October 3, 2023

How does Vanta work? Top product questions about the Vanta Platform

Written by

Jared Dimond

SMB Account Executive

Amanda Mott

Senior Sales Engineer

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Getting compliant can be a time-consuming and tedious process when done manually. That’s why thousands of businesses use Vanta to automate up to 90% of the work needed to comply with security and privacy frameworks.

‍

Why do companies choose Vanta? They’re looking to unlock business growth and expand into new markets or larger accounts, streamline their compliance processes, and strengthen their security posture to earn trust with stakeholders.

‍

We recently hosted a demo of the Vanta Platform and answered some of the audience’s burning questions about security, compliance, and automation. Watch the recording to see Vanta in action and read the answers to the top nine questions below:

‍‍

1. What compliance frameworks does Vanta help with?

We support a variety of security and privacy frameworks, including SOC 2, ISO 27001, HIPAA, GDPR, and many more. See the full list of the out-of-the-box frameworks we offer or view our custom frameworks offering.

‍‍

2. What is the implementation process like with Vanta?

This is where we think our product maturity and experience in the market really shine.

‍

The platform will guide you through the implementation process by prompting you through each step — for example, it will ask you to add admins and integrate your systems. We offer more than 200 integrations for the most common business systems that organizations use. It will then guide you through which tests to run and which policies you’ll need to create

‍

In addition to the support of the platform, you’ll also have help from experts. We have a full support team of customer success managers, compliance experts, and technical support.

‍‍

3. Does Vanta have access to the sensitive data of your business?

Vanta uses read-only APIs to scan your infrastructure’s metadata to make sure you have the correct security controls and settings in place. The platform will only have access to your metadata and not your private data. To see how Vanta ensures its security posture, check out trust.vanta.com.

‍‍

4. Can you create custom integrations with Vanta?

Vanta supports custom integrations via our Private Integrations functionality. This leverages an API to enable you and your engineering team to create custom integrations to pull evidence from multiple, disparate sources. Private Integrations supports common evidence-request resources (such as MDM data, security awareness training, etc.), with more resources being supported each quarter.

‍

If you’d rather not build your own custom integration, 2023 is the year of Vanta integrations. At this point, we have more than 200 built-in integrations and counting.

‍

5. Where are the Vanta data centers located?

Vanta currently has data centers in the U.S. and the EU.

‍‍

6. Does Vanta’s API have write permissions to third-party apps?

The only write capability that Vanta has is to create tickets if you’ve granted the platform access to do that.

‍‍

7. What are the access control features for onboarding and offboarding?

Vanta can help you automate access reviews for any system or application that you integrate into the platform. The platform can give you a high-level overview of who has access, who the owners of each system are, and which accounts are available. Reviews can be assigned to specific owners and mapped back to an SLA, giving the owner a timeline to complete their review by. Lastly, If you have a system that is not integrated with Vanta, you can still manually upload access information into Vanta to conduct the access review.

‍

You can review access and determine whether an employee should retain access directly in the platform. Vanta will also flag accounts that it believes needs attention, such as if it detects that an employee has been terminated or changed groups. If you want to revoke someone’s access to a system, you can create a ticket directly from the Vanta platform to your ticketing platform. If you don’t use a ticketing platform, you can look at the access review log to see what changes are needed.

‍

Access is then mapped directly to the control set for your framework.

‍

8. What pre-mapping has Vanta already done? How do specific pieces of evidence correlate to multiple controls across frameworks?

Vanta will help you map all of your evidence into each of the security controls your business needs. The platform will automatically map your tests, documents, policies for any control to any framework that piece of evidence is relevant to. It will even map overlapping evidence for overlapping frameworks.

‍

For those with advanced experience with compliance, you can add custom controls to our OOTB controls and can remove controls that aren’t within scope.

‍‍

9. Can your Trust Center be private?

Yes, you can make your Trust Center private. Typically, most businesses will make the web page for their center public, but will require NDAs for specific confidential security documents. However, you can still make the page fully private if that works better for your business.

‍

Ready to see the Vanta Platform in action? Watch the full demo recording now.

‍

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail