Multiple frameworks without multiplying the work

Vanta has the specialized compliance frameworks required to support the evolving needs of companies scaling their security and privacy programs.

As the sophistication of your security and privacy programs grows, the number of tools needed to manage them doesn’t have to. Vanta provides one centralized location to track progress and monitor in-demand and highly-specialized top security and privacy frameworks and certifications.

Vanta supports each framework with the guided scoping, policies, controls, automated evidence collection, and continuous monitoring needed to get ready for audit or prove attestation in minimal time.

Vanta supports the following security and privacy frameworks:

Security Frameworks

SOC 2

AICPA standardized framework to prove a company’s security posture to prospective customers.

ISO 27001

Global benchmark to demonstrate an elective Information Security Management System (ISMS). For businesses selling to customers outside of the US.

ISO 27017

ISO 27017 provides guidelines for information security controls applicable to the provision and use of cloud services.

PCI-DSS

Industry-mandated requirements to secure Credit Card data. SAQ D, SP and ROC prep support.

NIST CSF

NIST CSF provides voluntary guidance, based on existing standards, guidelines, and practice, for organizations to better manage and reduce cybersecurity risk.

NIST 800-171

NIST 800-171 provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI) for those working with the US government.

NIST 800-53

(coming soon)
NIST 800-53 is a catalog of security and privacy controls for all U.S. federal information systems except those related to national security.

FedRAMP

FedRAMP requires cloud service providers and cloud-based products to comply with this security framework in order to serve US Federal Agencies.

AWS Foundational Technical Review (FTR)

AWS FTR is a mandatory requirement for access to several AWS Partner benefits including, the AWS Competency Program and the AWS ISV Accelerate Program.

Minimum Viable Secure Product (MVSP)

MVSP is a minimalistic security checklist for B2B software and business process outsourcing suppliers.

Privacy Frameworks

GDPR

European Union (EU) regulation to protect personal data and privacy of its citizens.

HIPAA

United States (US) regulation to secure Protected Health Information (PHI).

CCPA

California regulation that gives residents new data privacy rights.

ISO 27701

ISO 27701 is an extension of ISO 27001 that specifies the requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).

ISO 27018

ISO 27018 establishes controls to protect Personally Identifiable Information (PII) in public cloud computing environments.

Microsoft SSPA

Microsoft SSPA is a mandatory compliance program for Microsoft suppliers working with Personal Data and/or Microsoft Confidential Data.

Other Compliance Frameworks

SOX ITGC

SOX ITGC is a set of IT controls required to be compliant with the Sarbanes-Oxley Act.

Thousands of fast-growing businesses rely on Vanta to protect and monitor the data of hundreds of thousands of employees.

Additional resources

5 Must Haves in an Automated Security Platform

Vanta helps companies accelerate growth with 10 new security and data privacy compliance frameworks

Vanta’s 6 principles for pragmatic startup security

Learn what security and privacy frameworks your business can benefit from today while building a plan for those you’ll pursue tomorrow.

Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.