February 10, 2025

New in Vanta | February 2025

Written by

Vicki Robertson

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

This past month, the Vanta team launched new features to help you:

Export data from Report Center for deeper analysis
Grant source data access to your auditor to fulfill completeness and accuracy requirements
Reduce time to remediation with developer-first workflows
Ensure proper review of questionnaires with approval workflows
Manage risk more efficiently with Vanta API risk endpoints
Deliver additional automation to your program with new integrations

‍

Export data from Report Center for deeper analysis

All companies can benefit from understanding the data behind their security and compliance program. Report Center provides a centralized view and actionable insight through reports that are easy to configure and share. Not only can you drill down to see underlying data across a growing number of reports, but you can now export the trends data from the Program Overview Report in CSV format.

‍

Once exported, analyze the data in your preferred analytics tool. All users with view or edit access to the Program Overview Report have the ability to export data.

‍

‍

Learn more about Report Center.

‍

Grant source data access to your auditor to fulfill completeness and accuracy requirements

‍

Auditors often request to see the source data behind a Vanta test to confirm that the results generated in Vanta are valid. Customers already have access to this information in Vanta, and now you have the ability to grant access to this information to your auditor.

‍

Proactively grant test source data access at the time of audit creation or any time after. Your auditor can request access within Vanta as well. Once granted, your auditor will be able to fulfill their completeness and accuracy requirements independently, further streamlining your audit process.

‍

‍

Learn more about the Audit Page.

‍

Reduce time to remediation with developer-first workflows

Remediating compliance gaps quickly requires seamless collaboration with your cross-functional developer team—but with many different teams and tools involved, it can often take longer than expected.

‍

A few months ago, we released the ability for Vanta AI to generate personalized Terraform code snippets for 175+ cloud tests across AWS, Azure, GCP, and more, to help you make necessary changes to failing tests.

‍

Today, we’re excited to announce expanded support for AWS CLI and AWS CloudFormation code snippets as well. Meet your developers where they are and provide them the exact details they need to streamline remediation of critical infrastructure.

‍

AI-generated remediation instructions are available in open preview to customers who have opted-in to Vanta AI.

‍

Ensure proper review of security questionnaires with approval workflows

Sometimes it can take a village to get a security questionnaire over the finish line. With a number of stakeholders and subject matter experts in the mix, it’s important to ensure the integrity and accuracy of the information.

‍

Now, you can assign a questionnaire approver who ensures all information is accurate before it's finalized and submitted. Only Admins and Trust Admins can be approvers and officially mark a questionnaire as approved. We’re also introducing new statuses for each questionnaire: ready for review, in review, waiting on answers, and approved. When advancing the questionnaire through each stage of the process, automatically alert the next owner in the process to hop in for review. This new approval workflow defines accountability and ownership for each step in the questionnaire process.

Learn more about questionnaire automation approval workflows.

‍

Manage risk more efficiently with Vanta API risk endpoints

Mature risk programs often use Vanta alongside additional tools to track, create, or update risk scenarios. For example, companies use collaboration software to vet ideas for new risk scenarios before adding them to Vanta, or they can score a risk in a risk quantification platform before adding the risk values to Vanta. To better serve this need, Vanta has developed four new endpoints to support key risk scenario use cases: list risk scenarios, create risk scenario, get risk scenario by ID, and update risk scenarios.

‍

You now have the flexibility to seamlessly work across systems and automatically update the results in your Vanta risk register.

‍

‍

Click here for more information about the Vanta API.

New integrations deliver additional automation to your program

This month, we introduced three new integrations with Rapid7, Syntra, and Outthink. Organizations using Rapid7 can sync asset and vulnerability data into Vanta, centralizing important evidence for compliance. The Syntra integration allows you to pull vulnerabilities from Syntra’s 0Vuln solution, and track and manage your SLAs within Vanta. Use the Outthink integration to sync security awareness training data with Vanta’s centralized personnel data, and satisfy compliance requirements.

‍

Explore all our integrations or tell us about any others you’d like to see.

‍

Try it for yourself!

Log in to your Vanta account to try out these new features today. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail