External reviews
External reviews are not included in the AWS star rating for the product.
Vanta made SOC 2 painless
What do you like best about the product?
Vanta makes the SOC 2 audit process way more manageable and makes it possible for us to continually monitor our compliance.
What do you dislike about the product?
You still need to work with an auditor, but Vanta is able to put you in touch with several high quality auditors.
What problems is the product solving and how is that benefiting you?
We needed SOC 2 - Vanta helped us achieve this.
- Leave a Comment |
- Mark review as helpful
Excellent product and service
What do you like best about the product?
Ease of use, customer success person assigned to us.
What do you dislike about the product?
Not much really, if I was nitpicky, some quality-of-life features are missing, like bulk-update of items.
What problems is the product solving and how is that benefiting you?
SOC2 audit.
Using Vanta as a tool for ongoing SOC 2 compliance.
What do you like best about the product?
The best aspect of using Vanta is how integrates with current services being used (like Azure) and identifies the important steps/items to be addressed for ensuring a quality system in place for all policies and procedures.
In addition, the step by step walk-through related to 'fixing' any outstanding items identified. Also, the automated process of continual monitoring and notifications allow for a very rapid identification, process initiation, and resolution of issues.
In addition, the step by step walk-through related to 'fixing' any outstanding items identified. Also, the automated process of continual monitoring and notifications allow for a very rapid identification, process initiation, and resolution of issues.
What do you dislike about the product?
Although Vanta integrates with some main services (like Azure, AWS, etc.), there are items related to the overall process and expectations of what the auditor will need that are not included within the Vanta app/system. Unfortunately, there is no assigned storage, or availability to link to 3rd party storage (like OneDrive, FTP, etc.) for those additional items to be easily shared with an Auditor.
What problems is the product solving and how is that benefiting you?
We are using the Vanta tool to solve all our requirements to be SOC 2 compliant; not only as a one time snap shot, but an ongoing endeavor. This concept of continuous monitoring and notification for immediate fixes of issues and all related data being captured and avialble for an auditor streamlines the annual SOC 2 audit process which is expected to greatly reduce future time spent in preparations; as well as incurring a reduced price from the auditor for having access to a tool which shortens their required time and effort in gathering data for the final report.
Utilizing the supplied templates for policies allow for a very comprehensive policy creation and ensures that even the average individual with little technical writing skills can still achieve quality and thorough policies.
Utilizing the supplied templates for policies allow for a very comprehensive policy creation and ensures that even the average individual with little technical writing skills can still achieve quality and thorough policies.
Recommendations to others considering the product:
The personal interaction and support is exceptional. Any and all questions are welcome and all aspects of using the tool are assisted with as needed. Your assigned support will happily schedule weekly meeting to review all progress, and emails sent between meetings are responded to promptly.
Helpful and friendly staff boost the journey to a SOC 2
What do you like best about the product?
Vanta's platform picks up the correct information and provides a helpful front view of the company's compliance effort. It also covers a lot of the nooks and crannies of compliance -- things like tracking and rolling out policies, inventory etc.
What do you dislike about the product?
Vanta has built out most of its compliance-related workflow features, but some specifically are still in baby steps. For example, vulnerability management -- Vanta will pull the right list of Docker container vulnerabilities, but won't sync it up to GitHub Issues. I'm really looking forward to seeing more integrations and pulling data together, so I could rely on Vanta as the only place I check for compliance.
What problems is the product solving and how is that benefiting you?
Qminder is using Vanta as a SOC 2 speed-boost tool, to get most of the evidence collection handled with Vanta. We've also partnered with an auditor company who Vanta connected to us, which helps our company spend less time on evidence management and negotiations - and more time on the product.
Recommendations to others considering the product:
For small businesses considering Vanta for your first SOC 2 report - get ready to implement a lot of new policies. You should have the OK from higher-ups right from the start, as the speed of implementing these policies will mean faster rollout & employee approval!
Makes security compliance attainable for small and medium companies.
What do you like best about the product?
One of the most immediately impactful features centers around Vanta's excellent Integrations which automate a massive amount of otherwise manual labor. Vanta has always had highly responsive customer support for issues and feature requests. Throughout our time using this platform Vanta has shipped many time-saving feature updates and releases. These are great and keep the platform delivering on that primary goal of ensuring compliance while adding efficiency and reliability. The regular and actionable email alerts allow our administrators to stay on top of any security gaps or updates with the information needed for follow-up.
The onboarding tools make it especially easy to get new employees or contractors set up and tracked in a way that aligns with company policy while being simple and streamlined for the user.
Vanta has two external agent applications that can be used to support security and compliance efforts. The Vanta Agent for individual workstations has proven to be very stable and easy to work with. The same can be said about the server agent.
The onboarding tools make it especially easy to get new employees or contractors set up and tracked in a way that aligns with company policy while being simple and streamlined for the user.
Vanta has two external agent applications that can be used to support security and compliance efforts. The Vanta Agent for individual workstations has proven to be very stable and easy to work with. The same can be said about the server agent.
