What do you like best about the product?

The task-based approach to managing cloud security and policies. The dynamically-generated security reports. The integration with many of our

What do you dislike about the product?

Nothing. In the ~6 months we've been using Vanta, our experience has been nothing but positive.

What problems is the product solving and how is that benefiting you?

Managing our cloud infrastructure. Generating security policies. Preparing for SOC-2 Type II audit. Generating dynamic security reports for prospective customers.

What do you like best about the product?

Simple, clean interface for managing the complexities of SOC II compliance. The policy management features are particularly useful. Vanta isn't just a tool for managing docs — it helped us to clarify our processes and organize our thinking around security compliance issues. It's hard/impossible to get a sense of best practices when you're pursuing SOC 2 on your own.

What do you dislike about the product?

Could always benefit from more integrations with vendors. We had to do a little extra work to chase lesser known cloud vendors.

What problems is the product solving and how is that benefiting you?

Vanta practically gamifies SOC compliance. We actually enjoyed the process, at least as much as such a thing is possible.

The primary benefit for us was achieving SOC 2 Type 2 compliance. This has opened up the door for sales growth, particularly in enterprise accounts where security compliance can be a major hurdle for smaller service providers like us.

What do you like best about the product?

Ease of use and automated checks of our infrastructure

What do you dislike about the product?

More integrations would be awesome. JAMF integration is welcome.

What problems is the product solving and how is that benefiting you?

SOC-2 compliance

What do you like best about the product?

So easy to use! Out of the box setup was plug and play. It integrated with all of our stack and the vendors that they recommended for us have been really easy to work with.

Their customer support is fast and responsive. When issues arise they fix them quickly.

What do you dislike about the product?

There are some bugs that pop up from time to time. The policy wizard isn't 100% intuitive.

It's a bit funky to disable the monitoring and I wish they could incorporate some outside systems, but early stage.

What problems is the product solving and how is that benefiting you?

SOC2 Type II

What do you like best about the product?

Clear ROI for us. Relatively easy to configure to our existing tech stack. Easy to implement policies. Best of all, a majority of documentation was available to our auditors from inside the tool.

What do you dislike about the product?

Setup wasn't insignificant. But if the goal is SOC2 compliance, as it was for us, the time spent is worth it.

What problems is the product solving and how is that benefiting you?

We needed to spend less time on security compliance and have more proof to show our customers. Vanta provided that with security reports immediately after configuration. Then it set the stage for a pretty painless audit.

Recommendations to others considering the product:

Security is critical, so make time to get it setup correctly with your tech stack. We also used their recommended audit partners, who were well versed with how the software works. Getting the SOC2 program going isn't trivial, but Vanta provides a terrific hub for it.

What do you like best about the product?

Deep integrations with virtually every major tech stack. Connecting AWS, Google, GitHub, & Jira took automated what used to take us weeks of evidence gathering prior to using Vanta.

What do you dislike about the product?

Integrations are awesome, but it would be great if they built a framework for us to build some of our own checks! There's some weird stuff we do that other companies probably don't (everyone's got their own sauce), and I'd be happy to write my own integration to send up various pieces of evidence from our own stack.

What problems is the product solving and how is that benefiting you?

They make evidence gathering so easy that you can focus your time and energy getting your system securely setup rather than spending your time and energy taking screenshots of weird admin panels and system configurations that you then have to tediously explain to an auditor what it means and why it's reasonable evidence.

Recommendations to others considering the product:

If you're an early stage company skeptical about spending extra money on compliance, consider that the cost of contracting with Vanta will lower the cost of your audit. It saves both you and your auditor time, so you'll end up paying less or the same amount overall. Plus, Vanta offers great references for ancillary services you'll inevitably need such as a penetration test, etc. They can help you find a cost effective auditor and connect you with resources that best-fit your organization and budgetary needs.

What do you like best about the product?

Automation, clear goals. Just follow the centralized checklist everyday, look at your email alarms. That's it.

What do you dislike about the product?

Very specific but you have to immediately distribute security issue at creation time. It would be great to define a window period (one week) where security issues don't count in the "Non distributed security issues" check. As we create issue on the fly and distribute everything once a week.
Otherwise it forces us to think even on little useless things (like private test github projects...) but it's a blessing in disguise.

What problems is the product solving and how is that benefiting you?

Having clear goals toward SOC2 certification.

Recommendations to others considering the product:

If you use every classic IT tools to manage your cloud and company. Vanta would easily help you organize and align yourself with standard security compliance.

What do you like best about the product?

The ability to generate template automatically is incredibly helpful. The punchlist is great. The risk assessment tools are very helpful too. The integrations that exist work well. Excellent post-sales support.

What do you dislike about the product?

The UI is patchy. It has some lovely touches, but the main navigation could use some work. You can get a bit lost when ramping up on the product. But once you're familiar with it, it's simple enough.

What problems is the product solving and how is that benefiting you?

SOC 2 Type 1 compliance. We will use for SOC 2 Type II when ready.

What do you like best about the product?

I'm a big fan of automation, so when I heard about the legwork required for gathering evidence as part of SOC 2 audits, I cringed. That's why when I found out about Vanta and how they automate what can and should be automated, I was so relieved. I love how easy Vanta has made the audit and maintenance processes for SOC 2 and other compliance certifications.

