Vanta
VantaExternal reviews
2,144 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Effective Security Management
What do you like best about the product?
* Provides tools to track and complete necessary auditing activities
* Gives me confidence in our security posture
* Has features for vendor management and ties directly to our docs
* Very straightforward to use
* Gives me confidence in our security posture
* Has features for vendor management and ties directly to our docs
* Very straightforward to use
What do you dislike about the product?
* Can be a little overwhelming
* Doesn't tie into our ticket managment like I want
* Doesn't tie into our ticket managment like I want
What problems is the product solving and how is that benefiting you?
Vanta keeps track of the plethora of controls necessary to manage security. I have it all in one place and it keeps me focused.
Awesome Product
What do you like best about the product?
The GUI is excellent, with a smooth interface. Policies and documents are organized more efficiently, and the Audit window has great visibility. We can manage multiple compliances on one plateform.
What do you dislike about the product?
Sometimes during the audit, Vanta sends alerts indicating that the "Audit window has been changed."
What problems is the product solving and how is that benefiting you?
Vanta assists us in obtaining various compliance certifications; we've chosen the SOC-II Type 2 and NIST 800 frameworks.
Automated controls testing platform ideal for SaaS heavy organisations
What do you like best about the product?
Vanta was assessed against the other market leading automated assurance & GRC platforms before being implemented. We are a SaaS heavy business and all of our tools integrate with Vanta. All testing exceptions can be escalated into Jira tickets for engineers to easily investigate. The audit module is making our SOC 2 audit much easier than via spreadsheets which were previously used. The risk management module is quite intuitive, and importing of controls, linking of evidence etc works well. User management is easy, with access via SSO.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
What do you dislike about the product?
Dark mode is still to be developed, and would be a nice to have.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
What problems is the product solving and how is that benefiting you?
Previously we had a very manual GRC & audit process, which has now been systemised via Vanta.
Easy to use and clear interface to understand how to proceed to complete the work
What do you like best about the product?
That everything can be done online and streamlined smoothly. The implementation is very easy, and the integration of work in the company is very seamless. The features are great yet not too complex. Users are likely to use Vanta more frequently. Customer support is quick and to the point.
What do you dislike about the product?
Less involvement with the entire team to further deep dive into issues at the company
What problems is the product solving and how is that benefiting you?
Problem giving startup company a way to meet compliance requirements that would be a huge problem if Vanta doesn't exist. Traditional audit and compliance program or firms that are doing the audit and compliance would cost a lot more and make things much cumbersome. Vanta streamlined the entire process and makes it simpler for startup companies.
Beyond compliance: a cybersecurity companion
What do you like best about the product?
The integrations are really well done and game changing. In one place I can keep track of software vulnerabilities, onboarding and offboarding activities of staff, and implement a real continuous improvement process.
What do you dislike about the product?
Support for other languages (e.g., Italian) in policies would be very helpful
What problems is the product solving and how is that benefiting you?
Obtain ISO27001 and train employees and managers internally on cybersecurity and compliance issues
Streamline Compliance with a central hub for policies, tests and controls
What do you like best about the product?
Clarifies the requirements of a lot of important security standards, primarily ISO 27001 and SOC 2.
- Guidance available to gather the required evidence or steps to implement compliant practices.
- Guidance available to gather the required evidence or steps to implement compliant practices.
What do you dislike about the product?
Searching for specific policies and keywords could be clearer, it requires a degree of familiarity making it less useful for end users.
What problems is the product solving and how is that benefiting you?
Aligning the security and compliance requirements of ISO 27001 and SOC 2, making it clear which elements are shared and the specific items required to test and evidence compliance.
Vanta is Significantly Overpriced and have slimey sales practices
What do you like best about the product?
It gets the job done - no differentiation vs other SOC2 type 2 / HIPPA / GDPR providers
What do you dislike about the product?
It is very pricey - however, you should use secureframe / data as negotiating leverage. There is no differentiation in the products.
What problems is the product solving and how is that benefiting you?
The ability to say to clients we are SOC2 compliant
SOC2 is much easier than it used to be
What do you like best about the product?
Vanta basically pioneered the idea of making it possible for startups to get SOC2 compliance, by giving you an opinionated checklist and software to help you get through it. I appreciate the integrations and that they help you engage with your auditor and track your progress.
What do you dislike about the product?
To some extent it feels like just checking boxes rather than making sure you're actually set up to succeed, and it's easy to get "stuck". We wasted our first year because it turned out no customers really needed SOC2 from us. So only do this when you're ready to commit the time—it's still a lot of work even with Vanta.
What problems is the product solving and how is that benefiting you?
Monitoring our software to make sure all the settings are configured right; helping us engage with auditors.
Good. But not great.
What do you like best about the product?
I really like the automations and integrations. I do not need to work hard to get where I need to go.
What do you dislike about the product?
- If you are not using AWS and Github, the platform doesn't look like it was built for you. You will require large changes to default content. In particular the policies, where there is a helpful policy builder (the automation is excellent) but the content that acutally needs to be changed is the catering for AWS etc. Also the automation breaks down, because as soon as you need to edit the policy, you exit the helpful automation tool and then you are left to manually do things...
- There are 'help' sessions that I can book, and I booked one, only to realise that there are no support/help sessions that are in my timezone. 1am is pretty rough to go to one.
- There are 'help' sessions that I can book, and I booked one, only to realise that there are no support/help sessions that are in my timezone. 1am is pretty rough to go to one.
What problems is the product solving and how is that benefiting you?
Vanta is solving the manual management process and helping keep good habits to also meet compliance requirements.
Vanta takes the "over" out of "overwhelming" when it comes to SOC 2 compliance
What do you like best about the product?
It's a straightforward, simple, yet robust system for various compliance needs. I like that it clearly lays out the requirements, the tests, and highlights deficiencies in an automated fashion. Implementation is very straightforward and it's easy to connect most/all of your 3rd party systems for automated tests. Once you get through an initial implementation period (which is self-guided) you don't have to actually login and use the system every day--Vanta will send you notifications when tests fail or something is needed. Customer support is solid. They give you a dedicated account rep that can guide you through everything and point you in the right direction.
What do you dislike about the product?
Vanta is a bit nickle-and-dimey with their product. The base fees can be quite hefty and then they try to upsell you on additional modules to automate more of the process.
What problems is the product solving and how is that benefiting you?
We use Vanta for SOC 2 and PCI compliance. Without Vanta, we'd have to pay a consultant 5x what we pay Vanta for. That does mean that we have to put in some extra work ourselves to self-manage and keep on schedule, but it's worth the tradeoff. Vanta also has a number of partner CPA/audit firms to pair with their customers, yet you can still choose your own audit firm if desired. Ultimately, Vanta is guiding us through the process of becoming SOC 2 compliant and helping us understand the scope at the same time.
showing 1,021 - 1,030