Vanta
VantaExternal reviews
2,082 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great GRC platform that can be customised in any way
What do you like best about the product?
The way we can costumise everything and adjust things to work for our organisation. There are no limitations and we can automate almost everything. The automated tests and integrations with key tools make continious monitoring easier than ever.
Customer support team is also great with dedicated slack channel where we receive responses the same day we run into an issue.
Customer support team is also great with dedicated slack channel where we receive responses the same day we run into an issue.
What do you dislike about the product?
There is some lack of customisation in the vendor management module
What problems is the product solving and how is that benefiting you?
Vanta is solving all our problems around GRC. It is our one-stop-shop and we cannot live without it anymore. Thanks to all the automations we save much time and as a result we can spent more time on reducing risk accorss the organisation.
Vanta greatly simplifies and speeds up security and compliance for early-stage organizations.
What do you like best about the product?
In my experience, Vanta distills the complexities of compliance frameworks into clear, bite-sized objectives. A small team can effectively manage GRC for their organization with Vanta, in large part due to the many supported integrations that automate a significant chunk of the process. I've found the software platform really straightforward and easy to understand, and Vanta's customer success team has been great to work with.
What do you dislike about the product?
The only negative I've experienced with Vanta has been a slightly inconsistent software user experience. Different modules have slightly different interfaces or workflows, which can be a bit confusing; that said, the impact of this has been negligible, in my experience.
What problems is the product solving and how is that benefiting you?
Vanta provides us with a straightforward platform for ensuring that we remain in compliance with our chosen frameworks (HIPAA and SOC 2), and for enabling easy auditing (in the case of SOC 2). Without Vanta, we would likely need a dedicated GRC expert on our team to manage these priorities. The return on our investment in Vanta's products and services is abundantly clear for our use cases.
What a great experience! Getting certificate ready has never been this easy.
What do you like best about the product?
Vanta guides through your whole journey – no matter which framework you have chosen to go forward with. Vanta does speed up your work a lot with the templates and wizards. You can achieve the certificate in no time, if you want to. Or you can go as slow as you want and Vanta will remind you to pick up the pieces where you left them and move forward. The Vanta UI is really intuitive and user friendly. There was a time when I wasn't sure where to get all the info I needed but once you get to know your ISO-jungle, you know where to look for. One more thing I love about Vanta is the onboarding and staff reminding stuff. These big and small things just makes everything so easy.
Implementation of the platform was a pleasure. Vanta offers frequent webinars for newbies and you can gain your Vanta Master badge quite easily. The wizards gets you fast on the right track when writing policies, and the vast knowledgebase and helpful customer support are awesome addons.
Implementation of the platform was a pleasure. Vanta offers frequent webinars for newbies and you can gain your Vanta Master badge quite easily. The wizards gets you fast on the right track when writing policies, and the vast knowledgebase and helpful customer support are awesome addons.
What do you dislike about the product?
It does take some time to get to know the platform – but lets be fair, isn't it always like this with new platforms and tools? Also, Vanta covers so complex frameworks (we are doing ISO27001) that it could not be any easier to make you ready for your audit.
What problems is the product solving and how is that benefiting you?
Without Vanta we would never be ready for our audit. It would take me months to gather first all the info about our systems and then about the framework's requirements. Vanta makes it easy.
Vanta makes it easy to comply to all security and privacy framework
What do you like best about the product?
We've been a Vanta customer for over than 4 years and have seen the evolution of Vanta products. Vanta provides a user-friendly experience both for security roles and non-security.
Vanta is a tool that makes collaboration very easy internally and with external vendors (Audit firm, external Vciso). It's easy to track your progress and see any outstanding issues when you're trying to get a certificate or work on complying with a specific framework. Our Vciso are logging in every day to see any outstanding items and they also have notification reports that are very helpful to keep track.
Adding more frameworks to Vanta is also very easy, having everything in the same place allowed us to capitalize on what has been done for another framework. We gained a lot of time.
Vanta has always been central to our Security Compliance work, and the more they grow their products and add-ons, the easier it's been. They've very helpful events to update their customers on the new framework or development of the security industry which is always very practical (e.g. AI certificate)
We really appreciate the feature "Trust Center" to share our security reports and security information with our Customers
And their Support and CSM teams has been amazing and tremendously helpful.
Vanta is a tool that makes collaboration very easy internally and with external vendors (Audit firm, external Vciso). It's easy to track your progress and see any outstanding issues when you're trying to get a certificate or work on complying with a specific framework. Our Vciso are logging in every day to see any outstanding items and they also have notification reports that are very helpful to keep track.
Adding more frameworks to Vanta is also very easy, having everything in the same place allowed us to capitalize on what has been done for another framework. We gained a lot of time.
Vanta has always been central to our Security Compliance work, and the more they grow their products and add-ons, the easier it's been. They've very helpful events to update their customers on the new framework or development of the security industry which is always very practical (e.g. AI certificate)
We really appreciate the feature "Trust Center" to share our security reports and security information with our Customers
And their Support and CSM teams has been amazing and tremendously helpful.
What do you dislike about the product?
Some of their new features need more work (Security questionnaire and User access review) - not that easy to onboard and not so much value compared to our existing internal systems
What problems is the product solving and how is that benefiting you?
Soc 2 type II certification process, HIPAA audit, and Trust Center to provide documentation access to our customers
Effective Security Management
What do you like best about the product?
* Provides tools to track and complete necessary auditing activities
* Gives me confidence in our security posture
* Has features for vendor management and ties directly to our docs
* Very straightforward to use
* Gives me confidence in our security posture
* Has features for vendor management and ties directly to our docs
* Very straightforward to use
What do you dislike about the product?
* Can be a little overwhelming
* Doesn't tie into our ticket managment like I want
* Doesn't tie into our ticket managment like I want
What problems is the product solving and how is that benefiting you?
Vanta keeps track of the plethora of controls necessary to manage security. I have it all in one place and it keeps me focused.
Awesome Product
What do you like best about the product?
The GUI is excellent, with a smooth interface. Policies and documents are organized more efficiently, and the Audit window has great visibility. We can manage multiple compliances on one plateform.
What do you dislike about the product?
Sometimes during the audit, Vanta sends alerts indicating that the "Audit window has been changed."
What problems is the product solving and how is that benefiting you?
Vanta assists us in obtaining various compliance certifications; we've chosen the SOC-II Type 2 and NIST 800 frameworks.
Automated controls testing platform ideal for SaaS heavy organisations
What do you like best about the product?
Vanta was assessed against the other market leading automated assurance & GRC platforms before being implemented. We are a SaaS heavy business and all of our tools integrate with Vanta. All testing exceptions can be escalated into Jira tickets for engineers to easily investigate. The audit module is making our SOC 2 audit much easier than via spreadsheets which were previously used. The risk management module is quite intuitive, and importing of controls, linking of evidence etc works well. User management is easy, with access via SSO.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
Overall, it's a very complete automated assurance & GRC platform that is well maintained, with new functionality dropping ~monthly. Customer support is solid, and the educational resources are very helpful.
What do you dislike about the product?
Dark mode is still to be developed, and would be a nice to have.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
Note that automated testing of some controls (e.g. AWS alerts / monitoring) will only be applicable if your organisation leverages that 'out-of-the-box' functionality specifically. If your organisation has a more custom built tech stack (e.g. Splunk monitoring), some of the automated controls testing will need to be evidenced manually.
Also note that a number of Vanta's integrations do not currently have automated testing of controls beyond UAR, so check your tech stack against Vanta's list of integrations during your procurement process.
What problems is the product solving and how is that benefiting you?
Previously we had a very manual GRC & audit process, which has now been systemised via Vanta.
Beyond compliance: a cybersecurity companion
What do you like best about the product?
The integrations are really well done and game changing. In one place I can keep track of software vulnerabilities, onboarding and offboarding activities of staff, and implement a real continuous improvement process.
What do you dislike about the product?
Support for other languages (e.g., Italian) in policies would be very helpful
What problems is the product solving and how is that benefiting you?
Obtain ISO27001 and train employees and managers internally on cybersecurity and compliance issues
Streamline Compliance with a central hub for policies, tests and controls
What do you like best about the product?
Clarifies the requirements of a lot of important security standards, primarily ISO 27001 and SOC 2.
- Guidance available to gather the required evidence or steps to implement compliant practices.
- Guidance available to gather the required evidence or steps to implement compliant practices.
What do you dislike about the product?
Searching for specific policies and keywords could be clearer, it requires a degree of familiarity making it less useful for end users.
What problems is the product solving and how is that benefiting you?
Aligning the security and compliance requirements of ISO 27001 and SOC 2, making it clear which elements are shared and the specific items required to test and evidence compliance.
Vanta is Significantly Overpriced and have slimey sales practices
What do you like best about the product?
It gets the job done - no differentiation vs other SOC2 type 2 / HIPPA / GDPR providers
What do you dislike about the product?
It is very pricey - however, you should use secureframe / data as negotiating leverage. There is no differentiation in the products.
What problems is the product solving and how is that benefiting you?
The ability to say to clients we are SOC2 compliant
showing 951 - 960