Effortless Compliance Tracking, But Needs Better Screenshot Handling
What do you like best about the product?
I really like how Vanta keeps track of the thousands of tasks that need to be completed in order to stay compliant with various standards. I really like how it integrates with lots of our software too (Google, MDM, etc) in order to pull in information automatically for us.
What do you dislike about the product?
I dislike that Vanta when trying to add screenshots to multiple tasks, it only added the first screenshot and did not let me know that it did not add the second screenshot. I figured that out later myself.
What problems is the product solving and how is that benefiting you?
Vanta is helping us by breaking down all the controls we need for various compliance standards.
User-Friendly Compliance Dashboard, But Integration Issues Require Manual Fixes
What do you like best about the product?
Easy to use dashboard for managing all aspects of compliance. Easy engagement with Auditors. Integration library is extensive and covers major vendors that we utilize.
We utilize the platform on a daily basis to maintain our compliance stance.
What do you dislike about the product?
Some integrations do not function properly and results in false positives. Requires manual intervention to override.
What problems is the product solving and how is that benefiting you?
Our organization is updating its policies to be inline with best practices within the industry. This includes obtaining SOC 2 and ISO compliance among others. There is a substantial challenge to obtain certification without a tool like Vanta.
Vanta Review
What do you like best about the product?
Ease of use, time it takes to complete SOC2, ongoing monitoring, partnerships with CPA's, overall cost.
What do you dislike about the product?
Troubleshooting integration issues can be cumbersome. Most times it has all to do with changes on the Vanta side that impact the integration. We usually do not find out that there is or may be a problem until after Vanta makes a change.
What problems is the product solving and how is that benefiting you?
SOC 2 effort and cost
Effortless Compliance Management
What do you like best about the product?
Vanta takes the pain out of ongoing security compliance. The continuous monitoring and integrations with cloud providers and identity platforms make it incredibly easy to maintain SOC 2 and ISO 27001 readiness. The automated evidence collection and clear dashboards save hours of manual work each week. I especially appreciate how well Vanta visualizes compliance progress for both technical and non-technical stakeholders.
What do you dislike about the product?
The platform occasionally feels rigid when mapping custom controls or frameworks outside of the standard ones. Some integrations require manual setup or additional workarounds. The reporting UI could also use more flexibility for exporting or customizing audit views, though Vanta’s support team is responsive and open to feedback.
What problems is the product solving and how is that benefiting you?
Vanta streamlines the entire compliance lifecycle, from tracking security controls to preparing for audits. Before using Vanta, managing SOC 2 and ISO 27001 readiness required multiple spreadsheets, reminders, and manual evidence gathering across departments. Now, those processes are automated-Vanta continuously monitors our cloud infrastructure, access controls, and vendor risks, flagging gaps in real time. This has significantly reduced both audit preparation time and human error. The platform also gives leadership visibility into compliance health, helping us maintain trust with partners and customers while scaling securely.
Great for Azure Resource Insights, But Subscription Mix-Ups Occur
What do you like best about the product?
Inspection about azure resources and what of them should be updated or clarified
What do you dislike about the product?
Sometimes it makes mistakes between our subscriptions on azure
What problems is the product solving and how is that benefiting you?
ISO and having all the az resources up to date so we can be certified
Vanta Eliminates Manual Tracking Headaches
What do you like best about the product?
What I appreciate most about Vanta is how much tedious, manual compliance work it has eliminated for me. Before using it, I was constantly managing spreadsheets, collecting screenshots, and sending endless reminders just to demonstrate that MFA was enabled or that systems were up to date. Now, everything is centralized. The integrations handle much of the work automatically, allowing me to focus on making real improvements instead of just gathering evidence. While it’s not a miracle solution, it’s reliable. The interface is straightforward, the alerts are clear, and it doesn’t feel like pointless busywork. When auditors request documentation, I can easily provide it without having to search through old Slack messages. Most importantly, I have peace of mind—I no longer need to mentally track dozens of compliance tasks. It fits seamlessly into my regular workflow, so compliance doesn’t feel like a last-minute scramble every quarter. Honestly, that peace of mind alone makes it worthwhile.
What do you dislike about the product?
I have had a few issues related to the in-app integrations, and the Vanta agent that is installed on our employee's machines. This causes the automated tests to appear as they are failing when they shouldn't be. However, it's simple enough to show proof to the auditor.
What problems is the product solving and how is that benefiting you?
Vanta is an organization platform. It helps make the compliance requirements digestable. It benefits me because we can stay up-to-date with our requirements with automated alerts, instead of scrambling at the end of the year.
Easy to use, super intuitive!
What do you like best about the product?
Vanta makes compliance feel effortless. The automation features save hours of manual work, and the platform’s clarity helps everyone on the team stay aligned. I especially appreciate how intuitive the dashboard is.... it gives a real-time pulse on our security posture without needing to dig through spreadsheets or audit trails!!
What do you dislike about the product?
Occasionally, some integrations take a bit of fine-tuning to sync perfectly, and certain alerts could use more context or flexibility. But overall, the product team is clearly responsive, and improvements roll out frequently.
What problems is the product solving and how is that benefiting you?
Vanta centralized and automated much of the compliance work that used to take endless spreadsheets and back-and-forths between teams. It gives us a single source of truth for our security posture, makes evidence collection and audit preparation far more efficient, and ensures we’re continuously meeting requirements instead of scrambling at the end of the cycle. It’s also helped improve collaboration between People Ops, Engineering, and Leadership by making compliance a shared, visible process.. not a siloed or reactive one.
Effortless SOC 2 Prep, Minor Setup Hiccups with Older Tools
What do you like best about the product?
Vanta quietly pulls proof from our systems and shows exactly which controls are checked and which need work. During SOC 2 prep it gathered lots of the logs and access data for me, so I spent time fixing issues instead of hunting for screenshots.
What do you dislike about the product?
Some older tools didn’t connect automatically and required manual uploads during setup, which slows things down at first.
What problems is the product solving and how is that benefiting you?
Vanta turned compliance from a one-time panic into steady daily checks. Missing items show up early, many artifacts come in automatically, and audits need far less chasing.
Vanta Automates Evidence Collection
What do you like best about the product?
Vanta connects to our cloud and identity tools and starts pulling evidence on its own, so I don’t have to chase screenshots or logs. During our SOC 2 readiness it gathered user and access data automatically.
What do you dislike about the product?
A couple of legacy apps also needed manual evidence during initial setup, which took some extra engineering time.
What problems is the product solving and how is that benefiting you?
Vanta automates continuous checks and evidence collection so gaps show up long before auditors arrive. That moved our compliance work from frantic, last minute effort to steady, daily tasks.
Has improved our compliance workflow and helped identify and fix security vulnerabilities
What is our primary use case?
My main use case for Vanta is compliance in general, aiming for an ISO to be compliant with the standards.
A specific example of how I use Vanta for ISO compliance is that we have Vanta connected to our AWS account and our Azure DevOps repositories.
Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS Inspector for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.
What is most valuable?
The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.
Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.
Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.
After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.
What needs improvement?
The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.
To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.
Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.
For how long have I used the solution?
I've been using Vanta for the past 10 months, starting in early January this year.
What do I think about the stability of the solution?
Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.
What do I think about the scalability of the solution?
Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.
How are customer service and support?
I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used Azure Defender, which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.
What was our ROI?
Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.
Which other solutions did I evaluate?
Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.
What other advice do I have?
For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.
I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.
On a scale of 1-10, I rate Vanta a 9 out of 10.
