A dashboard with a purple background and a number of apps on it.

July 13, 2023

How Vanta combines automation & customization to supercharge your GRC program

Written by

Brian Retson

Product Marketing

Ranna Zendon

Product Management

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

As the industry’s first automated compliance platform, Vanta includes a wealth of pre-built content, which enables customers without existing compliance processes to quickly get up and running.

‍

But more mature organizations may already have a compliance program — from the processes they follow to the definitions of their compliance and security surface area — that is built to meet their unique compliance goals, auditor requirements, and tech stack. Rather than a prescriptive approach and guidance, these companies require advanced GRC capabilities and flexibility from their trust management solution.

‍

Meeting these requirements while enabling automation is challenging and requires significant investment on the part of the software vendor. That’s why businesses with established GRC programs have been underserved to date, typically being forced to choose between compliance software that is either too rigid or doesn’t provide sufficient automation.

‍

Fortunately, Vanta offers maturing businesses a third option: Everything they need — including advanced functionality and the ability to customize and configure the product as required — along with best-in-class automation and efficiency.

‍

A screen shot of a web page showing a list of items. — *Vanta lets you customize risk scenario scoring dimensions*

‍

Customizing your experience in the Vanta platform

‍

As your business becomes more complex, there are many reasons why you’ll need flexibility from your compliance software. You may want to “bring your own content” that you’ve invested in. Or perhaps you want to manage your security and compliance in a way that accurately reflects how your company is set up, whether it’s your corporate structure, unique terminology, or some other variable. The bottom line is that your requirements, processes, business goals, and organizational setup are unique to you, and you need flexible technology to fully support them.

‍

Vanta’s best-of-all-worlds approach gives you options to meet those unique needs. You can choose between bringing your own content, leveraging pre-built content based on industry standards and best practices, or customizing the pre-built content. And best of all, regardless of which path you choose, you gain access to the breadth of capabilities that set Vanta apart as a true trust management platform.

‍

Let’s take a deeper look at how Vanta provides flexibility and enables customization.

‍

Capability	How Vanta can be customized
Frameworks	With custom frameworks, you have the ultimate flexibility to create frameworks to support any use case, whether it’s a less common framework that your customer is asking you to adhere to or a framework you build to support internal compliance initiatives.
Controls	With custom notes for controls to allow for better collaboration and understanding among teams.
Multiple business units	Companies with multiple business units can use Vanta Workspaces to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account.
Policies	If you don’t want to use Vanta’s security policy templates, you can create your own custom policies, including underlying standards and procedures. When you create a new policy, Vanta will automatically create policy tests to monitor that policies are revised and approved annually and to ensure that each approved version is accepted by all relevant employees.
Evidence/Documents	Vanta automates as much of the evidence gathering as possible, but there are some non-technical requirements that can’t be automated. For those scenarios, you have the ability to add custom evidence. When adding custom evidence, you will be prompted to link the document to any relevant controls.
Risk management	With Risk Management customization, you can easily add your own risk scenarios and customize attributes, risk scoring dimensions, and score groups. You can also add custom fields to your risk register to ensure that all risk scenarios can be managed in a single, centralized place
Access reviews	Access Reviews eliminates costly manual reviews and leverages pre-built integrations and remediation management to ensure that only the right employees have the right access to the right systems.
Vendor risk management	Vendor Risk Management lets you track vendor security in a single place with the ability to automate vendor discovery, risk assessment, and remediation. Includes a configurable risk rubric to automatically apply risk levels to all your vendors.
Integrations	Vanta offers pre-built integrations for over 150 commonly used software vendors, with more being released on a weekly basis. If needed, you can configure the scope of your integration to exclude some items (for example, an item that is not used in a production environment). Vanta also supports bulk tagging to streamline integration scoping.
APIs	For advanced organizations that want to programmatically automate Vanta workflows or create external reports, we offer an API for customers. It enables a wide range of automated actions including uploading and downloading evidence, scoping account and inventory resources, obtaining test results, and more.
Employee management (on/offboarding checklists, employee groups)	Documented and enforced employee management processes are essential for security and compliance. Vanta enables you to create custom checklists for employee onboarding, ongoing, and offboarding tasks based on department or group to ensure that employees are following processes that are relevant for them. You can also add or create custom tasks for the checklist.
Security questionnaire response	Security questionnaires are an area where you can differentiate yourself from the competition, but answering questionnaires takes time and effort. Questionnaire Automation uses AI-powered automation to scan your prior questionnaires and deep-searches your security policies to build a library of high-confidence Q&A pairs in a way that is truly unique to your company.
Public demonstration of security and compliance	Strong security practices can be used as a proof point of your trustworthiness in sales cycles. Vanta Trust Reports let you build a company-branded, highly customized Trust Report once and use it multiple times to answer commonly asked security questions.

‍

*Customize Vendor Risk Management with a configurable risk rubric to apply to vendors*

‍

By pairing deep automation with the flexibility and customizability to meet the unique needs of larger, more complex businesses, Vanta gives you must-have — not just nice-to-have — capabilities to enable your company’s future success.

‍

Want to learn more or see a live demo? Contact us today.

‍

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail