New in Vanta | August 2025

This past month, the Vanta team launched new features to help you: 

• Get compliant fast with the new CJIS framework in Vanta
• Focus your first-time compliance journey with intelligent control scoping for SOC 2 and ISO 27001
• Streamline governance with multiple risk approvers
• Track all trust activity from one unified customer profile
• Bring your own Trust Center access authorization 
• Accelerate vendor collaboration with AI answers for vendor questionnaires

‍

Get compliant fast with the new CJIS framework in Vanta

If your company handles data for law enforcement, public safety, or criminal justice agencies, the CJIS Security Policy likely applies to you. The FBI-defined standard outlines how sensitive Criminal Justice Information (CJI), like arrest records, biometric data, and case histories, must be protected. But with no central certification process, vague policy language, and state-by-state enforcement, CJIS compliance can be complex and time consuming.

‍

Vanta’s new CJIS framework gives you the fastest path to compliance, with up to 40% automation, expert-backed templates, and real-time monitoring that keeps you on track. 

‍

With Vanta you can:

• Automate evidence collection across 375+ tools 
• Use pre-mapped policies and documents to simplify requirements
• Reuse policies, tests, and documents from other frameworks like SOC 2 and ISO 27001 that overlap with CJIS, reducing duplicative work
• Get guidance and visibility to prepare for state audits with the guesswork

‍

Whether you’re entering the public safety market or scaling to support more CJIS-covered contracts, Vanta helps you stay compliance and contract-ready with fewer spreadsheets and more peace of mind.

‍

‍

CJIS framework now generally available. Download our checklist to see how to get started. 

‍

Focus your first-time compliance journey with intelligent control scoping for SOC 2 and ISO 27001 

Some SOC 2 and ISO 27001 requirements aren’t relevant for every business—for example, a remote-first startup that doesn’t maintain a physical office space that has to comply with physical security requirements they don’t need to implement. Previously, it was up to each person to sift through the requirements and self-determine what they can opt-out of, which can be confusing and time consuming. 

‍

Vanta now makes it easy to align your first-time compliance requirements with your unique business context, through intelligent control scoping. During your first logged-in session in the Vanta platform, you’ll be asked a few simple questions to uncover opportunities to remove unnecessary controls, lowering your scope of work and helping you get audit-ready even faster. Vanta automatically logs your answers as rationale to your auditor, ensuring the audit process goes smoothly. 

‍

Plus, if and when your business context changes, you can update your answers and scope accordingly.

‍

‍

Control scoping is now available for Vanta customers on the Core plan or above managing SOC 2 and/or ISO 27001.

‍

Streamline governance with multiple risk approvers

Security and compliance teams need to ensure that risk assessments are reviewed and approved by the right people—often someone other than the person who owns the risk. This separation of duties is a core governance principle, especially for higher-risk items where broader oversight is needed.

‍

With multiple risk approvers, you can align your risk approval workflows directly with your internal governance process:

• Submit a risk for approval when ready for approvers to review (available on all plans).
• Assign a single designated approver to a risk. This can be the risk owner, a risk admin, or a risk editor (available on the Core plan and above).
• Assign multiple approvers and create multi-step workflows with up to five approval steps. Each step includes up to three approvers for broader oversight (available on the Growth plan and above).

‍

By embedding these approval flows directly into Vanta, you can eliminate spreadsheet workarounds, maintain clear separation of duties, and keep a consistent, auditable record of every decision. This results in stronger oversight, less admin friction, and more confidence in your risk program.

‍

Multiple risk approvers is now generally available.

‍

Track all trust activity from one unified customer profile

Customer trust data is often scattered across places, from questionnaire activity and Trust Center engagement to document access requests and NDAs. With each touchpoint stored separately, it becomes challenging to get a unified view of all trust-related activity for a specific customer. This leads to a lack of visibility into how prospects progress and how customers engage at key trust touchpoints. 

‍

We’re solving this with a unified customer profile that brings all trust-related activity together. Teams can now track engagement across accounts, from Trust Center views (now available), NDA and auto-approval access at the account level (now available), to questionnaires in progress (coming soon). This unified view helps teams understand account behavior, manage permissions securely, and stay aligned with consistent, account-level insights.

‍

Unified account views are now available for all customers with Trust Center.

Bring your own Trust Center access authorization 

Security and compliance teams want to give their customers seamless access to the Trust Center. To achieve this, teams are seeking scalable, streamlined solutions that eliminate friction and create a more intuitive experience for users, while ensuring they are sharing the right content with the right people. 

‍

With Vanta’s Trust Center, you can now bring your own authentication methods. This means customers already logged into your platform with specific user or account-level permissions can access your Trust Center without additional steps or approvals. All they need to do is log into your product as usual, then, using JWT-based authentication, you can provide them with seamless and personalized access to your Trust Center. You can manage access confidently through a single, streamlined workflow, while customers maintain a consistent experience across your web properties. 

‍

‍

Bringing your own Trust Center access authorization is now in preview for customers with Trust Center Advanced. If you are interested in joining the preview, please reach out to your account team. 

‍

Accelerate vendor collaboration with AI answers for vendor questionnaires 

Our new vendor AI answers feature is designed to make responding to vendor security questionnaires faster, easier, and more accurate. Instead of manually searching through documentation and past responses, vendors can now leverage AI to generate suggested answers directly within Vanta. 

‍

When a security or compliance questionnaire is uploaded, Vanta AI scans linked documents, such as policies or SOC 2 reports, and proposes relevant, context-aware answers. Vendors can quickly review, edit, and approve these suggestions before submitting them, ensuring both accuracy and compliance. This saves time by reducing repetitive manual work for the vendor, removes bottlenecks in the security review process, and improves consistency across multiple questionnaires. 

‍

‍

AI answers for vendor questionnaires are available to all Vendor Risk Management customers. Learn more about the feature here. 

‍

Try it for yourself!

Log in to your Vanta account to try out these new features today. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.