What do you dislike about the product?
I have nothing to dislike. Vanta continues to overdeliver for us.
What problems is the product solving and how is that benefiting you?
Like anyone dealing with Security and Compliance, a significant amount of time is often spent doing work that Vanta automates away and makes low or no effort. In a small company or startup environment, that level of effort can be a major obstacle to a strong security posture and eventually obtaining a certification. Vanta saves what would require whole FTE's worth of work with stronger more reliable results. Vanta also connected us with vetted vendors who could support the auditing and certification process.
Recommendations to others considering the product:
This is an excellent solution for a startup or small business looking to implement an InfoSec Program from scratch or to replace an existing manual labor based program.
Really happy customer
What do you like best about the product?
How easy is it to check the status in real-time and stay updated with the progress of our changes in the infrastructure.
What do you dislike about the product?
All are perfect. We don't have any issues and we're happy with all the features.
What problems is the product solving and how is that benefiting you?
SOC 2 Type 2 compliences.
Cruise Control for our SOC II Type 2 Compliance.
What do you like best about the product?
- The Task List is a great way to orient our Security team
- The onboarding tool helps us keep the full team compliant.
- The Vanta agent is a nice piece of software that is easy to install for everyone.
- The onboarding tool helps us keep the full team compliant.
- The Vanta agent is a nice piece of software that is easy to install for everyone.
What do you dislike about the product?
- The built in policy generator / functionality could use to some updating. Would love to see the default templates updated, and better support for custom content.
- Would also like to see the policies mostly in Markdown.
- Would also like to see the policies mostly in Markdown.
What problems is the product solving and how is that benefiting you?
We are working towards our SOC II Type 2 Audit - We have been able to do this with a very small engineering team because of the help we get from the Vanta platform.
Using Vanta to prepare a SaaS company for a SOC 2 audit
What do you like best about the product?
This is an updated review now that my company has been using Vanta for about two years. We have successfully gone through two SOC 2 type II audits. Vanta clearly understands the pain points SaaS companies face with regards to preparing a company to live by the standards required by SOC 2 controls. The combination of their technology and people has been instrumental in making us successful with compliance. Given our success in using Vanta with SOC 2 we decided to use Vanta to manage CCPA and GDPR compliance as well.
Vanta has continued to make steady improvements to the product since we signed up as well. Whereas the Risk Management component was very limited when we first signed on, it is now quite robust and does an excellent job of walking you through the creation of a Risk Register, creating remediation tasks, etc.
One of the most useful additions is the Vanta Trust Report. The Trust Report is a web page where we can send customers and potential customers to see our compliance status and download documents that are necessary for a security review. This has saved us a lot of time when potential customers are gathering information for a security review.
Vanta has continued to make steady improvements to the product since we signed up as well. Whereas the Risk Management component was very limited when we first signed on, it is now quite robust and does an excellent job of walking you through the creation of a Risk Register, creating remediation tasks, etc.
One of the most useful additions is the Vanta Trust Report. The Trust Report is a web page where we can send customers and potential customers to see our compliance status and download documents that are necessary for a security review. This has saved us a lot of time when potential customers are gathering information for a security review.
What do you dislike about the product?
In my original review there were still a number of rough edges in the product. I'm happy to report that those have all been resolved. The interface makes it easy to find the information I need without being overly complicated.
What problems is the product solving and how is that benefiting you?
Preparing policies, assessing risk, monitoring systems, collecting evidence, and otherwise implementing what is needed for our company to be SOC compliant.
SOC2 certification
What do you like best about the product?
We decided to choose a partner that would provide tools to automate a significant amount of the tasks and controls to be implemented. Reducing the number of manual tasks would ensure reliability in the implementation and would allow timely completion. Vanta provides a high level of automation, allowing the process to be completed smoothly.
What do you dislike about the product?
There is not much to dislike, other than a better organization of the user interface.
What problems is the product solving and how is that benefiting you?
Obtaining SOC2 certification in a timely way. We were able to complete the process within the deadline.
Makes SOC 2 Much Easier.
What do you like best about the product?
Vanta is the right balance of monitoring, alerting, and tracking to make it easy to meet SOC 2 Type 1 and 2 requirements. You can choose to use all of their features or some of their features with no pain. Their SSO platform makes it easy to monitor employee computers, servers, and SLA's.
What do you dislike about the product?
Sometimes it appears that the people designing this have never had to manage compliance in real life based on density or placement of information. However, they are extremely responsive to feedback and continue to improve their designs.
What problems is the product solving and how is that benefiting you?
SOC 2 Type 1 & 2 Compliance for employee software, hardware tracking, server tracking, internal vulnerability tracking and SLA for vulnerabilities.
Recommendations to others considering the product:
They integrate really nicely with Amazon. If you run your own metal, it will take a little bit more work to get everything dialed in, but its probably still worth it.
showing 1,291 - 1,300