Security

Overview and Security Statement:

Data Security and our customers’ privacy is a key component of Vanta’s business model.  Vanta devotes significant resources to ensuring that we meet all facets of multiple industry and regulatory best-practices for protecting the Confidentiality, Processing Integrity, Availability, and Privacy of customer data. The following is an overview of Vanta’s security posture and key controls. If you have any questions please feel free to reach out to us at security@vanta.com. and we’ll get back to you ASAP!

  • Change Management: 

Vanta’s software development practices are aligned with industry best practices and follows a defined software development life cycle methodology. This development process introduces security and privacy control specifications during the feature and component design and throughout the development process.

  • Strong Encryption: 

Vanta has deployed secure methods and protocols for transmission of confidential or sensitive information over public networks. Databases housing sensitive customer data are encrypted at rest. Vanta uses only recommended secure cipher suites and protocols to encrypt all traffic in transit and Customer Data is securely encrypted with strong ciphers and configurations when at rest.

  • Access Controls

Vanta uses secure access protocols and processes and follows industry best-practices for authentication, including Multifactor Authentication and Single Sign on (SSO). All production access requires the use of two-factor authentication, and network infrastructure is securely configured to vendor and industry best practices to block all unnecessary ports, services, and unauthorized network traffic. 


  • Vulnerability Management 

Vanta performs automated continuous vulnerability scanning of our environment and contracts with reputable external security firms to perform technical testing against our critical systems. We also employ a suite of tools and processes to perform continuous auditing and monitoring of our infrastructure for suspected malicious activities, unpatched systems, misconfigurations, and other potential vulnerabilities. 


Additionally:

  • Vanta performs a periodic Enterprise Risk Assessment to identify and prioritize current and emerging threats.
  • Vanta enforces host-based protections on all of our infrastructure and user endpoints, such as disk encryption, locking screensavers, and use of antimalware controls. 


  • Awareness and Background Checks

Vanta conducts background checks on all employees before onboarding, and employees receive comprehensive security awareness and privacy training at hire and on an ongoing basis. All employees are required to read and acknowledge our information security policies, which include specific provisions for the protection of customer data. 


  • Culture and Code of Conduct

Vanta has developed a code of conduct that addresses acceptable business practices, conflicts of interest, and expected standards of ethical and moral behavior, as well as employee confidentiality agreements that prohibit the inappropriate use and disclosure of customer or company information. These documents are provided to all new employees and are required to be signed prior to the employee’s start date. All employees are also required to sign an acknowledgement form that they received and agree to follow the code of conduct and confidentiality agreement.

  • External Audits


Vanta has undergone a SOC 2 Type 2 audit that includes the Security and Processing Integrity Trust Service Criteria. To obtain a copy of our report, please reach out to your Customer Account Manager. 


  • Privacy 


Vanta has clearly defined how we collect, use and disclose customer information and the choices customers have about their information in the Vanta Privacy Policy. Vanta maintains detailed inventory of all information systems and the data that resides in each asset. Data is classified based on the nature of information and treated as such. Additionally, customer data is deleted upon request from the customer or following a service termination. 


You can find additional information on Vanta’s Privacy and Cookie Policies here


  • Incident Response

In the event of a security breach Vanta will promptly notify impacted users of any actual or suspected unauthorized access to their systems and data. Vanta has developed detailed response policies and associated procedures and a team is in place to respond to events and incidents.

Vanta automates compliance starting with SOC 2
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.