Company news
Vanta Named Leader in Cloud Compliance Software by G2
BlogsCompany news
October 6, 2021

Vanta Named Leader in Cloud Compliance Software by G2

Vanta is a Leader in Cloud Compliance Software, receiving the highest customer satisfaction rating among products in cloud compliance, according to G2. With the most customer reviews in the market, a majority of customers rated Vanta with five stars.

The Grid Report for Cloud Compliance for Fall 2021 represents the real software user community. G2 rates products and sellers based on reviews from the community, as well as social networks and online resources. G2 creates a unique algorithm using review calculations from customer satisfaction and market presence scores in real time. Technology buyers use the Grid as a trusted benchmark for product analysis, market trends, and straightforward customer reviews.

G2 has named Vanta as a Leader and High Performer for the last couple of years. This year, Vanta’s highest rated features include compliance monitoring at 94% approval rating, security auditing at 92%, and cloud gap analysis at 91%. Here is just some of what our customers have to say about their experience with Vanta.

Ease of use

One company was looking for a structured process for obtaining SOC 2 compliance and a way to keep security best practices in place. They adopted Vanta for a streamlined SOC 2 compliance strategy and their Founder and COO had this to say about their experience:

“We found Vanta to be an amazingly straight-forward way to pursue our SOC2. If you're running a SaaS business like ours, Vanta's integrations with AWS, Google, and all our other providers meant that performing control checks was automated and easy. We were anticipating many months of work to get our SOC2, and Vanta cut down our expected effort by an order of magnitude.”

An IT executive adopted Vanta for SOC 2 compliance and shared this review:

“Vanta is remarkably easy to get up and running and once it's working all we have to do is follow-up on the actions they send us. Getting and staying compliant is easier than it ever has been.
[Vanta] constantly ships new features that make our lives easier and if there are ever bugs, they act on them quickly.”

Security compliance automation

A small startup was looking to implement an infosec program nearly from scratch, but also had some existing manual labor-based programs that they needed to replace. They were concerned that the level of effort could be a major obstacle to a strong security posture and eventually obtaining a certification. Vanta provided the team with vetted vendors that could help support the auditing and certification process. They shared this review:

“One of the most immediately impactful features centers around Vanta's excellent integrations which automate a massive amount of otherwise manual labor. Vanta has always had highly responsive customer support for issues and feature requests. Throughout our time using this platform Vanta has shipped many time-saving feature updates and releases. These are great and keep the platform delivering on that primary goal of ensuring compliance while adding efficiency and reliability. The regular and actionable email alerts allow our administrators to stay on top of any security gaps or updates with the information needed for follow-up.
The onboarding tools make it especially easy to get new employees or contractors set up and tracked in a way that aligns with company policy while being simple and streamlined for the user.”

Continuous security monitoring

Several reviewers are still in the process of getting SOC 2 certified. One customer adopted Vanta in the hopes of saving time in the enablement of SOC 2. They have this to say about their ongoing Vanta experience:

"We have immediately realized benefits by saving countless developer hours per week when it comes to both identifying and tackling security vulnerabilities in our cloud infrastructure.
Constant monitoring of our key services in the cloud allows our engineering team to rapidly identify areas that need to be worked on and triage issues identified by Vanta. Vanta gives us peace of mind when going in for critical review periods, such as the SOC2 audit. Over time we have come to rely on Vanta for our core security needs as the company grows.”

An Engineering Manager who is using Vanta to become SOC 2 and ISO 27001 certified shared how their expectations of a one and done process has changed since adopting Vanta:

“Vanta doesn't let us forget about security issues. They are alerting us all the time about things that should be improved, new hires that didn't go through the security training, containers with vulnerabilities, repositories without owners or descriptions, and so on. All those problems happen frequently, and having a tool that tells us when we are doing something wrong is amazing. It also offers us seamless integration with AWS, allowing us to bulk tag our resources, dramatically reducing the manual job there.”

More about Vanta

The fast, easy way to get a SOC 2

Why customers trust Vanta

Automate your HIPAA compliance

Written by
No items found.
Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail

PCI Compliance Selection Guide

Determine Your PCI Compliance Level

If your organization processes, stores, or transmits cardholder data, you must comply with the Payment Card Industry Data Security Standard (PCI DSS), a global mandate created by major credit card companies. Compliance is mandatory for any business that accepts credit card payments.

When establishing strategies for implementing and maintaining PCI compliance, your organization needs to understand what constitutes a Merchant or Service Provider, and whether a Self Assessment Questionnaire (SAQ) or Report on Compliance (ROC) is most applicable to your business.

Answer a few short questions and we’ll help identify your compliance level.


Does your business offer services to customers who are interested in your level of PCI compliance?


Identify your PCI SAQ or ROC level

The PCI Security Standards Council has established the below criteria for Merchant and Service Provider validation. Use these descriptions to help determine the SAQ or ROC that best applies to your organization.

Good news! Vanta supports all of the following compliance levels:


A SAQ A is required for Merchants that do not require the physical presence of a credit card (like an eCommerce, mail, or telephone purchase). This means that the Merchant’s business has fully outsourced all cardholder data processing to PCI DSS compliant third party Service Providers, with no electronic storage, processing, or transmission of any cardholder data on the Merchant’s system or premises.

Get PCI DSS certified


A SAQ A-EP is similar to a SAQ A, but is a requirement for Merchants that don't receive cardholder data, but control how cardholder data is redirected to a PCI DSS validated third-party payment processor.

Learn more about eCommerce PCI

for service providers

A SAQ D includes over 200 requirements and covers the entirety of PCI DSS compliance. If you are a Service Provider, a SAQ D is the only SAQ you’re eligible to complete.

Use our PCI checklist

Level 1 for service providers

A Report on Compliance (ROC) is an annual assessment that determines your organization’s ability to protect cardholder data. If you’re a Merchant that processes over six million transactions annually or a Service Provider that processes more than 300,000 transactions annually, your organization is responsible for both a ROC and an Attestation of Compliance (AOC).

Automate your ROC and AOC

Download this checklist for easy reference


Learn more about how Vanta can help. You can also find information on PCI compliance levels at the PCI Security Standards Council website or by contacting your payment processing partner.

The compliance news you need. Delivered securely to your inbox.