Vanta
VantaExternal reviews
2,132 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Easy to use and start
What do you like best about the product?
Easy to create, adjust and maintain policies & tests
What do you dislike about the product?
Multiple suggestions for some sections of policies could be a nice to have
What problems is the product solving and how is that benefiting you?
Easy integrations with our tech stack and maintenance of our policies
Review for the Vanta Compliance Automation software
What do you like best about the product?
Ease of Use: Vanta is designed to be user-friendly, with a focus on automating the compliance process. It simplifies the complex tasks associated with compliance, making it accessible even to those who are not experts in the field.
Automation: Vanta automates many of the repetitive and time-consuming aspects of compliance, such as evidence collection, monitoring, and reporting. This allows us to maintain compliance with minimal ongoing work.
Real-Time Monitoring: Vanta continuously monitors the systems, detecting issues in real-time.
Support for Multiple Frameworks: Vanta supports various compliance frameworks such as SOC 2, GDPR that we have signed up for, but in future we can expand to more easily.
Automation: Vanta automates many of the repetitive and time-consuming aspects of compliance, such as evidence collection, monitoring, and reporting. This allows us to maintain compliance with minimal ongoing work.
Real-Time Monitoring: Vanta continuously monitors the systems, detecting issues in real-time.
Support for Multiple Frameworks: Vanta supports various compliance frameworks such as SOC 2, GDPR that we have signed up for, but in future we can expand to more easily.
What do you dislike about the product?
Customization Limitations: Some of the tools that we use (eg. Sonarqube) dont have ready integration in Vanta.
Potential for False Sense of Security: Automated tools can sometimes create a false sense of security, where we might assume that the compliance is fully covered.
Potential for False Sense of Security: Automated tools can sometimes create a false sense of security, where we might assume that the compliance is fully covered.
What problems is the product solving and how is that benefiting you?
Providing assurance to our stakeholders (internal and external) about the data security. Ensuring that the Cloud deployments are done as per SOC2 security framework and the data is managed properly as per GDPR framework
Great GRC platform that can be customised in any way
What do you like best about the product?
The way we can costumise everything and adjust things to work for our organisation. There are no limitations and we can automate almost everything. The automated tests and integrations with key tools make continious monitoring easier than ever.
Customer support team is also great with dedicated slack channel where we receive responses the same day we run into an issue.
Customer support team is also great with dedicated slack channel where we receive responses the same day we run into an issue.
What do you dislike about the product?
There is some lack of customisation in the vendor management module
What problems is the product solving and how is that benefiting you?
Vanta is solving all our problems around GRC. It is our one-stop-shop and we cannot live without it anymore. Thanks to all the automations we save much time and as a result we can spent more time on reducing risk accorss the organisation.
Vanta greatly simplifies and speeds up security and compliance for early-stage organizations.
What do you like best about the product?
In my experience, Vanta distills the complexities of compliance frameworks into clear, bite-sized objectives. A small team can effectively manage GRC for their organization with Vanta, in large part due to the many supported integrations that automate a significant chunk of the process. I've found the software platform really straightforward and easy to understand, and Vanta's customer success team has been great to work with.
What do you dislike about the product?
The only negative I've experienced with Vanta has been a slightly inconsistent software user experience. Different modules have slightly different interfaces or workflows, which can be a bit confusing; that said, the impact of this has been negligible, in my experience.
What problems is the product solving and how is that benefiting you?
Vanta provides us with a straightforward platform for ensuring that we remain in compliance with our chosen frameworks (HIPAA and SOC 2), and for enabling easy auditing (in the case of SOC 2). Without Vanta, we would likely need a dedicated GRC expert on our team to manage these priorities. The return on our investment in Vanta's products and services is abundantly clear for our use cases.
Automated controls testing platform ideal for SaaS heavy organisations
What do you like best about the product?
Vanta was assessed against the other market leading automated assurance & GRC platforms before being implemented. We are a SaaS heavy business and all of our tools integrate with Vanta. All testing exceptions can be escalated into Jira tickets for engineers to easily investigate. The audit module is making our SOC 2 audit much easier than via spreadsheets which were previously used. The risk management module is quite intuitive, and importing of controls, linking of evidence etc works well. User management is easy, with access via SSO.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
What do you dislike about the product?
Dark mode is still to be developed, and would be a nice to have.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
What problems is the product solving and how is that benefiting you?
