Vanta
VantaExternal reviews
1,970 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Expansive and complete solution for SOC2 compliance
What do you like best about the product?
Wow, everything is there! I can't imagine how much time and effort would have been wasted by not using Vanta for SOC2 compliance. Everything that we need is right there. It was extremely easy to integrate our vendors, evaluate compliance and remedy findings. Security reviews are a breeze, and configuring scopes for each vendor integration was intuitive and straight forward.
What do you dislike about the product?
There were some vendors that could not be integrated into Vanta, but very few. Our account manager at Vanta was able to assist us in gathering data for those.
What problems is the product solving and how is that benefiting you?
We primarily chose Vanta for the purpose of becoming SOC2 compliant. It has helped in other areas as well, and allowed us to refine our business practices, and become more efficient with respect to seurity compliance and vendor management.
Simple to Use
What do you like best about the product?
Very simple to use platform, everything is user friendly and approachable
What do you dislike about the product?
Not enough customization options. Often requires workarounds for basic features you would expect
What problems is the product solving and how is that benefiting you?
Control/audit management, vendor management, and risk management
All in one experience
What do you like best about the product?
The prompts to action on items for compliance. Very easy to use.
What do you dislike about the product?
Difficult to navigate unless you have link to exact item. I just feel like I have a million tabs open on my browser sometime.
What problems is the product solving and how is that benefiting you?
Compliance to different standards to secure the user and admins.
Experience with VANTA
What do you like best about the product?
The tool allows for multiple modules to control various components of management systems, such as the compliance part for control issues according to the framework. Additionally, it allows for risk management, vendor management, and it is excellent.
What do you dislike about the product?
I would improve some things in the risk module, as it currently does not have them. For example, I would allow it to be more focused on other types of risk such as business, legal, etc., and when these categories are selected, the fields I need to fill out for this type of risk would be enabled. Even in the information security risk section, I would bring by default the fields for information assets and link them with the asset module.
What problems is the product solving and how is that benefiting you?
They help and contribute to the facilitation and management of information according to the framework we have certified, for example, ISO 27001, 27018, ISO 27701, etc. This has made it easier for us to load evidence, select controls, among other things.
Great Experience with Vanta
What do you like best about the product?
The site was super easy to use and Vanta was extremely responsive
What do you dislike about the product?
I have not found anything I would change about Vanta
What problems is the product solving and how is that benefiting you?
We needed to get SOC 2 certified
I do not know how compliance worked before this software.
What do you like best about the product?
Vanta has been an invaluable tool for us, making the SOC 2 process seamless and efficient. It simplifies compliance, saves time, and provides great visibility into our security posture. Highly recommend!
What do you dislike about the product?
- Some integrations are not in place (e.g. Tailscale, LogTail).
- During SOC2 some controls were missing linked automated tests and documents which are clearly related to those controls.
- During SOC2 some controls were missing linked automated tests and documents which are clearly related to those controls.
What problems is the product solving and how is that benefiting you?
Vanta automates and streamlines the SOC 2 compliance process, eliminating the manual work of tracking security controls, gathering evidence, and maintaining audit readiness. It continuously monitors our security posture, integrates with our existing tools, and provides clear guidance, saving us time and reducing the risk of compliance gaps. This has allowed us to focus more on building our product while ensuring we meet security and compliance requirements efficiently.
Great for small teams- pass your audit first time
What do you like best about the product?
Easy to use framework for starting compliance journey
What do you dislike about the product?
Sometimes can be tricky to find your way around
What problems is the product solving and how is that benefiting you?
Preparation for various compliance frameworks
I have never worked on a security framework previously so its impressive how quickly you can get up and running in Vanta
I have never worked on a security framework previously so its impressive how quickly you can get up and running in Vanta
Very good tool for vulnerability management
What do you like best about the product?
I enjoy using Vanta because it makes it very easy to manage vulnerabilities of all resources in one place.
What do you dislike about the product?
Automated compliance in Vanta sometimes flag issues that aren't actually problems, creating unnecessary work.
What problems is the product solving and how is that benefiting you?
Vanta automates security and compliance checks, making it easier to stay on top of SOC 2, ISO 27001, and other standards. It continuously monitors cloud security, access controls, and vulnerabilities, so we don’t have to track everything manually. It also simplifies audit prep by collecting evidence automatically, saving a ton of time. Plus, it helps enforce security policies and ensures we meet SLA deadlines for fixing vulnerabilities. Overall, it reduces compliance headaches and improves our security posture without extra manual work.
Vanta ISMS Review - ISO 27001 and Trust Centre
What do you like best about the product?
We are currently utilising Vanta for ISO 27001 compliance, and it has been instrumental in helping us maintain our certification. One particularly valuable feature is its proactive compliance management, which provides timely alerts on expiring checks. A real concern for us was ensuring that compliance remains an ongoing priority rather than a one-and-done type of exercise, preventing any lapse in security as we continue to scale. Balancing proactive compliance methods with growth has been a constant juggling act for any scale-up.
