ALL RESOURCES
Compliance frameworks
How Vanta empowers customer success

How Vanta empowers customer success

Compliance can be tricky business. We know firsthand how difficult it can be for fast-growing companies to efficiently pursue security and compliance. Before Vanta, companies were largely on their own when it came to compliance. In 2016, we started saving companies hours of time by automating security monitoring for certifications such as SOC 2, HIPAA, and ISO 27001. 

But Vanta offers much more than automation. When you partner with Vanta, you get access to a dedicated team of compliance experts who are with you throughout the entire journey, and then some. It’s no accident that catering to the needs of customers is our first operating principle. Every customer win brings us closer to achieving our mission—to secure the internet and protect consumer data.

A holistic, personalized approach to customer support 

Every customer’s compliance journey is unique. Although the destination may look the same, not everyone will take the same road, and actually, they shouldn’t. Your product, in-house talent, and security strategy are what differentiate you from everyone else. Achieving compliance goals is no different.

Vanta offers multiple avenues of support so you can hit compliance targets in a way that makes sense for you and your team. Need a full squad of compliance gurus to lead the charge? Let’s do it. Want to do most of the heavy lifting with a helping hand every once and a while? No problem. As a customer, you’ll have access to four branches of support. 

Our Customer Success Team 

Vanta’s Customer Success Team is the first and foremost source of compliance truth throughout your continuous compliance process. Our Success Team is different from most—they take a proactive stance when it comes to identifying and solving problems. At Vanta, the value and purpose of customer success extends far beyond simply responding to support queries. Your Success Manager is your trusted advisor who will advocate for your interests and make sure you have everything you need throughout each milestone of your compliance journey.

“The Customer Success team was always available to answer questions, offer advice, and keep us moving forward. I can't imagine going through compliance preparation and the audit without Vanta.” — Director of IT Operations, Small-Business Firm 

Customers can contact their Success Managers at any time with feedback or questions. This information is then dispersed throughout the company to help us improve everything we do, especially when it comes to product updates.  


Our Technical Support Team 

Between cloud services, identity providers, mobile device management, and task tracking, your integration options are endless. No two tech stacks are alike. Vanta’s platform is designed to easily work alongside your native digital environment, and our Product Team consistently delivers updates to meet your needs.

But sometimes the solution requires more than “unplugging and plugging it back in.” And usually, the solution is needed now, not tomorrow. Our Technical Support Team has your back when it comes to making sure your system is properly interfacing with Vanta’s platform. We work hard to make sure you get a response from us in less than one business day. And when you do turn to us for help, we’ll go above and beyond to make sure you can focus on what matters. 

“After weighing a lot of other options, Vanta had the most complete set of tools, a great user experience, and excellent customer support.” — Director of Product & Engineering, Small-Business Firm



Simply submit a request within the Vanta platform or the Help Center and we’ll work with you to solve any issues. You can also send an email to support@vanta.com or contact your Customer Success Manager. 

Our in-house audit specialists

Choosing an auditor is a critical step in reaching compliance, but with so many options, it’s not always obvious how to move forward. For fast-growing teams, sometimes doing a deep dive into the auditing industry isn’t an option. That’s where Vanta’s audit and compliance specialists come in. 

Our in-house subject matter experts have a wealth of knowledge about auditing, risk assessment, and cybersecurity—some have been auditors themselves. Vanta’s audit team is comprised of distinguished professionals who come from companies such as Deloitte, BSI, A-Lign, and many others. Regardless of which compliance standard your company is pursuing, our audit specialists can assist you in choosing an auditor, preparing for an audit, and maximizing your time along the way. 

Our DIY Help Center and blog content

Customers have full access to our Help Center—a living hub filled with guides, checklists, tutorials, FAQs, and so much more. This comprehensive resource gives you fast answers to common questions and enables you to get as much value as possible out of your experience with Vanta. It offers information applicable to each phase of your Vanta journey, starting with onboarding, platform setup, testing controls, and audit readiness. You’ll also be notified about product updates and any upcoming events such as webinars

Want to dive even deeper? Our blog offers a wide variety of content aimed at helping you become adept in all things compliance. Here you can find information on each compliance standard in addition to the latest industry trends and developments. 


Learn how to secure your company 

Security awareness training 101: Get your startup ready
Vanta’s 6 principles for pragmatic startup security
9 Security tips for startups

Written by
No items found.
Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail

PCI Compliance Selection Guide

Determine Your PCI Compliance Level

If your organization processes, stores, or transmits cardholder data, you must comply with the Payment Card Industry Data Security Standard (PCI DSS), a global mandate created by major credit card companies. Compliance is mandatory for any business that accepts credit card payments.

When establishing strategies for implementing and maintaining PCI compliance, your organization needs to understand what constitutes a Merchant or Service Provider, and whether a Self Assessment Questionnaire (SAQ) or Report on Compliance (ROC) is most applicable to your business.

Answer a few short questions and we’ll help identify your compliance level.

1
2
3
4
!
👍

Does your business offer services to customers who are interested in your level of PCI compliance?

Yes
No

Identify your PCI SAQ or ROC level

The PCI Security Standards Council has established the below criteria for Merchant and Service Provider validation. Use these descriptions to help determine the SAQ or ROC that best applies to your organization.

Good news! Vanta supports all of the following compliance levels:

SAQ A

A SAQ A is required for Merchants that do not require the physical presence of a credit card (like an eCommerce, mail, or telephone purchase). This means that the Merchant’s business has fully outsourced all cardholder data processing to PCI DSS compliant third party Service Providers, with no electronic storage, processing, or transmission of any cardholder data on the Merchant’s system or premises.

Get PCI DSS certified

SAQ A-EP

A SAQ A-EP is similar to a SAQ A, but is a requirement for Merchants that don't receive cardholder data, but control how cardholder data is redirected to a PCI DSS validated third-party payment processor.

Learn more about eCommerce PCI

SAQ D
for service providers

A SAQ D includes over 200 requirements and covers the entirety of PCI DSS compliance. If you are a Service Provider, a SAQ D is the only SAQ you’re eligible to complete.

Use our PCI checklist

ROC
Level 1 for service providers

A Report on Compliance (ROC) is an annual assessment that determines your organization’s ability to protect cardholder data. If you’re a Merchant that processes over six million transactions annually or a Service Provider that processes more than 300,000 transactions annually, your organization is responsible for both a ROC and an Attestation of Compliance (AOC).

Automate your ROC and AOC

Download this checklist for easy reference

Questions?

Learn more about how Vanta can help. You can also find information on PCI compliance levels at the PCI Security Standards Council website or by contacting your payment processing partner.

The compliance news you need. Delivered securely to your inbox.