What do you like best about the product?

At my current company, we used Vanta primarily to achieve SOC 2 type 2 compliance within a six month deadline as part of our growing into the US market. Our team especially in DevOps and Security used Vanta almost daily to monitor compliance readiness, track audit progress and also manage tasks. What I like best about Vanta during this use case was it’s a real time monitoring dashboard combined with pre-build integrations for Github, AWS and Jira. The customer support team was also very responsive. For one of my complex issues, they scheduled a quick zoom call without any delay. Thanks to Vanta, we had cross functional visibility as our security leads, engineering teams, and even HR could view and track their tasks on the platform.

What do you dislike about the product?

One challenge we faced was the rigid mapping of some integrations. For example, our custom CIC pipelines and get her action were not fully recognised by Vanta is automated checks we had to manually upload some of the audits artifacts to simulate compliance evidence.

What problems is the product solving and how is that benefiting you?

From an engineering perspective, the integration with our code repository and cloud infra meant few interruptions, we did not need to stop during an audit cycle. The data was already being monitored and aggregated. Overall Vanta didn’t just helped us pass our audit, it helped us build a culture of ongoing compliance with minimal frictions