November 13, 2023

Introducing Private Links: A faster, easier way to gather vendor security information

Written by

Pranav Deshpande

Senior Product Marketing Manager

Neil Patil

Senior Product Manager

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

When it comes to conducting vendor security reviews, the two most time-consuming tasks are gathering the relevant information from your vendor and analyzing it thoroughly. Last month, we announced AI-powered security document analysis to drastically simplify the process of extracting insights from SOC 2 reports, DPAs, and other sources that document a vendor’s security posture.

‍

Today, we’re excited to announce Private Links, a new set of capabilities in our Vendor Risk Management solution to automate how security teams request security information from vendors. Read on to learn how it works.

‍

The challenges of exchanging up-to-date security information

There are two sides to every security review, and both require significant time and effort. In fact, Vanta’s annual State of Trust Report found that 8 in 10 businesses (83%) have increased or plan to increase their use of automation, in particular for reducing manual work and streamlining vendor risk reviews and onboarding.

‍

Vendors are bogged down providing the same information over and over again, while buyers struggle with the volume of information they need to analyze before making a decision. Vanta automates both sides of the security review process with workflows that enable a seamless exchange of information between vendors and buyers.

‍

If a vendor uses Vanta to demonstrate their security posture, buyers can easily view and request information from their public Trust Center. But if the vendor isn't on Vanta, getting their security information is a painful and time-consuming process, requiring hours going back and forth over email. Another option is to use existing third-party risk management tools, but they provide clunky questionnaire-centric portals that are onerous for vendors to use. Other tools offer managed services to collect information, but these are prohibitively expensive.

‍

Automating security information requests with Private Links

Vanta’s approach to exchanging accurate, up-to-date security information is simpler for vendors, and more automated for buyers.

‍

With Private Links, VRM now lets you create fully customizable links that can be sent to your vendors at the start of a security review. Links are unique to each vendor and can be customized to request only the documents that need to be reviewed for that vendor.

‍

For example, this is what you'd see when using Private Links to review a potential vendor's security posture. In this case, the vendor is Vanta.

‍

‍

When your vendor opens the link, they see a clean page with easy-to-follow instructions to upload the requested documents.

‍

‍

In this case, Factio is requesting a SOC 2 Report and DPA from Vanta. All they have to do is upload these documents to complete the request. They can also invite team members to collaborate on completing the request.

‍

The buyer is automatically notified when the vendor submits the requested information. These documents immediately show up in the security review section in VRM, where the buyer can use Vanta AI to instantly analyze them and extract findings.

‍

‍

Get started with Private Links

Private Links are now available to Vendor Risk Management customers. Want to learn more? Get in touch to schedule a demo and learn more about how Vanta can save hours per week in your security review process.

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail