New in Vanta | June 2025

 This past month, the Vanta team launched new features to help you: 

• Monitor all of your resources while de-risking audits with adaptive scoping
• Streamline how system access is requested, reviewed, and approved with access requests
• Systematically track and resolve issues with issue management
• Collaborate more effectively with commenting improvements
• Get AI-powered recommendations for vendor findings
• Automate Trust Center document approval process with Ironclad
• Meet your notification obligations with new Trust Center subscriber updates
• Strengthen security and compliance workflows with five new integrations

‍

‍

Monitor all of your resources while de-risking audits with adaptive scoping

Companies managing multiple frameworks often face the challenge of how many of their resources to include in their Trust Management Platform. Each framework comes with different requirements. While it's essential to give your auditor the details they need, oversharing can slow the process and increase risk. Vanta's adaptive scoping solves this by letting you precisely control what's shared for audits.

‍

You can now define, manage, and adjust the scope of assets and personnel for different frameworks. For example, you might include your entire engineering and support teams in the scope of a SOC 2 audit, but limit the scope of your PCI-DSS audit to only the employees who handle cardholder data. You decide exactly what your auditor sees—no matter how many assets or employees are in Vanta. This means cleaner audits, less "noise," and fewer follow-ups.

‍

Because you control what's in scope, you can confidently monitor more resources in Vanta—even those not directly part of an audit. Vanta even automatically updates what’s in scope for each framework as your organization grows, keeping everything accurate without constant manual updates. Adaptive scoping gives you complete visibility into your security program—without losing control over what gets audited.

‍

Adaptive framework scoping is available on the Growth package and above. Learn more about adaptive scoping here. 

‍

‍

Streamline how system access is requested, reviewed, and approved with access requests 

Many compliance frameworks—like SOC 2 and ISO 27001—require companies to implement a documented access request process. This process is often cobbled together using spreadsheets, Slack messages, and ticketing systems. While this might work temporarily, it creates inefficiencies and makes it difficult to track who requested access, who approved it, and when it was provisioned. This lack of visibility not only weakens security—it also makes it harder to prove to auditors that your process is effective and compliant.

‍

Vanta’s access requests functionality replaces this patchwork approach with a centralized, automated workflow. Employees can request access directly within Vanta, and system owners are automatically notified to review, approve, and mark the access as provisioned. This streamlined process reduces manual effort, improves audit readiness, and ensures access is granted only when needed. By automating access requests, Vanta helps you strengthen security, scale operations, and stay compliant—without increasing headcount or complexity.

‍

‍

Access requests are currently in  and will be available to customers on the Plus package or above by the end of June. Learn more about access requests here. 

‍

‍

Systematically track and resolve issues with issue management 

Issues can come from anywhere—internal audits, external audits, or day-to-day operations. It’s not enough to simply fix them; you also need to demonstrate to auditors that you’re taking a structured, reliable approach to tracking and resolving them.

‍

Vanta’s new issue management module gives you a centralized, purpose-built way to track and resolve issues across your security and compliance programs. You can log findings as they arise, assign owners, and follow a consistent workflow to ensure nothing slips through the cracks.

‍

It’s more than just a to-do list. With issue management, you capture the outcomes that matter—tying each issue to the relevant risks, controls, and policies for a complete picture of your program’s health. Everything is auditable, reportable, and connected so when audit season comes, you’re not scrambling: You have a clear record of what happened, how it was addressed, and who was responsible.

‍

‍Issue management is currently in preview and will be available to all customers on the Growth package or above in August. To join the issue management preview, contact your Vanta account team. 

‍

‍

Collaborate more effectively with commenting improvements 

Managing risk and maintaining accurate controls often requires cross-functional collaboration between security, GRC, and operational teams. But without a centralized way to communicate, feedback can get lost in long email threads, side conversations, or outdated spreadsheets—slowing down progress and increasing the chance of oversight.

‍

Vanta now makes it easier to collaborate with built-in commenting on risks and controls. Whether you're flagging a concern, suggesting an update, or asking for clarification, comments keep communication clear and contextual—right where the work is happening.

‍

And with comment notifications, your teammates are instantly alerted when they're tagged in any comment across all of Vanta, so nothing slips through the cracks. These updates help teams resolve issues faster, maintain accurate documentation, and keep your risk program aligned and audit-ready.

‍

Commenting on risks and controls and comment notifications are available on all packages. Learn more about commenting in Vanta here. 

‍

‍

Get AI-powered recommendations for vendor findings 

Thanks to Vanta AI, Vendor Risk Management is already helping GRC teams cut their vendor review times by up to 50% with Vanta. We do this through AI-powered analysis that parses through vendor evidence, to create well-cited, accurate responses to the questionnaire topics you care about. 

‍

Now with recommended findings, Vanta AI can further help streamline vendor reviews by surfacing key findings to help you focus on what matters. That means no more sifting through troves of vendor-submitted documents and questionnaires—instead, you can leverage AI to take the initial pass for you. Recommended findings will include the rationale behind each finding, so you can evaluate and determine whether you want to indeed flag it. And because Vanta’s Trust Management Platform covers  your entire GRC program, you can easily tie vendor findings to your overall risk program. 

‍

Learn more about Vendor Risk Management here. 

‍

‍

Meet your notification obligations with new Trust Center subscriber updates 

Companies that operate in highly regulated markets, like the EU, face strict obligations to keep customers informed about key changes to their security programs, whether it’s an updated subprocessor, a change in privacy regulations, or an incident disclosure. But current solutions fall short. Today, blanket notifications are sent to all subscribers with no way to tailor communications or track who actually needs to be notified. Without a centralized, targeted approach, companies struggle to meet compliance standards and risk damaging customer trust with irrelevant or insufficient updates.

‍

Vanta now makes it easy to deliver the right security updates to the right people. With new Trust Center capabilities, customers can organize subscribers into specific groups and send targeted email notifications based on customer profiles and update content. Whether it's posting a public subprocessor update or issuing a private incident notification to a specific customer segment, teams can manage and deliver communications directly from Vanta—no need to pull customer lists or rely on external tools. This streamlined, customizable approach ensures buyers stay informed and confident in your security posture.

‍

Subscriber management is now available to Vanta customers on the Growth package or above. 

‍

‍

Automate Trust Center document approval process with Ironclad 

During the security review process, companies often need to share sensitive documentation with prospective customers. Teams have to manually check if an NDA is already in place before sharing gated security content, slowing down deal cycles and creating friction between sales, legal, and security teams. This manual task is not only time-consuming but prone to delays that impact customer experience and internal efficiency.

‍

Vanta now integrates with Ironclad to automate Trust Center access approvals, streamlining this critical workflow. By setting up auto-approvals based on NDA records stored in Ironclad, companies can use exact email matching, domain-level rules, and custom record fields to securely grant documentation access without manual oversight. This integration empowers sales, security, and legal teams to confidently and quickly share sensitive materials, reducing back-and-forth, shortening review times, and accelerating the path to trust with potential customers.

‍

The Ironclad integration for Trust Center is now available for Vanta customers on the Growth Plan or above. 

‍

‍

Strengthen security and compliance workflows with five new integrations 

This month, Vanta introduced five new integrations to help customers strengthen their security and compliance workflows with greater automation and visibility. The new Ostorlab integration allows teams to seamlessly push vulnerability findings into Vanta’s tracking system, streamlining the path from discovery to resolution. With Osano, customers can now integrate cookie consent management to ensure data collection is transparent and privacy-compliant. 

‍

We’ve also expanded support for security awareness training with a new Cyberly integration and integration with NINJIO, both enabling automatic ingestion of training records to help meet compliance requirements. 

‍

Finally, our latest Confluence Data Center integration is now with feature parity to Confluence Cloud, and lets users sync key documentation and track access with ease.

‍

‍

Try it for yourself!

Log in to your Vanta account to try out these new features today. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.