Has improved our compliance workflow and helped identify and fix security vulnerabilities
What is our primary use case?
My main use case for Vanta is compliance in general, aiming for an ISO to be compliant with the standards.
A specific example of how I use Vanta for ISO compliance is that we have Vanta connected to our AWS account and our Azure DevOps repositories.
Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS Inspector for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.
What is most valuable?
The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.
Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.
Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.
After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.
What needs improvement?
The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.
To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.
Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.
For how long have I used the solution?
I've been using Vanta for the past 10 months, starting in early January this year.
What do I think about the stability of the solution?
Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.
What do I think about the scalability of the solution?
Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.
How are customer service and support?
I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used Azure Defender, which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.
What was our ROI?
Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.
Which other solutions did I evaluate?
Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.
What other advice do I have?
For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.
I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.
On a scale of 1-10, I rate Vanta a 9 out of 10.
A Reliable Partner for Security and Compliance
What do you like best about the product?
What I appreciate most about Vanta is the significant amount of time it saves our team. Rather than constantly following up with people for screenshots or stressing over whether controls are being met, Vanta handles everything automatically in the background. Its integrations with the tools we already rely on, such as AWS, GitHub, and Google Workspace, make tracking compliance seamless. I also enjoy the straightforward dashboard, which clearly displays our current status and eliminates unnecessary guesswork. Using Vanta feels like having an additional team member focused solely on compliance, but without the extra burden.
What do you dislike about the product?
One aspect I find challenging about Vanta is that the initial setup can be somewhat overwhelming. There are numerous integrations and settings to configure, and it takes a while to figure out the optimal way to organize everything. Sometimes, a few integrations don’t sync correctly on the first attempt, requiring us to troubleshoot or reach out to support. However, after the setup is finished, everything operates smoothly, and the support team has always responded quickly whenever we needed assistance.
What problems is the product solving and how is that benefiting you?
Vanta is helping us solve one of the biggest challenges we had as a growing company – managing compliance across multiple platforms and vendors. Since we use a mix of GCP, AWS, and other third-party tools, keeping track of security controls, access management, and system monitoring was becoming very difficult. Vanta centralizes all of this into a single platform.
With automated checks and continuous monitoring, we don’t have to manually chase logs or worry about missing compliance requirements. It also makes audits much smoother because all the evidence is already organized and mapped to controls. For us, the biggest benefit is the time and effort saved — developers can focus on building products while Vanta ensures that our systems remain compliant and secure in the background.
Streamlined compliance and peace of mind
What do you like best about the product?
Vanta makes the entire compliance process seamless, from automated evidence collection to real-time monitoring. The platform removes a lot of manual work and gives us confidence that we’re always audit-ready. Their integrations are broad and reliable, and the support team is responsive and knowledgeable.
What do you dislike about the product?
Some of the dashboards can feel a bit overwhelming at first, and setup takes time if you have a complex environment. A few integrations could go deeper, and reporting customization is limited. That said, these are minor compared to the overall value.
What problems is the product solving and how is that benefiting you?
Vanta is helping us automate the time-consuming parts of compliance and security monitoring. Instead of chasing evidence, managing spreadsheets, or worrying about audit readiness, the platform continuously tracks our systems and flags issues in real time. This saves our team significant time, reduces human error, and gives customers and partners confidence in our security posture.
Vanta is User Friendly
What do you like best about the product?
Vanta has automated all the compliance framework by integrating all the tools and it becomes very easy to track all the test and remediate them according to the SLA set in the platform.
What do you dislike about the product?
Till now I don't have any dislikes about Vanta
What problems is the product solving and how is that benefiting you?
Vanta is solving in tracking all the test required for compliance of SOC 2 Type II
A solid GRC platform, and smoothly intuitive
What do you like best about the product?
I was prompted to leave a review after I reported (and they promptly resolved) a minor UX bug, and the responsiveness from the Vanta team was first rate. But beyond that, it's a well-architected platform, and enjoyable to use, especially for the Trust Center we rely on for our own customer trust efforts.
What do you dislike about the product?
I do find the complexity of the left menu a bit daunting, and could do more with a little less.
What problems is the product solving and how is that benefiting you?
Vanta's chief values are in the Trust Center, as a source for trust truth in working with our prospects and customers, and as a platform for audits.
