A purple background with a purple plant and screens on it.
BlogProduct updates
June 21, 2023

Improve your risk posture: Introducing Risk Management customization

Written by
Brian Retson
Product Marketing
Ranna Zendon
Product Management
Reviewed by
No items found.

Accelerating security solutions for small businesses 

Tagore offers strategic services to small businesses. 

A partnership that can scale 

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Update, July 13, 2023: The Risk Management customization add-on is now generally available for purchase. The existing Risk Management base offering is available at no extra cost to Vanta customers.

Today we’re excited to announce Risk Management customization, a collection of new capabilities in our platform that enhance the existing Risk Management solution and give you more flexibility to enable custom risk management scoring and prioritization. Currently in beta, Risk Management customization will be generally available in the coming months.

Building on a solid risk management foundation

The new customization capabilities we’re announcing today build upon what Vanta has long offered — the ability to quickly and confidently perform a comprehensive risk assessment. Based on the ISO 27005 risk assessment guidelines and methodology, Vanta Risk Management meets the criteria for all major standards, including SOC 2, ISO 27001, and HIPAA.

Since periodic risk assessments are both a requirement of most compliance frameworks and also an overall best practice, it’s no surprise that Vanta Risk Management capabilities have been adopted by thousands of customers as an essential part of their trust management strategy. 

Make risk management your own

We’re now taking risk management a step further by empowering customers to describe, assess, treat, and visualize risk on their own terms by customizing their risk scoring dimensions, score groups and colors, and risk register. In addition, customers can automatically update their risk management policy when changes are made to their risk register settings. Managing customized risk is now easy to understand, easy to update, and tailored to your specific needs. The result is increased efficiency and an improved overall risk posture.

Let’s take a deeper look at what Risk Management customization lets you do.

Customize risk scoring dimensions

Vanta defaults to scoring risk scenarios on Likelihood and Impact, each on a scale of 1-5. With Risk Management customization, you can now customize not only the name and description for each scoring option, but also the scale. 

A screen shot of the yelp analytics dashboard.
Customize risk scenario scoring dimensions

Customize score groups and colors

Vanta also automatically groups risk scenarios into high (red), medium (yellow), or low (green) groups based on their risk score. These ratings and colors provide an easy visual cue to better understand risk when browsing the risk register. Ratings are also incorporated into a risk distribution heat map that summarizes the entire risk register in a single visual. With Risk Management customization, you can edit both the number of groupings and the bounds for each group. 

A screen shot of a web page showing a number of options.
Customize score groups and colors

Customize your risk register

Your risk register is the centralized place for tracking all of your risk scenarios, so it’s important that it reflects the way that your organization thinks about risk internally. Your view on risk is unique to the needs of your company, so Risk Management customization lets you add custom columns to your risk register and reflect this. From the date a risk scenario was last updated to the estimated cost and beyond, the columns in your risk register can be used to better reflect how you think about risk.

A screen shot of a web page showing a list of items.
Customize the columns in your risk register

Keep your risk policy in sync when you customize

Your risk policy typically includes your risk scoring dimensions and scale in Appendix B. If you make a change to either of these, you run the possibility of your risk policy being out of sync with the latest information. Risk Management customization ensures information stays accurate and up to date by prompting you to auto-update your risk policy whenever relevant changes are made to your risk management settings. 

Automatically update your risk policy when you change risk scoring parameters

Getting started with Risk Management customization

Risk Management customization empowers organizations like yours to manage risk in a way that is easy to understand, easy to update, and tailored to your specific needs. The result is increased efficiency and an improved overall risk posture. Want to learn more? Contact us to schedule a live demo. You can also find more information about Vanta Risk Management here.

If you’re a current customer interested in becoming a beta customer, contact your Customer Success Manager or Account Executive, or contact us today.

Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Logo of incident.io
Incident.io
Logo of Lumos
Lumos
Icepanel logo on a white background.
IcePanel
Epsilon Logo
Epsilon3
The logo for supabase.
Supabase
EasyLLama Logo
EasyLlama
Qualifi Logo
Qualifi
Logo of toku
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Live Demo: Accelerate security and compliance workflows with AI
Product updates
AI-Powered Risk Management
Vendor Risk Management
Live Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Live Demo: Accelerate security and compliance workflows with AI
Product updates
AI-Powered Risk Management
Vendor Risk Management
Live Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management

Table of contents

No titles!

Share this article

Share this article

Related Resources

A llama sitting at a computer with the words product update.
Product updates
Blog

New in Vanta | January 2024

We closed out 2023 by rolling out more enhancements to the Vanta platform, including Bulk actions in Risk Register, 8 new integrations, GDPR with EU-US Data Privacy Framework, and more!

A purple logo with the words ccopa on it.
Product updates
Blog

Keep your business golden with CCPA

Vanta now supports CCPA compliance. Build trust, win new business, and lead the conversation on consumer data privacy by maintaining year-round compliance with Vanta.

Product updates
Blog

What’s New in Vanta

Snyk, Azure DevOps, redesigned people page, and more

Product updates
Blog

Vanta Trust Center, now enhanced with Questionnaire Automation and Vanta AI

Introducing new innovations that help enterprises win customer trust and close deals fast.

Related Resources

Product updates
Blog
New in Vanta | August 2025

This past month, Vanta launched a new CJIS framework, intelligent control scoping for SOC 2 and ISO 27001, and more.

Product updates
Events
AI-Powered Risk Management

Watch on-demand to see our new AI-driven features that help you reduce manual work, flag gaps in evidence, and streamline workflows with Slack integrations and continuous monitoring.

Product updates
Blog
New security capabilities for startups: Build enterprise-grade trust without compromising speed

Vanta’s security capabilities help startups build enterprise-grade trust at startup-level speed.

Product updates
Blog
New in Vanta | July 2025

This past month, the Vanta team launched new features to help you streamline policy management, identify threats with vendor continuous monitoring, and more.

Product updates
Blog
Streamline audit workflows with the Vanta + Fieldguide integration

The new Vanta + Fieldguide integration helps teams complete audits faster.

Product updates
Blog
New in Vanta | June 2025

This past month, the Vanta team launched new features to help you monitor all of your resources while de-risking audits with adaptive scoping, and more!

Product updates
Blog
Transform the audit experience with Vanta

We’re excited to introduce information requests lists (IRLs), adaptive framework scoping, and controlled audit views to streamline the audit experience and accelerate audit review times

Product updates
Blog
Root Cause Analysis (RCA) of Product Bug (Inc-868)

We are sharing this Root Cause Analysis (RCA) publicly to provide full clarity into the cause of Product Bug (Inc-868) and steps we’re taking to prevent it in the future. 

Force multiply your team and monitor your entire program with Vanta’s AI-powered Trust Management Platform
Product updates
Blog
Force multiply your team and monitor your entire program with Vanta’s AI-powered Trust Management Platform

Vanta’s new features and functionality supercharge your team and expand coverage across your environment.

Introducing the all-new Vanta AI Agent
Product updates
Blog
Introducing the all-new Vanta AI Agent to supercharge GRC teams

The Vanta AI Agent guides you through key compliance workflows and takes action on your behalf.

Product updates
Events
The First AI-powered Trust Management Platform

Discover how AI-powered features and adaptive scoping in Vanta are helping modern teams streamline GRC, reduce manual work, and tailor compliance programs to their business needs.

Product updates
Blog
New in Vanta | May 2025

This past month, the Vanta team launched new features to map controls to policies, streamline policy approvals, tailor your Trust Center, and more.

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products