Vanta
VantaExternal reviews
2,123 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great customer support
What do you like best about the product?
All the information needed is well organized and easy to understand. Templates made creating documentation very easy.
What do you dislike about the product?
Sometimes it is not clear what needs to be done to get tests passing, as following the provided instructions doesn't always work. However, support is very responsive when this happens and has always been able to resolve my questions.
What problems is the product solving and how is that benefiting you?
Receiving a SOC2 certification and maintaining GDPR compliance
Automation is key!
What do you like best about the product?
The variety of systems vanta can connect to makes it easier to achieve the automation vanta promise for compliance. automation
What do you dislike about the product?
Support can be quicker when needed and to also consider timing difference with European customers.
What problems is the product solving and how is that benefiting you?
COmpliance automation and smooth audit
Good experience for starting a ISO 27001 and SOC 2 certification without previous experience
What do you like best about the product?
The integrations and automations it has to help with the certification processes.
What do you dislike about the product?
I don´t think I can give feedback about what I dislike until I go further in the process.
What problems is the product solving and how is that benefiting you?
Vanta is helping us to comply with ISO 27001 and SOC 2 certifications for client compliant prospects
Shortcut to SOC 2 and ISO 27001 compliance
What do you like best about the product?
Very detailed and easy to follow path to compliance with SOC 2 and ISO 27001 (and others). Lots of integrations available. Great auditor network at reasonable price.
What do you dislike about the product?
Some of the integrations have had bugs in the past, most of them fixed now. Our HRIS integration is supported only through a third-party so we don't want to connect it. Multi-product/multi-entity is not yet supported (but upcoming)
What problems is the product solving and how is that benefiting you?
Our company has achieved SOC 2 Type 2 compliance in 6 months and maintained it very easily thanks to Vanta. ISO 27001 certification is progressing really quickly through Vanta as well
Incredibly supportive company to work with.
What do you like best about the product?
The support is genuinely fantastic. Often times when something spans a few different cloud services, they're able to grasp the full nature of how those services interact with each other and subsequently how the services work with their automated monitors.
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
What do you dislike about the product?
This is more of a preferential thing, but the refresh of the frontend to remove the status of the monitors in that colorful graph was actually super helpful to visually see our status. Please bring that back.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
What problems is the product solving and how is that benefiting you?
Doing this all by hand and reading through all the requirements would be a nightmare. Having that immediate feedback is great.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
Valuable, Time-Saving, and Organized
What do you like best about the product?
I find Vanta incredibly valuable and appreciate the time and manual tracking it takes off of my plate. Tracking security trainings and on/off-boarding requirements can really drag down my time to do broader scope work with a wider impact. I'm grateful to have a tool I can trust that does all those very important things for me that take lots of time to do manually.
What do you dislike about the product?
There are a couple integrations that don't currently exist, but these aren't of high importance and I know they're on the roadmap, so it's also not a huge issue. For example, our HRIS system wasn't on the list of integrations at first, but now it is!
What problems is the product solving and how is that benefiting you?
It's nearly impossible to track employee laptop settings (think screen saver, encryption, etc) in a remote setting without a tool like Vanta. We also needed one place to track all of our security trainings and the Vanta onboarding page made that so simple!
Vanta has made a cumbersome process much easier. Would recommend!
What do you like best about the product?
Brenden was an incredible resource as we got ramped up on SOC II compliance as a company. I would highly recommend him and his work, and with his help I got ramped up on Vanta very quickly.
What do you dislike about the product?
There were a few things I'd improve about Vanta.
The first is that SOC II requires SOC II reports from all of our vendors, and most of them are large companies with cumbersome processes to access their SOC II reports. Vanta should make those available by default. Even better would be associating the relevant SOC II report automatically with each integration when the initial connection is made.
The second is the detection that some of the integrations have. For Datadog, for example, we have lots of metrics and monitors in place that I don't think Vanta is automatically detecting, which makes it cumbersome to figure out which ones we already have and which ones we need to add.
The first is that SOC II requires SOC II reports from all of our vendors, and most of them are large companies with cumbersome processes to access their SOC II reports. Vanta should make those available by default. Even better would be associating the relevant SOC II report automatically with each integration when the initial connection is made.
The second is the detection that some of the integrations have. For Datadog, for example, we have lots of metrics and monitors in place that I don't think Vanta is automatically detecting, which makes it cumbersome to figure out which ones we already have and which ones we need to add.
What problems is the product solving and how is that benefiting you?
We need SOC II compliance to work with large companies and sign enterprise contracts, so Vanta is making it as painless as possible! We will also likely use Vanta in the future for other certifications as needed.
Its a one stop shop for all Audit and compliance needs.
What do you like best about the product?
The ease of using it and the automation.
What do you dislike about the product?
I am still implementing and havent found anything to complain about.
What problems is the product solving and how is that benefiting you?
Vanta helps me automate my daily compliance needs, helps me with internal audit and also makes sure my organization is compliant to the standards.
Time/Money/Sanity-Saver For GRC Mgmt
What do you like best about the product?
Vanta allows one to consolidate the very resource/time-intensive process of GRC. The more obligations you have the more ROI you get - I estimate ours at breakeven when we finish a third requirement in late 2023... so it's paying for itself.
The integrations into ~ 70 platforms to automate the collection/analysis of metadata.
Being able to assign tasks & get reporting on them. No more mistakes via multiple Excel files.
The different levels of reporting on dashboards to export of whatever you need to see in other formats.
The integrations into ~ 70 platforms to automate the collection/analysis of metadata.
Being able to assign tasks & get reporting on them. No more mistakes via multiple Excel files.
The different levels of reporting on dashboards to export of whatever you need to see in other formats.
What do you dislike about the product?
It is missing a few features that would make one more reliant on using it. Example - for Documents there needs to be a third option (In Process, with ability to tack on notes).
If you have a doc that is being written up, 99% completed & almost ready to post you can't. Also ability to add notes can help flag something).
If you have a doc that is being written up, 99% completed & almost ready to post you can't. Also ability to add notes can help flag something).
What problems is the product solving and how is that benefiting you?
Managing multiple compliance/privacy obligations - without this you're talking about hundreds - maybe a couple of thousand - man-hours required. By humans. Who already have a day job.
Soc2 process
What do you like best about the product?
The people working in Vanta is very helpful. They've answered all my doubts regarding policies to initiate the process, and I think the content in their documentation is very straightforward
What do you dislike about the product?
At the moment, I think almost everything has been a smooth process. One thing I dislike was that you have to download Vanta app in your computer even if your'e not working directly with the organization doing the process.
What problems is the product solving and how is that benefiting you?
To have an good start and continuation for our organization, we are needing a Soc2 agent to implement new projects and changes, Vanta is helping us with this process.
showing 671 - 680