Keeps our risk management organized
What do you like best about the product?
It automatically tracks controls across our systems and reminds me of anything that needs attention. I don’t have to chase teams constantly, and it’s easy to see where we are strong and where we need improvement. It really makes managing enterprise risk much simpler.
What do you dislike about the product?
The workflow setup feels a little strict. If a document isn’t exactly in the expected format, I have to upload it again, which can slow things down. A bit more flexibility in uploads would help.
What problems is the product solving and how is that benefiting you?
I was preparing for audits and tracking risk controls was chaotic and time-consuming. Now, evidence is pulled automatically from integrated systems, gaps are visible immediately, and I can respond quickly. It helps us maintain continuous compliance and gives me confidence that our enterprise risk program is running smoothly without constant firefighting.
Streamlined compliance automation that saves time and effort
What do you like best about the product?
Vanta makes the compliance process much easier by automating evidence collection, monitoring, and reporting. The integrations with tools like AWS, GitHub, and Google Workspace save a lot of manual work. The dashboard provides a clear overview of compliance status, making it simple to track progress. It’s especially helpful for SOC 2, ISO 27001, and other frameworks, reducing both audit preparation time and stress.
What do you dislike about the product?
Some integrations can be a bit tricky to set up initially, and there are occasional sync delays with certain tools. The platform is powerful, but the pricing may feel high for smaller startups. Additionally, while the dashboard is good, it could benefit from more advanced customization and analytics features
What problems is the product solving and how is that benefiting you?
Vanta helps us streamline the compliance process by automating evidence collection, security monitoring, and policy management. Instead of manually tracking compliance tasks, the platform provides continuous monitoring and reminders, which saves a significant amount of time and reduces the risk of human error. It has made preparing for SOC 2 and ISO audits much faster, while also giving our team greater confidence in meeting security standards. This not only improves internal efficiency but also builds trust with our customers and partners.
Automates lots of the work.
What do you like best about the product?
It automates lots of the work required for the audit.
What do you dislike about the product?
Navigation might be the most annoying part.
What problems is the product solving and how is that benefiting you?
Security compliance and the requirements surrounding this.
Simplifying Compliance
What do you like best about the product?
Vanta has been helpful for our company as we tried to obtain our GDPR compliance. Having mostly everything centralized in one area was really useful and made it easier. The partnership with GDPRlocal to obtain a local EU representative was also very helpful and provided us with more peace of mind knowing that the 3rd party we were partnering with had a connection with Vanta.
What do you dislike about the product?
There is a bit of a love-hate relationship with the email notifications and frequency upon which Vanta sends the reminder emails. I like that I get reminded but unfortunately I do not always have the time to attend to those emails right away and so they pile up in my inbox.
What problems is the product solving and how is that benefiting you?
Vanta is helping us understand and realize what we don't know about compliance and all the work that was required. Having the templates and step-by-step instructions were really beneficial and time-savers.
Great compliance partner, though simplicity has taken a step back as it's grown
What do you like best about the product?
The way it connects directly with our cloud environment and the tools we use every day. This level of integration makes it easy to keep everything in sync without a lot of manual effort. I also find the alerting system extremely valuable because it lets me know right away when something isn't working as expected or when we are drifting away from compliance requirements. Having visibility give me peace of mind, although I don't get all the information as clearly as I would like, but I deal with it, and it also helps my team address issues before they become bigger problems
What do you dislike about the product?
While the alert system is valuable, the way it presents information can sometimes be overwhelming or unclear. Certain alerts lack enough context and appear in some cases as codes, which make it harder to immediately understand the source of the issue. This can turn into extra time spent investigating and trying to allocate the affected resources. A more streamlined way of categorizing alerts and linking directly to the impacted systems would make the experience far more efficient
What problems is the product solving and how is that benefiting you?
Vanta Helps me manage and maintain the controls required for the certifications my company holds, as well as for clients who also rely on Vanta. We work with frameworks like SOC 2, HITRUST, HIPPA, and the platform makes it much easier to stay organized and compliant. One of the biggest benefits is that Vanta centralizes all the controls, documentation, and related policies in on place, this allows us to track progress, maintain evidence, and ensure that everything is always audit-ready. It also streamlines communication with auditors, since they can go directly into the system to review the required documentation without back-and-forth requests, saving us significant time and effort.
