December 5, 2023

Introducing new products to secure and accelerate an AI-powered future

Written by

Jeremy Epling

Chief Product Officer

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Last year at VantaCon 2022, co-founder and CEO Christina Cacioppo shared our vision for evolving Vanta from an automated compliance tool to an end-to-end trust management platform.

‍

Since joining Vanta as Chief Product Officer this summer, I’ve had the opportunity to continue expanding Vanta’s trust management platform to scale with you beyond your initial set of compliance frameworks — helping you turn security and compliance into strategic assets, build and deepen customer trust, and realize greater efficiencies from your security and engineering teams. Powered by Vanta AI, we’ve advanced our platform to help you manage security and compliance with less work and more confidence.

‍

Today we’re excited to announce new and upcoming product capabilities that empower you to accelerate innovation and strengthen security in an increasingly AI-driven world. These offerings include advanced reporting and dashboards, additional integrations and customization, support for the NIST AI Risk Management Framework, and new Vanta AI capabilities like policy generation and automatic mapping across risks, controls, tests, and frameworks.

‍

Unify security program management with advanced reporting and dashboards

When you can see everything in one place, you’re better equipped to make informed decisions. But this is getting harder as the number of risks, tools, and data increases. In fact, Vanta’s State of Trust Report found that only 4 in 10 organizations rate their risk visibility as strong.

‍

Launching today, Vanta’s new reporting experiences empower you with insights so you can prioritize and act on key risks for your company, measure the success of your security program, and influence stakeholders with data. These reporting enhancements include three new reports to help you manage your security program more effectively:

‍

Risk Management Dashboard: Quickly get up to speed on risk management from one place. Understand your company’s risk distribution with a risk heat map and identify areas that may need investment before they become critical with the Top Risk Categories graph. Currently in preview, Risk Management Dashboard gives you an overall status of risk treatment, including unapproved risks by treatment type and overdue tasks, and lets you view risk trends to understand how your company is progressing over time.

‍

Workspaces Console Dashboard: Manage framework progress, controls and evidence, and audit schedules across multiple business units in one place. The Workspaces Console Dashboard gives you a unified view of security and compliance across different business units so you can identify the parts of your organization that require attention and assign ownership to the right team members.

‍

Executive Report: Visualize, summarize, and measure the state of your entire program. See top-level program KPIs, like risk over time and framework progress, and get the insights you need to make recommendations and influence stakeholders.

*Measure the state of your program with Executive Report.*

‍

More integrations and more customization for the modern GRC leader

Compliance isn’t a cost center; it’s an accelerator and differentiator. That’s why we continue to scale and evolve our GRC offering to help you build, maintain, and expand your compliance program — with a lot less work.

‍

This starts with our integrations, which provide continuous, real-time monitoring of your security and compliance. From data warehouse and cloud providers to HRIS and CRM tools, we’re excited to announce that Vanta now supports over 300 integrations to power even more automation across your tech stack.

‍

*Vanta now supports 300 (and counting!) integrations.*

‍

With the Vanta Integrations API, generally available today, you can also create your own integrations to connect your internal tools to Vanta. These private integrations let you monitor your in-house systems with the same level of automation as our pre-built integrations.

‍

Building your own integration is just one of the ways you can adapt Vanta to meet your unique needs. In other cases, you may want to tweak an existing integration or test. This is where customization comes in. Over the coming weeks, we’ll be rolling out two new ways for you to customize tests within the Vanta platform:

‍

Modify Vanta’s built-in tests by customizing certain parameters. For instance, you can adjust the default retention time on a test to meet your company’s internal governance requirements.

‍

Create new tests with new logic, which will especially be useful if your company has unique internal audit commitments or industry-specific or region-specific controls, such as local data residency requirements.

‍

*Customize parameters like log retention time for built-in tests.*

‍

Additionally, we’ve also improved test visibility to give you a look under the hood of Vanta tests, including the API requests Vanta is making and the resources fetched. Now live, this improved test visibility helps you verify the accuracy of tests and fix findings more easily.

‍

NIST AI Risk Management Framework and new Vanta AI use cases

The rapid rise of generative AI has created new opportunities for innovation while also introducing new risks, and many of you are looking for AI risk management best practices as regulations are still being developed. At Vanta, we’re committed to the safe and responsible use of AI and helping you do the same.

‍

Today, we’re announcing our next step in that journey by adding support for NIST AI Risk Management Framework within the Vanta platform. NIST AI Risk Management Framework is a structured guideline developed by NIST aimed at mitigating risks associated with the development of AI products. With support for the NIST AI RMF, we’ll help the most innovative companies continue to push boundaries with AI in a secure and responsible way.

‍

And to further realize the potential of AI in streamlining manual security and compliance processes, we’re also excited to announce new upcoming use cases for Vanta AI today. These include:

‍

Automatic mapping across risks, controls, tests, and frameworks
Policy generation and explanation
Automatic code and script generation for easy test remediation
Automatic ingestion for info from screenshots

‍

These are just a few examples of how we’re leveraging AI to transform the future of trust — and we’re just getting started.

‍

Unveiling the future of trust in an AI world

We’re excited to debut these new features today at VantaCon 2023, our annual user conference, where we’ll also share our future vision for Vanta and bring together AI experts and security leaders to discuss the future of trust in an AI world. Speakers include Christina Cacioppo, Aaron Levie, Nat Friedman, Andrew Reed, Sarah Guo, Harrison Chase, Tom Dotan, and others. To learn more, visit vantacon2023.com.

‍

To learn more about our UK edition, visit https://events.vanta.com/vantaconuk.

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail