Streamlined Compliance Workflow, Minor Setup Hiccups
What do you like best about the product?
Vanta puts all our compliance tasks into one workflow so I don't have to stitch reports together from different places. I can run a quick check, see who owns a control, and send that person a task which cuts down on meetings and long email threads.
What do you dislike about the product?
The initial permissions and connector setup can be fiddly, and sometimes Vanta flags things as failures that are actually okay.
What problems is the product solving and how is that benefiting you?
Vanta replaces manual trackers and lengthy vendor questionnaires with automated checks and a central place to manage findings. We now respond faster to customer due diligence, spot vendor risks sooner, and our audit prep is far less frantic.
Effortless Compliance Monitoring
What do you like best about the product?
Vanta hooks into our cloud and identity tools (AWS, Okta, GitHub) and quietly pulls logs and configs so I don’t have to go hunting for proof.
What do you dislike about the product?
It can be picky about how evidence is formatted, so I sometimes reformat and re upload files that already show the same thing.
What problems is the product solving and how is that benefiting you?
Vanta turned audit prep from a frantic scramble into everyday work by continuously monitoring controls and auto collecting artifacts. That saved us many hours and made our security posture easier to explain to leadership.
Efficient Compliance Tracking with Vanta, but Evidence Formatting Can Be Tedious
What do you like best about the product?
Vanta hooks into our tools and automatically gathers proof, so I don’t have to ping people for screenshots or logs. The dashboard shows what’s passing and what needs work, which makes assigning fixes simple and keeps everyone on the same page.
What do you dislike about the product?
Sometimes Vanta asks for evidence in a strict format, so I end up reformatting and re-uploading files that already show the same thing.
What problems is the product solving and how is that benefiting you?
Vanta changed audit prep from last minute chaos into routine checks by continuously testing controls and auto collecting artifacts.
Real-Time GRC Insights with Vanta, but Evidence Uploads Can Be Frustrating
What do you like best about the product?
Vanta gives me a clear picture of our governance, risk, and compliance status in real time. It automatically pulls evidence from cloud systems and vendor tools, so I don’t have to chase teams for spreadsheets or screenshots.
What do you dislike about the product?
Sometimes the platform is strict about evidence formats. Even if a document proves the requirement, I might need to re-upload it in a specific layout.
What problems is the product solving and how is that benefiting you?
Now, gaps show up early, vendors and cloud risks are easier to monitor, and audit prep feels smooth instead of stressful. It saves hours each week and gives leadership confidence in our compliance posture.
Vanta Automates Evidence Collection, but Legacy Apps Need Manual Setup
What do you like best about the product?
Vanta connects to our cloud and identity tools like AWS and starts pulling evidence on its own, so I stop chasing people for logs and screenshots.
What do you dislike about the product?
A few legacy apps also needed manual proof during setup, which cost some engineering time up front.
What problems is the product solving and how is that benefiting you?
Gaps show up early on the dashboard, vendor and cloud risks are easier to track, and audit prep now feels like routine work instead of a crisis that saved my team hours and gave leadership clearer risk visibility.
Vanta Automates Evidence Collection
What do you like best about the product?
Vanta connects to our cloud and identity tools and starts pulling evidence on its own, so I don’t have to chase screenshots or logs. During our SOC 2 readiness it gathered user and access data automatically.
What do you dislike about the product?
A couple of legacy apps also needed manual evidence during initial setup, which took some extra engineering time.
What problems is the product solving and how is that benefiting you?
Vanta automates continuous checks and evidence collection so gaps show up long before auditors arrive. That moved our compliance work from frantic, last minute effort to steady, daily tasks.
Has improved our compliance workflow and helped identify and fix security vulnerabilities
What is our primary use case?
My main use case for Vanta is compliance in general, aiming for an ISO to be compliant with the standards.
A specific example of how I use Vanta for ISO compliance is that we have Vanta connected to our AWS account and our Azure DevOps repositories.
Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS Inspector for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.
What is most valuable?
The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.
Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.
Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.
After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.
What needs improvement?
The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.
To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.
Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.
For how long have I used the solution?
I've been using Vanta for the past 10 months, starting in early January this year.
What do I think about the stability of the solution?
Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.
What do I think about the scalability of the solution?
Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.
How are customer service and support?
I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used Azure Defender, which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.
What was our ROI?
Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.
Which other solutions did I evaluate?
Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.
What other advice do I have?
For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.
I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.
On a scale of 1-10, I rate Vanta a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Efficient Log Access and Status View
What do you like best about the product?
It pulls logs and user info so I don’t have to ping five different people, and the status view helps me spot problem areas in seconds.
What do you dislike about the product?
A couple of legacy systems also needed manual evidence until we built small connectors.
What problems is the product solving and how is that benefiting you?
Vanta stopped audit prep being a frantic, last minute job missing items pop up early and many artifacts arrive automatically.
Amazing product, amazing support, provides a complete end to end GRC solution
What do you like best about the product?
We’ve been using Vanta for a while now, and honestly, it’s been such a smooth experience. The platform is super easy to use, everything just makes sense, and it saves us so much time.
The support team is incredible. Whenever we have a question, they’re quick to respond and genuinely helpful. Plus, our account manager has been amazing, really proactive and always checking in to make sure we’re getting the most out of the platform.
What I love most is how comprehensive Vanta is. It truly feels like an end-to-end solution. It connects with nearly every tool we use, tracks compliance automatically, and works across pretty much any security framework. It takes so much of the stress out of staying compliant.
Overall, Vanta has made the whole compliance process simple, efficient, and honestly enjoyable, which I never thought I’d say about compliance!
What do you dislike about the product?
If I had to pick something I dislike about Vanta, its a little pricey for smaller teams, and some of the customization options are limited if you have really specific processes. That said, once everything’s up and running, it works seamlessly and more than makes up for those small challenges.
What problems is the product solving and how is that benefiting you?
Vanta helps us track our SOC 2 and HIPAA compliance all in one place. It makes it so much easier to manage everything, from policies and documentation to controls and compliance tasks. Instead of juggling multiple tools or spreadsheets, Vanta brings everything together in a single platform, so we always have a clear view of where we stand. It really streamlines the entire compliance process and keeps us audit-ready without all the manual effort.
Simplifies audits under control
What do you like best about the product?
Vanta connects to our cloud and identity systems and pulls evidence into one place, so I don’t have to hunt for screenshots and logs.
What do you dislike about the product?
A few older systems didn’t integrate cleanly at first and required manual proof during setup.
What problems is the product solving and how is that benefiting you?
Vanta turns audit prep from a frantic scramble into routine work by continuously checking controls and automatically collecting artifacts.
