Vanta
VantaExternal reviews
2,132 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive and Collaborative, But Task Overlap Can Be Confusing
What do you like best about the product?
Comprehensive, great layout and supporting in product guidance to ensure we resolve any issues/tasks at hand in the best way possible. It' s also easy to collaborate on. We use it almost on a daily basis as we received notifications and alerts. It has been easy to implement some of the feaures and roll it out to the org. Customer support has been great and we have a dedicated CSM that has supported us thrughout our journey.
What do you dislike about the product?
Sometimes confusing as many of the tasks form part of other lists, reports, charts, alerts and they are intertwined but in a confusing way.
What problems is the product solving and how is that benefiting you?
Before Vanta, ensuring ongoing SOC 2 compliance at Josef required manual tracking across multiple systems — cloud infrastructure, HR tools, access management, vulnerability management, and evidence collection. This created risks around:
Missed control evidence (e.g. proof of access reviews or change management processes)
Lack of real-time visibility into security posture
Time-consuming audits due to fragmented evidence and ad-hoc screenshots
Limited accountability across engineering and operations teams
Vanta centralises all of this by automatically monitoring controls and integrations (Google Workspace, AWS, Slack, GitHub, ClickUp, etc.), surfacing exceptions, and maintaining continuous audit readiness.
💡 How That Benefits Josef
Continuous compliance and audit readiness
Vanta automatically pulls and updates evidence daily, ensuring our SOC 2 controls remain in place year-round. This has removed the “scramble” before audit periods and simplified the annual audit cycle with Johanson Group.
Reduced manual workload
Instead of maintaining spreadsheets and screenshots, Vanta automatically checks controls like employee onboarding/offboarding, MFA enforcement, and change management. Our compliance and engineering teams can now focus on remediations, not evidence gathering.
Improved visibility and accountability
Dashboards show real-time compliance health across control families, which helps track ownership and identify gaps (e.g., missing device encryption, overdue risk assessments). It’s become the single source of truth for our audit posture.
Integrated risk and vulnerability tracking
With integrations to ClickUp and vulnerability management tools (like our Vanta Zap to auto-create tickets when new vulns are detected), we’ve automated follow-up on risk items and can demonstrate a complete remediation workflow.
Streamlined communication with auditors
During audits, most evidence can be shared directly from Vanta — audit requests are mapped to controls with attached evidence, reducing back-and-forth and cutting audit prep time significantly.
Missed control evidence (e.g. proof of access reviews or change management processes)
Lack of real-time visibility into security posture
Time-consuming audits due to fragmented evidence and ad-hoc screenshots
Limited accountability across engineering and operations teams
Vanta centralises all of this by automatically monitoring controls and integrations (Google Workspace, AWS, Slack, GitHub, ClickUp, etc.), surfacing exceptions, and maintaining continuous audit readiness.
💡 How That Benefits Josef
Continuous compliance and audit readiness
Vanta automatically pulls and updates evidence daily, ensuring our SOC 2 controls remain in place year-round. This has removed the “scramble” before audit periods and simplified the annual audit cycle with Johanson Group.
Reduced manual workload
Instead of maintaining spreadsheets and screenshots, Vanta automatically checks controls like employee onboarding/offboarding, MFA enforcement, and change management. Our compliance and engineering teams can now focus on remediations, not evidence gathering.
Improved visibility and accountability
Dashboards show real-time compliance health across control families, which helps track ownership and identify gaps (e.g., missing device encryption, overdue risk assessments). It’s become the single source of truth for our audit posture.
Integrated risk and vulnerability tracking
With integrations to ClickUp and vulnerability management tools (like our Vanta Zap to auto-create tickets when new vulns are detected), we’ve automated follow-up on risk items and can demonstrate a complete remediation workflow.
Streamlined communication with auditors
During audits, most evidence can be shared directly from Vanta — audit requests are mapped to controls with attached evidence, reducing back-and-forth and cutting audit prep time significantly.
Great AI and Automation, But Takes Time to Learn
What do you like best about the product?
The AI features, the UI is nice. I like the automation it provides.
What do you dislike about the product?
It can be clunky to figure out how to use.
What problems is the product solving and how is that benefiting you?
Speeds up review times during the sales cycles by providing the AI feature for the security questionnaires as well as a Trust Center to make it quicker and more accessible to customers. Some customers don't even send us a questionnaire because they can get the assurance level they need by using the Trust Center only.
Great for Onboarding, Offboarding Could Be More Flexible
What do you like best about the product?
The policies that are already built out in the system
What do you dislike about the product?
Offboarding an employee can be a little difficult because you have to wait for systems to talk to each other. it would be better if you could offboard someone manually as part of our termination checklist
What problems is the product solving and how is that benefiting you?
Vanta is helping us pass security audit tests from other companies because the policies are already built in and we can easily point to them when documents are being requested.
