%201%20(1).svg){kind=icon}
CASE STUDY
ÉTUDE DE CAS
How WRITER achieved the ISO triad and SOC 2 Type 2 in under a year with Vanta
ISO 27001, ISO 27701, ISO 42001, SOC 2 Type 2 (HIPAA included), PCI: DSS SAQ A, Microsoft SSPA, VRM, Trust Center, Questionnaire Automation, Continuous GRC
WRITER completed ISO 27001, 27701, 42001, SOC 2 Type 2, and HIPAA in under 12 months, powered by Vanta’s automation and centralized workflows.
With Vanta AI and robust integrations, vendor reviews and access audits take under 20 minutes—instead of multiple hours.
With onboarding, risk tracking, compliance, and trust management in one place, WRITER’s security team gets clarity, accountability, and peace of mind.
“Our currency is trust, and our Trust Center is a big piece of that. Vanta is what makes it all possible.”
The company
AI built on trust
WRITER is an enterprise generative AI platform that enables teams to build, activate, and supervise AI agents to enhance the way they work. The company’s goal is to be the enterprise AI leader built on customer trust, which means keeping humans in the loop every step of the way. And in a market where privacy and security are everything, it also means meeting the highest security and compliance standards.
When Ryan Maple joined as Head of Information Security and Compliance, WRITER had already committed to completing the ISO triad—27001, 27701, and the newly ratified 42001, in addition to SOC 2 Type 2. But the real kicker is that all of these had to be completed within a year.
The challenge
Five frameworks, zero room for error
With enterprise deals on the line, WRITER needed to prove the maturity of their security posture fast.
But managing five frameworks in parallel using spreadsheets was never going to scale. Ryan needed a solution that could consolidate evidence across frameworks, keep control owners engaged without constant follow-up, and provide real-time audit progress. He also wanted something that could integrate with HR and endpoint tools for onboarding visibility to keep all stakeholders in the loop, while supporting evolving compliance regulations, like HITRUST and FedRAMP.
Vanta stood out not just for breadth of coverage, but for its ease of use and deep sense of partnership.
{{quote-2}}
The solution
Scaling trust with automation, abstraction, and AI
WRITER recently achieved ISO 27001, 27701, 42001, and SOC 2 Type 2 compliance with Vanta by their side, and manages HIPAA, SSPA, and GDPR in the platform. Rather than managing each framework independently, Vanta’s test abstraction lets Ryan quickly upload evidence once and apply it across frameworks, cutting down on duplication and confusion.
With Mobile Device Management (MDM) and Human Resources Information System (HRIS) integrations, Ryan can easily track essential compliance requirements—like whether employees have completed background checks, installed endpoint protection, or finished required training.
Vanta’s integrations replace time-intensive manual cross-checks within multiple tools. Quarterly access reviews, which used to require logging into 10+ tools, are significantly faster because Vanta highlights discrepancies and automates the process, giving Ryan peace of mind.
Risk management has also become a much simpler process with Vanta. Ryan says that opening, tracking, and reviewing risks in Vanta with Risk Register is seamless. What would have once lived in a hidden spreadsheet is now a living, shared system that supports continuous improvement.
Vanta also enables WRITER to increase transparency and build trust with customers and prospects. With a Vanta-powered Trust Center, WRITER simplifies how it shares information about the company’s overall security posture. This reduces friction for both customers and the WRITER sales team, and aligns with Ryan’s vision of trust as the “currency” for AI companies.
The impact
Faster audits, smarter reviews, and stronger trust
With Vanta, WRITER successfully completed the ISO triad (ISO 27001, 27701, 42001), SOC 2 Type 2, and HIPAA in less than 12 months. Vanta’s automation, cross-mapped controls, and its easy-to-use platform enabled Ryan to scale the program without scaling the team. “I’d just open the Vanta dashboard every day and work my way down the to-do list,” Ryan says.
Vanta’s automation helped WRITER dramatically reduce other time-intensive workflows like access reviews, onboarding checks, and quarterly audits. Ryan estimates that repetitive tasks like these now take under 20 minutes, saving the company money and freeing him up to focus on high-priority risks and strategic initiatives. “There are all these things that used to take hours and now take maybe 10 or 20 minutes,” Ryan says. “Multiply that by dozens of tools and audits per year, and the savings are massive.”
Vanta AI also handles security reviews of third-party vendors. What once took hours of reading and manual categorization is now handled by Vanta AI, giving Ryan actionable results in minutes. “In a past life, reviewing vendor docs took hours. Now, I upload a SOC 2, go have a coffee, and come back to a fully organized analysis,” Ryan says.
Perhaps most importantly, Vanta now serves as the single system of record for WRITER’s compliance, risk, onboarding, and trust workflows. From managing access controls to vendor risk reviews and custom reporting, Ryan can see everything in one place. The Slack integration, visual status indicators, and control owner assignments ensure that he stays ahead of deadlines without chasing people or second-guessing progress.
From the beginning, Ryan has gotten value from Vanta that extends beyond the product itself. “This whole process felt like a partnership,” he says. “Everyone I spoke to was friendly, helpful, and committed to improving. It wasn’t just a product, it was the whole package.”
Thanks to Vanta, Ryan is equipped with a Trust Management Platform that scales with his roadmap, and feels fully prepared to complete additional high-priority certifications for WRITER in the future.
{{quote-3}}
.png)
.png)
.png)