November 20, 2024

Vanta unveils new product innovations to move compliance beyond the standard

Written by

Jeremy Epling

Chief Product Officer

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

These days, the bar for proving trust keeps getting higher. A SOC 2 report used to signal the end of security reviews—now, it marks the beginning. Security and GRC teams are tasked with monitoring and remediating a growing web of controls, vendors, questionnaires, and risks, which is made even more complex by discerning buyers.

‍

Vanta now helps customers go beyond the standard of SOC 2, with continuous controls monitoring, automated evidence collection, and tools to proactively demonstrate trust. We now monitor more than 92 million resources, have helped remediate more than 871 million vulnerabilities, and our customers' trust centers have garnered more than 2.6M views.

‍

As we host our annual VantaCon user conference, we want to celebrate our more than 8,000 customers who’ve been along for the journey. Today, we’re excited to introduce new experiences like advanced scoping, developer-first workflows, AI-powered chat for Trust Center, Vanta for Marketplaces, and more to help our customers build, demonstrate, and strengthen their trust programs.

‍

BUILD TRUST

Control what auditors and customers see with scoping

Through adaptive scoping, Vanta will soon make it easy to control which assets your auditors can see. For example, you may be working across multiple frameworks, but only want your PCI auditor to view assets specific to that framework. With scoping, you’ll be able to apply rule-based logic to automatically tag specific assets to a given framework. This means you can scope down exactly which resources your PCI auditor can see—giving them visibility into the items they need to review and nothing more.

‍

You’ll be able to tag parts of your program to frameworks as well as use tags for products and regions. This drastically expands tags beyond audits and into security workflows, such as answering customer security questionnaires based on the product they’re inquiring about or the region they’re purchasing from.

‍

With scoping, you can centralize even more of your program onto Vanta and take advantage of the platform’s continuous monitoring and automation, all while maintaining granular control over what outside audiences can view.

‍

Scoping is currently in Beta. Contact your account team to see if you’re eligible to participate.

‍

Reduce time to remediation, with developer-first workflows

In order to remediate compliance gaps quickly, GRC teams need to be in lockstep with their developers. Teams are already shifting left to embed more of their security and compliance earlier in the development process, but they’re also looking for ways to drive collaboration with developers.

‍

To help speed up remediation, Vanta AI can now generate personalized Terraform code snippets to help you address failing tests. This will help you streamline the remediation of 175+ cloud tests across AWS, Azure, GCP and more, with alerts about what needs to be remediated and the code snippets to do it. In addition, you can now automate Jira ticket creation for any tests that fail, ensuring your stakeholders and development teams are alerted at the moment an issue occurs and can track progress against them in real time.

‍

AI-generated Terraform remediation instructions are generally available and automated Jira ticket creation is available in Beta.

‍

Increase program visibility with new reports and drill down capabilities

Following the launch of Report Center earlier this year, we’re thrilled to announce reporting drill downs to help you go deeper into your data. Now available in Beta, these new capabilities allow you to view how your program has been trending over time while giving you actionable insights to improve your program. For example, clicking into a test remediation timeline allows you to view a list of all the remediated tests in that time period, offering you powerful insights into what was done, when it was completed, trends, and next steps.

‍

We also have two new reports coming soon: the Questionnaire Automation report that will help you quantify time saved on security questionnaires and the Vulnerabilities report to view the status and history of your vulnerability management program.

‍

Reporting drill downs are available in Beta, with two new reports available soon.

‍

Win as one team with multi-stakeholder approvals and team-based ownership

Compliance is a team sport, and Vanta is making it easier than ever for GRC teams to collaborate. Vanta will soon offer the ability to add multiple approvers and approval steps to policies and documents, drastically streamlining approval workflows and ensuring the right people are completing these subject- and time-sensitive reviews. You’ll also be able to assign ownership of tests to an entire team. This allows multiple team members to take action on tests, removing bottlenecks that can form when assigned to just one person.

‍

Team-based ownership on tests, policy approvals, and document approvals will be available soon.

‍

DEMONSTRATE TRUST

Deflect inbound security reviews with AI-powered chat on your Trust Center

Vanta not only supports your journey to build trust, but also helps you demonstrate your security and compliance posture to prospects and customers. Vanta is already home to the largest network of public-facing trust centers, helping our customers streamline security reviews for up to 87% of their buyers. Earlier this year, we announced the public beta of the AI-powered chatbot for Trust Center. Since the beta began, more than 550 customers have found success.

‍

Today, Vanta is excited to make our AI-powered chatbot for Trust Center generally available. With Vanta’s chatbot, you can deflect inbound questions with information from your Trust Center, giving stakeholders the documentation they’re looking for and the answers they need. You also get insight into the security questions that your customers and prospects have about your controls, creating a continuous feedback loop to proactively improve your program.

‍

AI-powered chatbots for Trust Center are generally available, learn how to activate it today.

‍

STRENGTHEN TRUST

Build a trust ecosystem with Vanta for Marketplaces

For companies with an app marketplace, trust doesn’t end at the walls of your organization. If the apps in your ecosystem aren’t secure, your customers won’t adopt them. This makes your platform less sticky, and leaves value on the table for your customers.

‍

Today, we are excited to announce Vanta for Marketplaces, a new solution designed to strengthen trust across your entire ecosystem. With Vanta for Marketplaces, you can tailor custom frameworks to your unique requirements, allowing customers to see which partners in your ecosystem meet these standards. Companies like Atlassian and Snowflake have already begun rolling out this solution with Vanta.

‍

Atlassian’s team worked with Vanta to enable their Atlassian Marketplace partners to meet their standards for trust and compliance. All told, over 400 of Atlassian’s partners have achieved or are working toward their SOC 2 with Vanta, building confidence among Atlassian customers and driving increased app adoption on their Marketplace.

‍

‍

Contact us, if you’d like to learn more about how Vanta can support your ecosystem today.

‍

With these new tools, Vanta customers can go beyond the standard—building, demonstrating, and strengthening trust with every action, every day. Watch our keynote on-demand to see everything we launched at VantaCon 2024.

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail