Policy creation and management. Toons of integration and automated tests. Very cool integrated vulnerability management.

Risk management can be more flexible. We started the new approach to risk assessment and can’t use internal risk management instrument so we made it in excel :-)

Very good. We have been able to formalize our internal security programs and successfully completed our SOC2 audit. The Vanta team has always been very responsive to our needs, soliciting feedback and promptly answering questions (no matter how basic) and guiding is in the right direction.

We love that Vanta has made it easy for us to develop a comprehensive InfoSec program and helped us prepare for our SOC2 audit. Onboarding was straightforward and the continuous monitoring ensures ongoing compliance. The product integrates with most of the software we use day-to-day and has saved a lot of time.

There are some areas of the UI which are a bit rough around the edges and non-intuitive, I chalk this up to Vanta being a relatively new product. It has improved a lot since we became a customer and specific areas such as the employees onboarding/off-boarding flows show that the team is constantly iterating and responsive to user feedback. In addition, I would love to see more automation in the product - we are a smaller company without a dedicated IT team. Vanta does a great job of alerting us to issues, but being able to help us take steps to remediate would be much appreciated.

This business charged my card for a second year without permission and after being told I would not renew. They took thousands of dollars. I needed to do a chargeback after they refused to return the money even though I notified them same day they were previously told I would not renew. It turns out they have a clause in their contact that says you need to notify them 30 days in advance of renewal. Well, guess what? I did! Still, it's a stupid clause that they use, clearly, to force clients to renew who don't realize such a clause exists. Buyer beware with this shady organization. I wouldn't recommend them to anyone, except maybe someone I didn't like.

The software seemed easy to use - at first, until some of my documents disappeared without explanation.

They lost documents, and weren't able to explain to me satisfactorily where they went. This caused me to question renewal. I notified them I wouldn't renew without a good explanation, which I never got. Also, they make very difficult to reach them when you have a problem. At the time of this writing, no phone numbers in any email signatures, not on the web site either. You're forced into their process, and if they choose not to answer you via their web form, good luck. It's a black box at that point.

We needed to get SOC 2 audit ready and were only progressing slowly with the manual approach. As it turned out that manual preamble was useful because when we started using Vanta, we understood the terminology and understood what was wanted.

Vanta enabled us to move our compliance (SOC 2, and next PCI) projects forward in an organized and monitored manner. After struggling manually with SOC 2 requirements with a major accounting firm, we got to audit readiness in half a year and felt confident going into our audit.

There is definitely a learning curve, and I am sure the system has useful features that I have not encountered yet. That is not really a negative, though.

We needed to get a SOC2 audit completed quickly to satisfy a customer need. Most "traditional" audit shops told us it would take 12 - 15 months. With the automation features, customer support, and auditor integration, we were done end-to-end (from signing up with Vanta to receiving our SOC2 report) in just over 5 months. Very smooth process from beginning to end - went almost exactly as advertised during the sales process - that's rare and unexpected these days.

User interface was intuitive - provided a clear "checklist" approach for actions to take and problems to resolve. Vanta Agent (for our laptops and (virtual) servers at AWS) is very useful to ensure continuous oversight of what's on the machine and when it needs to be updated. Working with our auditor to get our first SOC2 was also seamless and painless - the auditor plugged right into our Vanta instance and downloaded/monitored everything remotely - no need for screen shots or sending lots of documentation.

Would have been nice to have more integrations with some of our existing tools (monday.com, AWS Code Commit, etc.) to make the process even more automated. The automated policy generator is nice for filling holes in an existing policy suite, but isn't great if you have to make a lot of customizations to it as the "automated" part breaks down once you edit it offline. Two minor things in an overall great experience.