Vanta
VantaExternal reviews
2,111 reviews
from
and
External reviews are not included in the AWS star rating for the product.
SOC 2 type 1 support
What do you like best about the product?
User friendly platform, policies templates were very useful
What do you dislike about the product?
The implementation process focused on just getting us to do a few tasks before getting a CSM felt pointless. Not due to the implementation person, but having calls on these things is a waste of time. I was pulled in late so perhaps a self service guide was shared - but would have been more useful to me personally.
What problems is the product solving and how is that benefiting you?
SOC 2 type 1
Great software and support to prepare you for an audit.
What do you like best about the product?
It scans your infrastructure after integration and lets you know what you need to work on and what vulnerabilities you need to fix for Audit of Choice, be it ISO27001 or SOC2 for example.
What do you dislike about the product?
Sometimes it is hard to find exactly what you need based on the information and menus available. At times you need to drill down pretty deep to find certain vulnerabilities.
What problems is the product solving and how is that benefiting you?
Vanta is preparing us for our ISO27001:2013 and 2022 and SOC2 Audits. Without the guidance of Vanta and the great support we would be totally lost figuring out what systems were passing standards.
Great product for SOC2 compliance
What do you like best about the product?
Vanta offers a great interface to view compliance and stay up to date on all the controls.
Our account manager is always available for meetings in case we have questions.
Our account manager is always available for meetings in case we have questions.
What do you dislike about the product?
Support for some of the Linux distro is lacking. It is worth checking before implementing a new OS on your environment.
However, manual evidence can be provided so we can stay compliant and have Devs on their prefered OS.
However, manual evidence can be provided so we can stay compliant and have Devs on their prefered OS.
What problems is the product solving and how is that benefiting you?
Vanta allows us to be SOC2 compliant while providing an easy experience for both our company and our auditors.
We were able to get our SOC2 audit started quickly.
We were able to get our SOC2 audit started quickly.
Great customer support
What do you like best about the product?
All the information needed is well organized and easy to understand. Templates made creating documentation very easy.
What do you dislike about the product?
Sometimes it is not clear what needs to be done to get tests passing, as following the provided instructions doesn't always work. However, support is very responsive when this happens and has always been able to resolve my questions.
What problems is the product solving and how is that benefiting you?
Receiving a SOC2 certification and maintaining GDPR compliance
Automation is key!
What do you like best about the product?
The variety of systems vanta can connect to makes it easier to achieve the automation vanta promise for compliance. automation
What do you dislike about the product?
Support can be quicker when needed and to also consider timing difference with European customers.
What problems is the product solving and how is that benefiting you?
COmpliance automation and smooth audit
Good experience for starting a ISO 27001 and SOC 2 certification without previous experience
What do you like best about the product?
The integrations and automations it has to help with the certification processes.
What do you dislike about the product?
I don´t think I can give feedback about what I dislike until I go further in the process.
What problems is the product solving and how is that benefiting you?
Vanta is helping us to comply with ISO 27001 and SOC 2 certifications for client compliant prospects
Shortcut to SOC 2 and ISO 27001 compliance
What do you like best about the product?
Very detailed and easy to follow path to compliance with SOC 2 and ISO 27001 (and others). Lots of integrations available. Great auditor network at reasonable price.
What do you dislike about the product?
Some of the integrations have had bugs in the past, most of them fixed now. Our HRIS integration is supported only through a third-party so we don't want to connect it. Multi-product/multi-entity is not yet supported (but upcoming)
What problems is the product solving and how is that benefiting you?
Our company has achieved SOC 2 Type 2 compliance in 6 months and maintained it very easily thanks to Vanta. ISO 27001 certification is progressing really quickly through Vanta as well
Incredibly supportive company to work with.
What do you like best about the product?
The support is genuinely fantastic. Often times when something spans a few different cloud services, they're able to grasp the full nature of how those services interact with each other and subsequently how the services work with their automated monitors.
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
What do you dislike about the product?
This is more of a preferential thing, but the refresh of the frontend to remove the status of the monitors in that colorful graph was actually super helpful to visually see our status. Please bring that back.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
What problems is the product solving and how is that benefiting you?
Doing this all by hand and reading through all the requirements would be a nightmare. Having that immediate feedback is great.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
Valuable, Time-Saving, and Organized
What do you like best about the product?
I find Vanta incredibly valuable and appreciate the time and manual tracking it takes off of my plate. Tracking security trainings and on/off-boarding requirements can really drag down my time to do broader scope work with a wider impact. I'm grateful to have a tool I can trust that does all those very important things for me that take lots of time to do manually.
What do you dislike about the product?
There are a couple integrations that don't currently exist, but these aren't of high importance and I know they're on the roadmap, so it's also not a huge issue. For example, our HRIS system wasn't on the list of integrations at first, but now it is!
What problems is the product solving and how is that benefiting you?
It's nearly impossible to track employee laptop settings (think screen saver, encryption, etc) in a remote setting without a tool like Vanta. We also needed one place to track all of our security trainings and the Vanta onboarding page made that so simple!
Vanta has made a cumbersome process much easier. Would recommend!
What do you like best about the product?
Brenden was an incredible resource as we got ramped up on SOC II compliance as a company. I would highly recommend him and his work, and with his help I got ramped up on Vanta very quickly.
What do you dislike about the product?
There were a few things I'd improve about Vanta.
The first is that SOC II requires SOC II reports from all of our vendors, and most of them are large companies with cumbersome processes to access their SOC II reports. Vanta should make those available by default. Even better would be associating the relevant SOC II report automatically with each integration when the initial connection is made.
The second is the detection that some of the integrations have. For Datadog, for example, we have lots of metrics and monitors in place that I don't think Vanta is automatically detecting, which makes it cumbersome to figure out which ones we already have and which ones we need to add.
The first is that SOC II requires SOC II reports from all of our vendors, and most of them are large companies with cumbersome processes to access their SOC II reports. Vanta should make those available by default. Even better would be associating the relevant SOC II report automatically with each integration when the initial connection is made.
The second is the detection that some of the integrations have. For Datadog, for example, we have lots of metrics and monitors in place that I don't think Vanta is automatically detecting, which makes it cumbersome to figure out which ones we already have and which ones we need to add.
What problems is the product solving and how is that benefiting you?
We need SOC II compliance to work with large companies and sign enterprise contracts, so Vanta is making it as painless as possible! We will also likely use Vanta in the future for other certifications as needed.
showing 671 - 680