New in Vanta | November 2024

This month, the Vanta team launched new functionalities to help you, including:

‍

• Australian data center
• Commenting on security questionnaires
• Policy Builder and compliance roadmap for ISO 27001
• CIS AWS Foundation Benchmarks
• New frameworks available: FedRAMP r5, EU AI Act
• Integrate and automate with even more third-party systems

‍

‍

Delivering data locality with Vanta’s Australian data centre

Organisations in the ANZ region may face a myriad of rules and regulations around data residency that they need to follow—particularly for regulated industries like financial services, gaming, and government institutions. It’s critical that ANZ organisations feel confident about the safety, security, and accessibility of their data. Even more, local data residency can be an important signal to customers about an organization’s commitment to privacy and security.

‍

Vanta is proud to announce the availability of our Australian data centre, which will enable us to better deliver our platform to ANZ organizations as they establish and scale their compliance programs. We see this is a crucial step towards continuing our investment in the ANZ region, and are excited to offer this option to new and existing Vanta customers. 

‍

‍

This new data centre is located in Sydney, New South Wales and built on Amazon Web Services (AWS). Existing Vanta customers can discuss a migration with their Customer Success Representative. Those interested in becoming Vanta customers can book a demo to learn more.

‍

‍

‍

Commenting on security questionnaires

As security organizations mature, they’ll likely require multiple team members and subject matter experts to review and collaborate on questionnaire responses. With new commenting capabilities built right into Questionnaire Automation, teams can comment on individual questions, @-mention teammates, and optionally notify them via email, Slack, or Teams. Along with the recently launched capabilities for question assignment and subject matter expert approval, commenting makes collaborating in Vanta easier than ever. All this means less context switching between different tools, and easier collaboration to discuss, align, and submit questionnaires that’s both fast and accurate. 

‍

‍

Learn more about Questionnaire Automation.

‍

‍

‍

Policy Builder and compliance roadmap for ISO 27001

We are excited to announce that Policy Builder is now available for all ISO 27001 policies. Policy Builder is a dynamic policy creation and editing tool with step-by-step guidance, fill-in-the-blank prompts, and section editing guidance to help you understand required versus optional details. 

‍

With Policy Builder, you can move through policy creation faster than ever, tailoring policy documents to your unique needs and feeling confident you're audit ready while doing so. Policy Builder is now available for all SOC 2 and ISO 27001 policies, with additional framework policy sets being added in the future.

‍

‍

‍

Vanta also now helps you get ISO 27001 compliant quickly and efficiently with a personalized compliance roadmap that guides you through each key milestone and keeps you on track toward achieving certification. After answering a few questions about your ideal timeline and tech stack, Vanta will create a milestone-driven guide that breaks down the process into four key phases to help you stay on track. You’ll be guided to complete specific steps within each phase and can access additional guidance when you need it.

‍

‍

 Book a demo today to learn more.

‍

‍

‍

CIS AWS Foundations Benchmark support

Vanta has added automated tests for the CIS AWS Foundations Benchmark, enabling you to harness the power of Vanta’s continuous monitoring to streamline your security program needs. The CIS AWS Foundations Benchmark prescribes secure configuration guidelines for AWS users, and offers practical steps towards hardening your AWS cloud infrastructure. With Vanta, you’ll be able to continuously monitor your AWS infrastructure for alignment with the CIS AWS Foundations Benchmark, centralizing another key aspect of security monitoring in Vanta.

‍

Learn more about the CIS AWS Foundations Benchmark tests in Vanta.

‍

‍

‍

New and updated frameworks: FedRAMP r5, EU AI Act, Title 23 NYCRR Part 500.

Vanta now supports the following frameworks that are now generally available globally:

‍

FedRAMP r5: Vanta now offers updated control sets aligned with FedRAMP r5 control baselines, ensuring your organization meets the latest cybersecurity requirements. As part of the revision five upgrade, Vanta provides new policy templates to streamline the process of developing compliant policies. Vanta has also enhanced its documented guidance on how to implement controls, what to expect during an audit, and how to approach evidence collection. 

‍

EU AI Act: Vanta now offers support for the EU AI Act, helping you meet emerging regulations and avoid significant penalties. We support all AI-specific controls, policies, tests, and documents mandated by the act. Vanta categorizes AI systems as “high-risk” or “low-risk” based on regulatory criteria and automates collection of the evidence needed to prove compliance, enabling continuous compliance monitoring while also automating AI risk assessments. Our new offering also ensures that you have the necessary documentation for external auditors—making compliance with the EU AI Act seamless.

‍

Title 23 NYCRR Part 500: The Title 23 NYCRR Part 500 Compliance Module provides an automated workflow tailored to the NY Department of Financial Services (NYDFS) cybersecurity requirements, and streamlines tracking, reporting, and documentation. This solution enables customers to manage risk assessments, access reviews, and incident response plans with pre-configured templates aligned to the regulation.

‍

You can find a full list of the 30+ frameworks that Vanta supports here.

‍

‍

‍

New and enhanced integrations deliver additional automation to your program

This month, we introduced key improvements to several existing integrations. The Wiz integration now supports the ability to bring Wiz vulnerabilities into Vanta, allowing you to establish and track SLAs easily. With the HubSpot integration, you can now automate Trust Center access requests for existing contacts in your CRM. We’ve expanded our integration with Orca to support CSPM alerts – now, you can pull in security alerts, test them against SLAs, and receive alerts if anything falls out of compliance. The GCP integration now includes support for Workload Identity Federation for more secure connections to Vanta. Finally, the Jira integration now includes support for task tracking labels for incident management and resolution.

‍

We also introduced two new integrations supporting Report It and Central, both of which pull in user access data to power user access reviews and satisfy key controls.

‍

Explore all our integrations or tell us about any others you’d like to see.

‍

‍

‍

Try it for yourself!

Log in to your Vanta account to try out these new features if they are a part of your plan. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.