What do you dislike about the product?

Not much to dislike. They do what they say they'll do. My only wish is that they would add some kind of IDS feature so they can be a complete one-stop shop for me in terms of compliance and security automation.

What problems is the product solving and how is that benefiting you?

Compliance audits were exactly what they said they would be: a breeze.

What do you like best about the product?

The team is easy to work with and they make the process for getting ready for SOC2 Type 1 and SCO2 Type 2 very straightforward. We are a very small company and it feels as though they have joined our team and have taken charge in helping us achieve SOC2 Type 1 and SOC2 Type 2 status.

They have connected to us to the appropriate CPA offices for our SOC2 Type 1 and SOC2 Type 2 audit. They gave us multiple options based on different parameters we laid out so we could find the right fit for us. They immediately make the connections after our kick off call so I felt like we were a top priority for them.

They also make introductions to people to help us with our Pen-test. Again, keeping in mind what is most important to us (time, cost, etc). They also provided us with information on how to get each employee through the required security training. They are very responsive and have been great at guiding us, setting up weekly check in calls and make sure we are on track for our SOC2 Type 1 and SOC2 Type 2 audits. They are flexible to work with and super accommodating. I really trust them and know they have our best interest. The product make me feel confident that we will go through our SOC2 Type 1 and SOC2 Type 2 successfully.

The upside of using Vanta and I really do not have to think too much about what is needed to go through a SOC2 Type 1 and SOC2 Type 2 audit. They lay everything out for me and I just need to go through and complete each action item. It's like they've created an extensive check list for me and I just go through and manage each task.
I love that they integrate with Checkr and Rippling- I was able to add in our anti-virus software through Rippling, which is a requirement of the SOC2 Type 1 and SOC2 Type two. They also make it easy to push all of our background checks from Checkr into Vanta so there was little work on my end to show that each employee has gone through and passed their background check.

I love that we have a dedicated Customer Success Manager. It really helps us stay up to date and make sure we are hitting important dates towards SOC2 Type 1 and SOC2 Type 2. We have a weekly check in call with our Customer Success Manager who has been a pleasure to work with. Each week we go through what we've accomplished and what is still outstanding. She answers any questions we have and helps make sure we are staying on top of what needs to be done within the Vanta platform. It's a time for us to check in and make sure we are still on track to meet our deadlines for our audit. It also helps us be accountable.

What do you dislike about the product?

So far there isn't much to dislike, as the team has been super easy to work with. We have had a great experience. We haven't run into any issues when working with Vanta.

Sometimes the section for company profile is difficult to find. It would be nice if that were listed across the top menu bar instead of under the profile section. There are important pieces of information to be filled out in that section so it would be nice if it was more accessible.

The interface on the people section could be a little easier to look through and outline what tasks each employee has completed and what is outstanding. It shows red dots next to each employees but I wish it would let me click on the name and show a dropdown menu of what is missing from that employee's profile so I can view it all in one screen instead of it having a pop out window.

For the security training, things were a bit complicated. We used the suggested link and it was a big difficult to use, not the most user friendly. It wasn't very obvious on how to submit that each employee finished the training. There is no certificate sent to the employee upon completion, they just need to take a screenshot. It would be great if the system generated a certificate of completion because right now I am having to upload each screen shot individually for each employee, which is a little time consuming.

We have to get vendor reports for each vendor we work with (their SOC2 reports). This process was a bit tedious. I wish Vanta had a way to have access to the SOC2 reports and we could just pull the ones we wanted. I had to reach out to each vendor directly to request their reports and it took some time and digging to figure out how to find who to contact to get the appropriate report. The reports seem generic so I do not know why it isn't possible to just have these reports stored in Vanta and we can just pull which reports we need based on which vendors we connect with.

What problems is the product solving and how is that benefiting you?

We are working towards our SOC2 Type 1 and Type 2. The problem we are solving is working towards becoming a more secure company, to keep company data and privacy as a top priority for us. We want to show that we It is something we want to get as a it makes us more appealing to customers and shows that we are secure and take out security seriously. The benefits are endless for us and we are excited to be working with Vanta. It has been great that they provide template for policies and make it really easy to make sure we are set up for success. The policy templates are very clear and easy to fill out and upload back into Vanta. I am able to easily track each employee and make sure they are also set up for compliance. They also send out weekly reviews which highlight what things are still missing and what gaps need to be filled, which helps me stay on track and make sure we have everything set up properly as we approach our audit with the CPA firm. They have connected us to the appropriate CPAs and introduced us to someone who can run a pen test.

Vanta is helping us become SOC2 compliant. This is a huge accomplishment and helps to validate our business. We are super excited to be going through this process with them because they seem like a trusted and knowledgeable source in making sure we are set up for the audit and to achieve our SOC2 Type 1 and SOC2 Type 2.

Vanta has helped us solve the daunting task of going through a SOC2 Type 1 and SOC2 Type 2 audit and certification. I was overwhelmed at first but their approach and the confidence I have in them has made this process feel easy and straightforward. I am not a very technical person and they have been able to speak to me in a way that enables me to understand everything we are doing. We are happy to be working with Vanta. I can't imagine going through SOC2 Type 1 and SOC2 Type2 without their guidance and help.