Vanta Reviews & Product Details

I like Vanta because it helps me with two main things: our enterprise risk management program and our annual SOC two audit. It's really helpful for serving as part of my enterprise risk management process, having a risk register, and providing a central repository for all the risks. It serves perfectly for IT control purposes, especially for SOC two, where it's integrated with our external auditor who can easily access it to view control tests and submit or pull documentation automatically. I also find it easy to track our annual risks and risk assessments, and to manage risk mitigation plans and corrective actions with management to ensure they are completed by their implementation due dates. The initial setup was a very easy process with no issues. Review collected by and hosted on G2.com.

The thing that can be improved has to do with the risk register or the central repository and all the tracking for the risk mitigation plans. Right now, I'm utilizing the notes section for each of the identified risks, and this part is manual. You have to enter updates manually, and there's concern about somebody overriding the previous update without entering a new note. So things like that could be improved. Review collected by and hosted on G2.com.

I like Vanta for its compliance standards, especially their correctness to these standards. It makes it easy to check any control or evidence required for compliance, and helps resolve vulnerabilities and core changes. Vanta is valuable for integrating with our vendors and maintaining our repository and access controls. Review collected by and hosted on G2.com.

I think they could improve Vanta by integrating AI features. It would be helpful if the evidence collected could be tested on the vendor without needing an auditor or third party. This would give us better visibility and understanding of the uploads. Also, the initial setup was pretty hard, although we had vendor support. Now it's easier, but it was a bit challenging initially to know how Vanta is useful and how to use it effectively. Review collected by and hosted on G2.com.

I really appreciate that Vanta acts as a one-stop location for our trust center, process tasks, to-do list, systems, users, and training—all being centralized in one place is a life saver for managing ISO and soon SOC2. The ability to centralize documentation, tests, evidence, and templates needed for the ISO process while directly connecting most of our systems to the platform is incredibly helpful. The integration with a lot of other tools is also a major advantage, as it brings core processes together into a single system, saving us a lot of time and making various tasks visible that would otherwise demand significant resources for reporting. Review collected by and hosted on G2.com.

Their document editing/view/exporting system is kind of terrible. The docs lose all structure when exported and sometimes you just need to get a list in a spreadsheet to do rapid edits. Their table feature in doc is missing simple things like insert X rows, instead it's row by row. The AI is sometimes kind of dumb although it's getting better. Their in house training courses are a bit old and they could do with adding more / updating. The filtering on table views in various places is also hot garbage. Columns you would need to sort and filter are fixed. Honestly it's just bizarre. Going through the ISO docs cold with no training was very confusing and not trivial, we didn't have any experience of the standard. Training would have been helpful. Review collected by and hosted on G2.com.

I use Vanta for SOC 2 compliance and it maintains all the documentation required for SOC 2 audits, like vendor reviews, in a neat and tidy process. I like the risk management features as well. Vanta's ease of use is something I really appreciate, with everything collected in one place, making audits so much simpler and quicker. Having the ability to flag failing tests throughout the year is also a huge help, as it saves us a lot of work correcting issues later. Review collected by and hosted on G2.com.

It can be a little bit hard to find the features. I feel like maybe the top-level naming could be clearer. Some of the drop-downs and things don't have tooltips that would make them a lot easier to navigate. For example, when you're doing a review of a vendor, there's something called a security owner and a business owner. I actually don't know what those mean, so I just kind of guessed. Adding more tooltips with explanations like, 'hey, this is required' or 'why this is required' would be very helpful. Trying to find things in documentation or trying to figure it out with an AI is kind of painful, and I would prefer not to have to do that. Review collected by and hosted on G2.com.

I appreciate Vanta for its ease of use and the fact that it's very intuitive, even for beginners in compliance tooling. The trust center is easy to manage and presents a clean, professional image, important during our sales cycle. I find significant time savings with the automation of security questionnaires, which drastically speeds up the sales cycle process. The employee onboarding is much simpler and integrates well with our major systems, allowing us to see their controls and vulnerabilities in one place. The AI-based population of security questionnaires based on our policies and controls is a huge time saver. Working with the Vanta team has been an absolute joy, their customer success manager helped us get up and running smoothly, and I find the platform's consistent release of new features impressive. Review collected by and hosted on G2.com.

I have nothing bad to say about Vanta. Their technology and people have been nothing short of a blessing to our company. Review collected by and hosted on G2.com.

I like that Vanta integrates well with stuff like Slack, making it easier to use alongside the tools I'm already using. I also appreciate its relatively clean layout, which helps me understand what I need to do more clearly. Plus, I like that Vanta figures out the compliance requirements for me, so I'm not combing through tons of documentation to work out what needs to be done to stay compliant. Review collected by and hosted on G2.com.

It's got a kind of confusing user interface. Like, I feel like it's somewhat challenging to navigate sometimes. And it breaks things down into controls and tests and documents and whatever. I kind of don't get it. I would just like for there to be a big section that's like, here's what you have to do. Sometimes it feels like I'm hunting through random corners to find the things that I have to do to be compliant. Review collected by and hosted on G2.com.

I have been working with Vanta for approximately three months, primarily managing Engineering and IT policies. Overall, my experience has been very positive.

Vanta is very intuitive and user friendly. The interface is clean and makes navigating through policies and compliance tasks straightforward.

I interact with Vanta on a regular basis, as it is central to maintaining compliance and monitoring policy adherence across our teams.

The integration with Azure was smooth and straightforward. It allows our workflows to stay cohesive across platforms, which is essential for our team’s productivity.

Overall, Vanta has been a valuable tool for managing compliance and IT policies, offering a combination of usability, features, and support that make it a reliable choice for our team. Review collected by and hosted on G2.com.

Although the customer support team has been responsive and helpful whenever I had questions or needed guidance, resolving certain issues required several back-and-forth emails. This was the case, for example, when I contacted them about a remediation policy that was not updating as expected. Review collected by and hosted on G2.com.

I like how Vanta is efficient to navigate back and forth. I also appreciate the feature that allows integration with multiple applications and core systems of companies, which helps in checking most of the security tasks required, like quarterly or annually. This really helps in making sure that the compliance program is proactively being worked on. The initial setup was super easy, and it makes everything related to compliance much more manageable for my team. Review collected by and hosted on G2.com.

I think there's just a few bugs. In my experience, it's just one bug that I've encountered so far. It was the adding of the subprocessors in the trust center and removing a vendor does not have any sort of mechanism to prompt the user or an admin that by removing your vendor, it would also remove the subprocess in the trust center. Review collected by and hosted on G2.com.

I like Vanta's integration with our core infrastructure like AWS and MongoDB Atlas, keeping our infrastructure configuration aligned with security objectives and compliance policies. They have great automated tests and their document templates are really helpful. I also love the way they present all evidence neatly to auditors, making audits a breeze. The initial setup was super easy, and their partner Cognisys helped us get certified from scratch in just six weeks. Every integration comes with a very clear onboarding guide that makes getting started straightforward. Review collected by and hosted on G2.com.

The integration with GitLab does not detect merging rules defined on repository groups. We have a common group-based security policy for merging rules, but Vanta only detects the rules on a specific repository. This leads to false positive flags indicating that some repos don't have the four eyes principle enforced. Review collected by and hosted on G2.com.

I really like that Vanta integrates into all our systems and gives us a holistic overview of everything going on in the company. It's like having a huge checklist that shows us how compliant we are right now and what we need to work on. The automation of tests and the way it shows what we can and need to do is really helpful. The initial setup was pretty easy too. Review collected by and hosted on G2.com.

I think it's sometimes the policies and the tests are suited for companies that are maybe from a larger size. And we as a startup, sometimes had struggles to kinda adopt those policies, tests, and the things towards something that makes sense and is reasonable to what's our size. Review collected by and hosted on G2.com.