Previously we had a very manual GRC & audit process, which has now been systemised via Vanta.
Streamline Compliance with a central hub for policies, tests and controls
What do you like best about the product?
Clarifies the requirements of a lot of important security standards, primarily ISO 27001 and SOC 2.
- Guidance available to gather the required evidence or steps to implement compliant practices.
- Guidance available to gather the required evidence or steps to implement compliant practices.
What do you dislike about the product?
Searching for specific policies and keywords could be clearer, it requires a degree of familiarity making it less useful for end users.
What problems is the product solving and how is that benefiting you?
Aligning the security and compliance requirements of ISO 27001 and SOC 2, making it clear which elements are shared and the specific items required to test and evidence compliance.
Vanta takes the "over" out of "overwhelming" when it comes to SOC 2 compliance
What do you like best about the product?
It's a straightforward, simple, yet robust system for various compliance needs. I like that it clearly lays out the requirements, the tests, and highlights deficiencies in an automated fashion. Implementation is very straightforward and it's easy to connect most/all of your 3rd party systems for automated tests. Once you get through an initial implementation period (which is self-guided) you don't have to actually login and use the system every day--Vanta will send you notifications when tests fail or something is needed. Customer support is solid. They give you a dedicated account rep that can guide you through everything and point you in the right direction.
What do you dislike about the product?
Vanta is a bit nickle-and-dimey with their product. The base fees can be quite hefty and then they try to upsell you on additional modules to automate more of the process.
What problems is the product solving and how is that benefiting you?
We use Vanta for SOC 2 and PCI compliance. Without Vanta, we'd have to pay a consultant 5x what we pay Vanta for. That does mean that we have to put in some extra work ourselves to self-manage and keep on schedule, but it's worth the tradeoff. Vanta also has a number of partner CPA/audit firms to pair with their customers, yet you can still choose your own audit firm if desired. Ultimately, Vanta is guiding us through the process of becoming SOC 2 compliant and helping us understand the scope at the same time.
The Vanta platform has been invaluable for our SOC2 compliance efforts
What do you like best about the product?
Vanta's ability to provide near realtime information regarding test failures or vulnerabilities makes it an extremely comprehensive tool. The questionnaires auto fill has saved countless hours where manually filling inquiries often took hours per month.
What do you dislike about the product?
Because of the comprehensive nature of the platform, its not always easy to navigate to the exact spot you need to address. To fix an issue can be done on th main vulnerability page while others required you to go somewhere else first.
What problems is the product solving and how is that benefiting you?
Vanta shines a light on issues related to SOC2 and helps us strengthen our security stance.
Vanta makes a difficult process (SOCII Type 2) easier to understand
What do you like best about the product?
Vanta aggregates all necessary controls, policies, documents, etc into a single platform. This in and of itself is helpful as we have a repository and tracker for all of our current SOCII needs & requirements. Vanta's Trust Center has helped us to display that we are in process and will eventually serve as our homepage to share with external partners when asked about compliance. We use Vanta every day as we prepare for our final audit process.
External integrations into our systems has been fairly simple each time we've needed to implement.
External integrations into our systems has been fairly simple each time we've needed to implement.
What do you dislike about the product?
Some of the controls, documents and policies are unclear. Assistance in understanding what is "in scope" vs what is "out of scope" would be helpful. Also had some trouble sourcing a pentest provider through the Vanta team. A more thorough outline of onboarding expectations would be helpful as well. We have reached out to our Account Executive a few times with technical questions that were immediately passed off to another department.
What problems is the product solving and how is that benefiting you?
Vanta is providing a solution to our team that would otherwise be unable to obtain SOCII Certification on our own. It has saved us numerous hours I'm sure. SOCII Compliance is not for the faint of heart!
Vanta is a fantastic platform for organizing multiple security frameworks and accelerating timelines
What do you like best about the product?
Vanta provides numerous automatic controls that significantly reduce the time required to show compliance with security requirements. It is also serves as a central repository for security documents. It makes security audits considerably easier, saving both time and money. Vanta also allows you to view how many controls are already met in additional security frameworks.
What do you dislike about the product?
Each security framework is sold as an additional module. so it can add up.
What problems is the product solving and how is that benefiting you?
Vanta helps automate controls and serves as a central repopsitory for documents.
showing 421 - 430