Vanta
VantaExternal reviews
2,426 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Overall a good audit platform
What do you like best about the product?
Vanta is an easy way to get your certifications done. The platform is designed to be user-friendly, making it accessible to even those who don't have a strong technical background. Additionally, Vanta provides clear and concise instructions that guide users through the certification process, making it much easier to get certified.
What do you dislike about the product?
While the pricing for Vanta is reasonable, it's hard to get an overall price for Vanta + Audits. The price estimations Vanta gave us for audits were a factor 2-3 under the quotes we got from Audit firms.
Vanta does provide excellent security/compliance scanning, but it may not always enhance the actual security as it often feels more like paper security. . However, these minor issues do not detract from the overall quality of Vanta as an audit platform for small businesses.
Vanta does provide excellent security/compliance scanning, but it may not always enhance the actual security as it often feels more like paper security. . However, these minor issues do not detract from the overall quality of Vanta as an audit platform for small businesses.
What problems is the product solving and how is that benefiting you?
Compliance can be a complex and time-consuming process. Vanta simplifies this process by providing automated compliance monitoring that continuously checks and verifies that the necessary security controls are in place and functioning as expected. This means you can focus on your core tasks while Vanta takes care of the compliance requirements. By streamlining the compliance process, Vanta can save businesses time and money. Overall, Vanta's automated compliance platform is a valuable tool for any business looking to achieve and maintain compliance efficiently and effectively.
SOC 2 type 1 support
What do you like best about the product?
User friendly platform, policies templates were very useful
What do you dislike about the product?
The implementation process focused on just getting us to do a few tasks before getting a CSM felt pointless. Not due to the implementation person, but having calls on these things is a waste of time. I was pulled in late so perhaps a self service guide was shared - but would have been more useful to me personally.
What problems is the product solving and how is that benefiting you?
SOC 2 type 1
Great software and support to prepare you for an audit.
What do you like best about the product?
It scans your infrastructure after integration and lets you know what you need to work on and what vulnerabilities you need to fix for Audit of Choice, be it ISO27001 or SOC2 for example.
What do you dislike about the product?
Sometimes it is hard to find exactly what you need based on the information and menus available. At times you need to drill down pretty deep to find certain vulnerabilities.
What problems is the product solving and how is that benefiting you?
Vanta is preparing us for our ISO27001:2013 and 2022 and SOC2 Audits. Without the guidance of Vanta and the great support we would be totally lost figuring out what systems were passing standards.
Great product for SOC2 compliance
What do you like best about the product?
Vanta offers a great interface to view compliance and stay up to date on all the controls.
Our account manager is always available for meetings in case we have questions.
Our account manager is always available for meetings in case we have questions.
What do you dislike about the product?
Support for some of the Linux distro is lacking. It is worth checking before implementing a new OS on your environment.
However, manual evidence can be provided so we can stay compliant and have Devs on their prefered OS.
However, manual evidence can be provided so we can stay compliant and have Devs on their prefered OS.
What problems is the product solving and how is that benefiting you?
Vanta allows us to be SOC2 compliant while providing an easy experience for both our company and our auditors.
We were able to get our SOC2 audit started quickly.
We were able to get our SOC2 audit started quickly.
Great customer support
What do you like best about the product?
All the information needed is well organized and easy to understand. Templates made creating documentation very easy.
What do you dislike about the product?
Sometimes it is not clear what needs to be done to get tests passing, as following the provided instructions doesn't always work. However, support is very responsive when this happens and has always been able to resolve my questions.
What problems is the product solving and how is that benefiting you?
Receiving a SOC2 certification and maintaining GDPR compliance
Automation is key!
What do you like best about the product?
The variety of systems vanta can connect to makes it easier to achieve the automation vanta promise for compliance. automation
What do you dislike about the product?
Support can be quicker when needed and to also consider timing difference with European customers.
What problems is the product solving and how is that benefiting you?
COmpliance automation and smooth audit
Good experience for starting a ISO 27001 and SOC 2 certification without previous experience
What do you like best about the product?
The integrations and automations it has to help with the certification processes.
What do you dislike about the product?
I don´t think I can give feedback about what I dislike until I go further in the process.
What problems is the product solving and how is that benefiting you?
Vanta is helping us to comply with ISO 27001 and SOC 2 certifications for client compliant prospects
Shortcut to SOC 2 and ISO 27001 compliance
What do you like best about the product?
Very detailed and easy to follow path to compliance with SOC 2 and ISO 27001 (and others). Lots of integrations available. Great auditor network at reasonable price.
What do you dislike about the product?
Some of the integrations have had bugs in the past, most of them fixed now. Our HRIS integration is supported only through a third-party so we don't want to connect it. Multi-product/multi-entity is not yet supported (but upcoming)
What problems is the product solving and how is that benefiting you?
Our company has achieved SOC 2 Type 2 compliance in 6 months and maintained it very easily thanks to Vanta. ISO 27001 certification is progressing really quickly through Vanta as well
Incredibly supportive company to work with.
What do you like best about the product?
The support is genuinely fantastic. Often times when something spans a few different cloud services, they're able to grasp the full nature of how those services interact with each other and subsequently how the services work with their automated monitors.
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
I have used other audit platforms, including Amazon's own FTR check, for example. Vanta's Refresh Test allows for that immediate feedback loop that other audit platforms don't provide. Because of that, I don't have to wait for the nightly refresh to hope that I fixed my problem in a compliant manner. Awesome product
What do you dislike about the product?
This is more of a preferential thing, but the refresh of the frontend to remove the status of the monitors in that colorful graph was actually super helpful to visually see our status. Please bring that back.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
I think Vanta should release a suite of infrastructure-as-code components. For example, we've written a few internal Pulumi ComponentResources, one called CompliantBucket, for example. That bucket sets all the necessary bucket tagging and public access blocks that SOC2 requires. I know that when I provision new infrastructure with our components, I will be provisioning in a compliant manner. This could be a massive value add if they worked directly with these IaC companies like Pulumi and Terraform to onboard companies to SOC2 near immediately. We also provision code repositories this way for example. Instead of the manual steps of
- create repo
- add description to repo
- add branch policies to repo
- add owner to repo in the Vanta platform
we just created IaC components that do this for us and it saves us a lot of time. If I had to setup all components the compliant way all the time, I might be less inclined to use Vanta and attempt the SOC2 audit.
What problems is the product solving and how is that benefiting you?
Doing this all by hand and reading through all the requirements would be a nightmare. Having that immediate feedback is great.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
I think having policy as widgets is incredibly effective to remove the confusion around policy documents, which often are just scanned over and not necessarily upheld.
Valuable, Time-Saving, and Organized
What do you like best about the product?
I find Vanta incredibly valuable and appreciate the time and manual tracking it takes off of my plate. Tracking security trainings and on/off-boarding requirements can really drag down my time to do broader scope work with a wider impact. I'm grateful to have a tool I can trust that does all those very important things for me that take lots of time to do manually.
What do you dislike about the product?
There are a couple integrations that don't currently exist, but these aren't of high importance and I know they're on the roadmap, so it's also not a huge issue. For example, our HRIS system wasn't on the list of integrations at first, but now it is!
What problems is the product solving and how is that benefiting you?
It's nearly impossible to track employee laptop settings (think screen saver, encryption, etc) in a remote setting without a tool like Vanta. We also needed one place to track all of our security trainings and the Vanta onboarding page made that so simple!
showing 831 - 840