benefiting you?
Thanks to this, we are able to pass certifications; otherwise, we would have struggled to keep everything tracked and up to date.
Effortless Security with Outstanding Support
What do you like best about the product?
I like the ease of implementation and their support in Vanta. They provide a course-like interface that teaches how important security is and includes the installation link within the course itself, making it easy. The initial setup was very easy.
What do you dislike about the product?
Maybe mentioning what are the things the installation package would do. At least the most important parts of it.
What problems is the product solving and how is that benefiting you?
I use Vanta for security purposes, to check how secure the systems are. The course-like interface and installation link make it easy to understand and implement, enhancing my security awareness.
Compliance workflows have become organized and automation supports ongoing healthcare audits
What is our primary use case?
What is most valuable?
In my opinion, the best features of Vanta include a lot of functionalities. The document control makes sense to me and works pretty well. All our policy documents are organized so I always know where I can go to get the latest and greatest version of those. I think that's a relatively strong feature. It ties in with automation and some of the controls that we have as part of our policies, and the automation and some of the infrastructure testing is pretty handy. Vanta also does a strong job on things like corporate risk analysis, where they pre-build a tabulated rubric for you to use so I didn't have to create that from scratch. I think that's handy.
In general, some of those things they've done make things handier. There's more talk these days about AI features and I'm sure that's all possible, but we haven't had a chance to experience any of that just yet. We're just trying to get the basic compliance program bootstrapped.
Vanta provides a necessary repository that any compliance expert will look at and recognize right away. Being in the healthcare space and with Vanta, there are nothing but difficult problems. This is not one of them. Having Vanta, we know we're doing the industry-approved procedures. The company seems to be going in the right direction for us. We're just drafting on the capabilities that they have. I would give them at least an eight, maybe even a nine. I don't know enough about the competitive offers or we don't have a big enough problem with this that we feel anybody out there that's better or could do better.
What needs improvement?
There are always tons of rooms for improvement for Vanta. I kind of exaggerated a little bit about the policy control. I don't really love the way they handle the revision management of that feature. If I'm on V1 of the policy document and I make some changes to it, then I get rid of V1 and then I re-upload V2. It's not that it keeps a running history of each of the different revisions. A little bit of an issue with that, but workable. I don't really have any negative complaint right now that would be worthwhile expressing. It's just that there's a lot of features. The UI is not super intuitive, but now that I've worked with it for a couple of years, I know how to navigate and get around. Initially, it was a little bit of a struggle understanding how these things would all work.
For how long have I used the solution?
I have dealt with Vanta for two years.
What do I think about the stability of the solution?
There are connection problems about 50% of the time because of the automated evidence collection.
How are customer service and support?
Support is quite good. On a scale of one to ten, if I were to rate them for support, I would say their human support is quite good. Every time I ask their customer success team, if I get a technical question and I've done this half a dozen times in the last year, they will respond within the next 24 hours. If I leave a message at 7:00 or 8:00 at night, I'll have the message the next morning because their London team will pick up on it and respond. I find their success team and their customer support to be pretty effective. They come back and make good recommendations and I think they do actually care about us, who's a relatively low-end customer for them. That's very positive. From a sales point of view, I didn't find them difficult to work with either. In fact, we negotiated a favorable deal where we extended the contract for two years as opposed to one and they gave us the price we wanted. On both fronts, they've treated us well from a customer support point of view.
How would you rate customer service and support?
Positive
Which other solutions did I evaluate?
Vanta is not used for real-time security posture monitoring. It's pseudo real-time. If an alarm happens overnight or if there's an expiration of an SLA because there's been a vulnerability that hasn't been addressed in 45 days and now it's the 46th day, it will let you know that immediately. We use New Relic for most of the real-time monitoring. We have integrations into our cloud service with New Relic.
What other advice do I have?
I am using Vanta for my consulting gig with the healthcare company in San Francisco, Healthx. We are highly integrated with AWS, so the integration capabilities with AWS or Google Cloud for our operations are not really a question. It's the heart and soul of what we're building. It's not that we have half the service with AWS and half the service with Google Cloud. We are AWS. There isn't that much integration. There is integration between Vanta and AWS, but I don't think it's as integral as our software integration with AWS. Our system basically works on their resources and it's tightly integrated.
At Healthx, I do several different things, but generally I'm a consultant working on the compliance program. My background is more as a VP of engineering, but I do this because I know the guys and I know the founding team. My overall rating for Vanta is eight out of ten in terms of customer satisfaction and customer support.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Clean Layout and Excellent Support
What do you like best about the product?
It as a clean and easy to follow design. Software is fast and stable which does not crash. It reduces manual work by automating the majority of the evidence collection and compliance checking required for audits. Continually monitors our systems and provides a real-time view of compliance, enabling issues to be identified early. Provides pre-built policy templates and 'out-of-the-box' documentation and workflow frameworks to help achieve compliance quickly and easily. Integrates with a wide variety of cloud platforms, identity management tools, HR tools and device management systems. This makes it easier to incorporate Vanta into our existing setup and automatically ingest data for compliance checks. As a great customer service support team and the AI tool is useful.
What do you dislike about the product?
The platform could have more color to its software so tabs/filters are easily viewable. There are some limitations around customising reports or exporting custom formats.
What problems is the product solving and how is that benefiting you?
We use it for our ISO compliance and audits. Manage, measure risks associated with software integration. Assists with ISO compliance and audits.
Reliable Compliance, Outstanding Support
What do you like best about the product?
I really appreciate Vanta's exceptional support team, who not only resolved my account issue swiftly but also did so with a fantastic attitude, making the whole experience pleasant. Additionally, I find the Vanta website incredibly easy to use, which enhances my overall productivity and streamlines my work processes. The initial setup of Vanta for our team was surprisingly straightforward and hassle-free, which was a significant relief. Moreover, Vanta seamlessly integrates with all my enterprise tools, allowing for smooth operations and cohesive workflow management.
What do you dislike about the product?
Explain better what the product is
What problems is the product solving and how is that benefiting you?
I use Vanta to maintain compliance while accessing my account tools, integrating with all enterprise tools easily, with an excellent support team resolving issues quickly.
Streamlines SOC 2 Compliance with Ease
What do you like best about the product?
I appreciate how Vanta automates the entire process of establishing proper documentation and security processes to ensure our company and technology are fully compliant. This automation significantly reduces the manual workload associated with becoming SOC 2 Type I and Type II compliant, making it much easier to manage security-related controls. I find it incredibly convenient that everything is in one place, especially concerning vendors, which streamlines the compliance process further. Additionally, the initial setup is fairly straightforward, which eased the transition to using Vanta. Overall, these features not only improve our operational efficiency but also enhance our confidence in managing compliance effectively.
What do you dislike about the product?
I think there needs to be better transparency regarding the auditor's expectations and for auditors to fulfill their requests within the projected timeline.
What problems is the product solving and how is that benefiting you?
I use Vanta to automate the process of collecting mandatory security controls for SOC 2 compliance, which streamlines documentation and security processes, ensuring our company remains compliant. It provides the convenience of centralizing necessary processes and vendors in one place.
showing 1 - 10