Helpful Templates, But Integration Sync Needs Improvement
What do you like best about the product?
Using the existing templates helps a lot in creating policies.
What do you dislike about the product?
There are times when the integration fails to update as expected. While I realize that syncing can require some time, there are occasions when it simply doesn't function properly.
What problems is the product solving and how is that benefiting you?
Defining the list of policies and tests is helpful because it allows us to create documentation that supports these policies. This process ensures that our documentation is aligned with the established policies, making it easier to maintain consistency and clarity.
Good self-serving platform for compliance needs
What do you like best about the product?
I like all the templates for policy and compliance documents that come with the platform and are easy to customize for the required use case.
I think the number of integrations of pretty good and the vendor analysis is good and has caught most of the vendors we have.
The amount of tests and the remediation steps are helpful.
I think the number of integrations of pretty good and the vendor analysis is good and has caught most of the vendors we have.
The amount of tests and the remediation steps are helpful.
What do you dislike about the product?
The UI can be sometimes confusing and certain filters or controls are difficult to find sometimes.
What problems is the product solving and how is that benefiting you?
We're using Vanta to obtain our SOC2 certification. It has been helpful providing the required tests and controls for us to comply to.The integrations make easy to provide evidence and to analyze quickly the state of the systems we have to be monitored. The template documents have been helpful to shape the compliance policies we need to obtain the certification.
Seamless SOC 2 Compliance, Strong Integrations
What do you like best about the product?
I've been using Vanta for around one to two years primarily for SOC 2 compliance, and I am very impressed with the ease of setup. I was pleasantly surprised by how it seamlessly integrated with our infrastructure, making the process of getting SOC 2 certification as straightforward as possible. Vanta efficiently keeps our team on track to maintain SOC 2 compliance, effectively eliminating the need for someone within the team to constantly remind us of the necessary tasks. The system has all tasks pre-set, allowing me to see exactly what I need to accomplish without having to figure it out myself, which simplifies the compliance process significantly. The integrations, specifically with infrastructure providers like AWS and Google Cloud, are a standout feature for me, as they allow us to align our tests efficiently. Vanta excels in providing integrations and individualization that adapt to our setup needs. This level of integration is crucial for streamlining our SOX 2 certification process, which is a significant benefit for us.
What do you dislike about the product?
I've noticed some inconsistency among audits through Vanta. Initially, our audits were somewhat lenient, but the latest audit became extremely strict suddenly. This inconsistency, even with the same auditors, is problematic as it makes it challenging to predict the time needed for future audits, despite having Vanta streamline our processes.
What problems is the product solving and how is that benefiting you?
I find Vanta solves compliance tracking, ensuring our team stays on track with SOC 2 requirements efficiently.
Effortless Compliance Tracking and Clear Guidance with Vanta
What do you like best about the product?
I appreciate how easy Vanta is to use and how clearly it shows our progress in the compliance process. It makes it simple to identify which areas need improvement and lets me see precisely what needs to be addressed. The setup was uncomplicated, and connecting our services was a smooth process.
What do you dislike about the product?
It can be frustrating that certain features are only available with a more expensive subscription.
What problems is the product solving and how is that benefiting you?
Vanta has helped our very small team stay on top of compliance all year by highlighting what we need to focus on ahead of time. This makes it much easier for us to manage our responsibilities and remain compliant.
An excellent tool for security
What do you like best about the product?
Easy to use, provides tons of articles and support information on how to optimize for SOC2, integrates all our applications and streamlines complex workflows around security.
What do you dislike about the product?
Expensive, many features that aren't used still show up (can't remove unused functionality to simplify)
What problems is the product solving and how is that benefiting you?
Providing us a framework and support for SOC2 compliance
Effortless Compliance Automation and Seamless Integration
What do you like best about the product?
It automates compliance tasks, integrates well with key systems, and makes tracking audit readiness simple.
What do you dislike about the product?
Some integrations need fine-tuning, and reporting options could be more customizable. API integrations could be more reliable.
What problems is the product solving and how is that benefiting you?
It centralizes and automates our compliance efforts, reducing manual evidence collection and audit prep time. Continuous monitoring also improves visibility into security gaps and helps maintain readiness year-round.
Effortless Compliance with Great Support, But Task Unfolding Can Be Surprising
What do you like best about the product?
I really enjoy how easy and clear Vanta makes everything, its straightforward to know what the next thing you need to do is. Just about everything is easy to integrate and implement and the customer support is ready to help you if you need it.
What do you dislike about the product?
The only thing I found a bit bothersome at times; but also I fully understand the reason behind it; was that completing some tasks added more tasks. I understand not wanting to show me that I have 500 things to do at the start. But I don't know if there is some way to convey that by completing task x you will add 5 more tasks without also giving me more anxiety about getting all the tasks complete simulataneously.
What problems is the product solving and how is that benefiting you?
Becoming SOC2 compliant in a straightforward way.
showing 51 - 60