July 17, 2025

Supercharging Vendor Risk Management: Vanta acquires Riskey

Written by

Christina Cacioppo

CEO & Founder

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product.

‍

Managing vendor risk is more important than ever. 45% of organizations have seen an increase in business interruptions due to third-party cybersecurity incidents¹, and the number of vendors each company relies on grows about 9% every year². It’s no surprise then that IT teams are now spending over six hours a week just reviewing vendor risk.³

‍

Traditionally, vendor risk programs used point-in-time assessments, like questionnaires, or outside-in scores to vet vendors. Questionnaires provide momentary snapshots at best, and they are only as accurate as the vendor’s attestation. Outside-in scores can be opaque, gamed, and many GRC professionals we’ve spoken to find them unreliable. Besides, risks evolve rapidly, independent of the timing of an annual audit or documentation refresh.

‍

Riskey built industry-leading third- and fourth-party risk monitoring for vulnerabilities, breaches, misconfigurations, leaked credentials, and subprocessors. Their AI scoring model dynamically categorizes findings, reducing noise and driving focus.

‍

We’ve already integrated Riskey’s technology into Vanta’s Vendor Risk Management product, allowing customers to compliment their existing first party reviews with third party signals. This has unlocked continuous vendor risk monitoring that allows teams to identify threats proactively and take action, protecting key company assets.

‍

“Vanta's vendor risk monitoring is a great platform for both our CISO and CIO, especially when validating vendors during onboarding as well as continuous vulnerability assessments."

— Itay Yefet, CIO, Liberty Latin America

‍

‍

Vendor risk monitoring in Vanta will help businesses:

‍

Run comprehensive risk assessments that combine first-party security reviews and third- and fourth-party continuous monitoring
Accelerate security reviews with automatically-collected vendor documentation and Riskey's risk attributes
Monitor, alert, triage, and respond to shifting vendor risk with continuous, always-on monitoring and actionable next steps
Evaluate a company’s risk profile intelligently with AI-powered insights and prioritization

‍

“The pain in the current vendor risk market is deep and profound. Plugging Riskey’s monitoring technology into Vanta’s VRM offering is an absolute game changer. We’re incredibly excited to join this team and bring even more value to customers, together.”

– Koren Molcho, Co-founder at Riskey

‍

Vanta customers can access the new continuous vendor risk monitoring by reaching out to their account team. If you’re interested in seeing a demo or trying out Vanta VRM, we’d love to hear from you!

Learn more about VRM

‍

Sources:

1. Gartner®, Optimize Use of Certifications and Attestations for Third-Party Security Review, Pedro Pablo Perea de Duenas, Alicia Booker-Carney, 9 January 2025

2. Okta Businesses at Work 2025

3. Vanta State of Trust Report 2024.

‍

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail