Vanta Reviews & Product Details

I use Vanta for framework and audit management, access management, vendor management, and risk management. I find it really underpins everything for us. It centralizes compliance and helps us be continuously audit-ready, which is amazing for audit management. Working with auditors familiar with Vanta makes it so much easier. It has reduced the need for additional evidence during audits, which is helpful since the Infosec team is primarily just myself. The Slack integrations are fantastic; it makes it easier for employees to submit access requests through Slack rather than completing bulky Jira forms. The Trust Centre is another feature I love because it reduces the amount of security questions I have to answer, allowing me to direct people there instead. Access management is great as well, as I can integrate multiple systems and ensure we don't miss any access issues. The detailed test framework is incredibly useful for audits, ensuring we submit comprehensive evidence without needing to input a ton more during audits. Review collected by and hosted on G2.com.

It would be great if custom fields could be available in access requests - I just want to have a field that allows people to select the environment for some tools they request access for. Mostly it is fine as they just use the standard field, but it would be a great addition for us. It would also be good if some of the integrations for third parties were more detailed than just access management. Review collected by and hosted on G2.com.

I use Vanta for ISO compliance, and it really helps by automating all the checks, controls, and the process so we can proactively ensure compliance. I love the integrations; the more it integrates, the more automated things become. The Google integration helps us track all vendors, and the GitHub integration ensures we're developing in a compliant way. We also have a Vanta MCP connection that works amazingly. The initial setup was super easy, which I definitely appreciate. Review collected by and hosted on G2.com.

There are so many extra paid parts of the application, sometimes it is hard to understand what is in our package and what is not. An example is the trust center, which we don't have in our package. It looks like we have it, I can open the page and see everything, but I'm not sure if it is public or not. When I check the access control page, then I see 'please talk to sales'. Review collected by and hosted on G2.com.

I like Vanta for its easy UI/UX, which I find simple to understand and helps me stay organized. The Slack alerts during audit windows are helpful as they notify me when something becomes non-compliant, making it easy to fix issues promptly. I also appreciate the support for lots of third-party integrations, which reduces the amount of work I have to do. Review collected by and hosted on G2.com.

I don't like the customer success team. I'm unsure who our account manager is and how to contact them. It seems like we're always getting emails from different people, and it's hard to keep track of. Plus, they only email us to try and get us to use or buy new features. Review collected by and hosted on G2.com.

I use Vanta for compliance, asset and vendor tracking, and access tracking. It's very helpful when it comes to audits. I know the Infosec team loves using it. I really like that I can see all the different vendors we use at the company, who the vendor owners are, and the ability to audit access in case we have ex-employees still having access. The whole UI and navigating Vanta is super easy. The initial setup of Vanta was very easy. I also like that we use it alongside Okta, as our SSO, and Vanta pulls information from Okta. Review collected by and hosted on G2.com.

None that I can think of. Review collected by and hosted on G2.com.

The automation engine is far more proactive than I expected. Instead of just flagging a missing policy, it monitors our actual AWS and GitHub configuration in real-time, catching drift the moment it happens. I particularly appreciate the "Trust Center" feature, which allows us to share our security posture with prospective via a clean URL rather than a messy ZIP file of PDFs. Review collected by and hosted on G2.com.

Its not a major issues but it sometime feels, The initial mapping of custom control can be a bit rigid if your company doesn't fit the standard startup mold. While the automation is excellent, troubleshooting why a specific test failed sometimes feels like a scavenger hunt through different menus. Review collected by and hosted on G2.com.

The best part about Vanta is how it takes the daunting SOC 2 Type II readiness process and makes it seamless. Its so helpful to have our systems integrated with Vanta for evidence collection and ongoing monitoring of controls. We have also found a ton of value in managing our policies in Vanta and using Vanta's pre-made trainings for our employees. Additionally, Vanta's questionnaire automation feature has saved us countless hours. Review collected by and hosted on G2.com.

One area that could improve is the questionnaire automation for complex Excel sheets or questionnaires that we aren't able to export out of existing systems. Sometimes the Excel sheets that have multiple tabs or drop downs with unique answer choices are harder to automate and map the appropriate fields. Review collected by and hosted on G2.com.

Vanta has the best UI/UX in the industry, along with one of the most comprehensive sets of controls (or “tests”) that are mapped correctly to the relevant frameworks. In my experience (we’re a service provider), other GRC tools often add too many unnecessary controls that don’t actually map cleanly to SOC 2, ISO 27001, HIPAA, GDPR, etc. That ends up wasting time for the company using the tool, especially when they’re trying to get compliant with the specific framework they’re targeting.

Vanta also has the best integrations in the industry. They’re custom-built, as opposed to most of the other major GRC tools that decided to use Leen (a great company, but a very different experience). Their pricing is on par with the value they deliver. Review collected by and hosted on G2.com.

The company removed partners’ ability to get accurate quotes directly from the site and now requires us to go through a person to figure out what to quote customers. This has added significant time (usually waiting time) to our proposal process. Other than that, there isn’t anything else I dislike. Review collected by and hosted on G2.com.

I really appreciate Vanta's simplicity and its simple user interface. It has helpful reminders, diligently prompting us when we need to update policies, documents, and track changes. I like that I don't have to manually check up on documentation, as Vanta sends me reminders for when a policy or document is approaching its renewal period. This allows me to renew it before it expires. The initial setup of Vanta was easy, and it integrates well with lots of our tools like AWS, GitHub, and Jira, which is great. Review collected by and hosted on G2.com.

I would say the only thing is maybe the revisions. Being able to manage the revisions of the documents. I wish some of the things like version control were a little more automated. And it could be just because I have older documents that haven't been updated to the new experience in Vanta, but having to remember to update certain dates manually is less than ideal. Review collected by and hosted on G2.com.

I think Vanta provides a comprehensive UI and UX experience that clearly shows how well we comply with different frameworks. It integrates the auditing framework in a way that feels streamlined and easy to follow. Vanta also guides us through setting up regulatory controls by offering remedies and instructions on how to meet the requirements. Overall, these features make it much more accessible to manage compliance frameworks. Review collected by and hosted on G2.com.

I think the integration experience could be improved. The integrations do work, but I’ve had trouble getting them up and running. Even though the product shows you what you should be doing, once you hit an error you can feel a bit stuck. Customer support will work with you and they’re quite comprehensive, so you’re not truly left to your own devices, but it’s still easy to get hung up on certain integrations.

Also, I feel like ISO 9001 is more of an afterthought and not really a focus compared with more IT-regulated frameworks like SOC 2 or ISO 27001. The initial setup was fairly easy, but it still isn’t finished on our side. If you’re a company with an array of SaaS tools and you need to integrate each and every one of them, no one is really going to sit with you for a full day to run through all those integrations. In my experience, the onboarding isn’t necessarily very structured, and that’s where things can slow down. Review collected by and hosted on G2.com.

Super easy to use and configure the proper process for SOC 2 compliance. We use it extensively with our external audit team and have been able to go to a 12 month observation with ease for the past few years.

We were able to integrate and automate task into Jira tickets for engineering team members to resolve in a timely SLA.

We're on their old pricing plan which makes it a bit more economical for us and we thankfully have not seen significant increases. Review collected by and hosted on G2.com.

It's not super clear what my old pricing gets me and there's definitely some hesitancy in engaging with the customer team to be up sold or change plans to something that's more expensive and not more value. Review collected by and hosted on G2.com.