We have found Vanta’s Trust Centre to be an invaluable asset, providing real-time access to our cybersecurity offerings, which we can efficiently share with customers cutting down time doing DDQs. Additionally, it serves as a central repository for critical security documentation, including DPAs, T&Cs, and cybersecurity reports, while also allowing us to manage and display our subprocessors for greater transparency and accessibility.
Our decision to choose Vanta over alternative solutions was primarily driven by its responsiveness and commitment to continuous improvement. Upon onboarding, we identified that our primary cloud provider was not yet supported, and Vanta was really good in accounting for this and promising to get this implemented in the future. Lo and behold, they are now supported bridging this gap for us.
Furthermore, Vanta has significantly enhanced our device management capabilities. We rely on the platform to track all company laptops, ensuring that they adhere to minimum security requirements and remain compliant with our internal policies.
Looking ahead, as we plan to expand into the US, Vanta’s ability to seamlessly integrate additional frameworks, such as SOC 2, will be essential in maintaining our security and compliance standards across multiple markets.
Overall, Vanta has provided us with a robust, scalable, and efficient solution for managing security and compliance, making it an indispensable part of our operations.
We have found Vanta’s Trust Centre to be an invaluable asset, providing real-time access to our cybersecurity offerings, which we can efficiently share with customers cutting down time doing DDQs. Additionally, it serves as a central repository for critical security documentation, including DPAs, T&Cs, and cybersecurity reports, while also allowing us to manage and display our subprocessors for greater transparency and accessibility.
Our decision to choose Vanta over alternative solutions was primarily driven by its responsiveness and commitment to continuous improvement. Upon onboarding, we identified that our primary cloud provider was not yet supported, and Vanta was really good in accounting for this and promising to get this implemented in the future. Lo and behold, they are now supported bridging this gap for us.
Furthermore, Vanta has significantly enhanced our device management capabilities. We rely on the platform to track all company laptops, ensuring that they adhere to minimum security requirements and remain compliant with our internal policies.
Looking ahead, as we plan to expand into the US, Vanta’s ability to seamlessly integrate additional frameworks, such as SOC 2, will be essential in maintaining our security and compliance standards across multiple markets.
Overall, Vanta has provided us with a robust, scalable, and efficient solution for managing security and compliance, making it an indispensable part of our operations.
What do you dislike about the product?
While Vanta is a powerful compliance solution, it does have some limitations, particularly for businesses that do not rely on major providers - which can limit your flexibility in scaling.
If an application is not natively supported, compliance gaps must be addressed manually, which can add to the operational burden and will give you inaccurate scores on "completion" of a certification.
Although Vanta is responsive to customer needs and continues to expand its integrations, there is no guarantee that less common or niche tools will be supported. This means businesses using custom-built systems or non-mainstream applications may struggle to fully automate compliance tracking, reducing the efficiency of Vanta’s real-time monitoring capabilities.
If an application is not natively supported, compliance gaps must be addressed manually, which can add to the operational burden and will give you inaccurate scores on "completion" of a certification.
Although Vanta is responsive to customer needs and continues to expand its integrations, there is no guarantee that less common or niche tools will be supported. This means businesses using custom-built systems or non-mainstream applications may struggle to fully automate compliance tracking, reducing the efficiency of Vanta’s real-time monitoring capabilities.
What problems is the product solving and how is that benefiting you?
Vanta has been instrumental in helping us achieve and maintain ISO 27001 compliance, streamlining the process and ensuring we stay on track with ongoing requirements.
Beyond compliance, Vanta serves as our comprehensive ISMS tool, enabling us to efficiently manage our policies, devices, and access controls.
The Trust Centre has been incredibly useful for our security posture by providing real-time visibility into our cybersecurity measures, allowing us to easily share compliance reports, agreements, and subprocessors with customers.
Beyond compliance, Vanta serves as our comprehensive ISMS tool, enabling us to efficiently manage our policies, devices, and access controls.
The Trust Centre has been incredibly useful for our security posture by providing real-time visibility into our cybersecurity measures, allowing us to easily share compliance reports, agreements, and subprocessors with customers.
Great product!
What do you like best about the product?
Vanta helped me get SOC 2 certified. It was easy to integrate, the onboarding support was good, and it helped satisfy my auditor. It also notifies via slack when things get out of shape, so it is easy for me to stay ahead of the issues all the time.
What do you dislike about the product?
Sometimes it is not clear enough how to fix the problem. Might be inherent with the benchmark, not Vanta's fault. Also - auditor still wants to add custom documents and proof.
What problems is the product solving and how is that benefiting you?
Helped me get SOC 2 certified and helps me stay that way
showing 461 - 470