Overview
Product Information on Vanta
What is Vanta?
Vanta Pricing
Vanta Product Images
Overall experience with Vanta
“Fast, clear, measurable path to security baselines and continuous compliance management”
“Vanta is a useful product, but still immature with limitations (e.g. risk management)”
About Company
Company Description
Vanta is an AI trust management platform that helps organizations manage trust, risk, and compliance programs within a single system. The platform supports fast audit readiness and ongoing compliance across more than 35 frameworks, including SOC 2, ISO 27001, HIPAA, and others. Vanta uses AI and automation to streamline evidence collection, continuous monitoring, security reviews, and vendor risk management for companies of all sizes.
Company Details
Do You Manage Peer Insights at Vanta?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Vanta
Performance of Vanta Across Market Features
Vanta Likes & Dislikes
Workspaces (exactly what we needed). Remediation instructions (a true differentiator, over competitors) Vendor Management (closed a gap, strong early use case of AI)
The tool is well structured to organise your security program between various frameworks. The AI tooling so far is also useful, and the trust centre feature is also nice to have.
Auditability, efficiencies, and integrations for continuous control monitoring.
User Access Reviews has promise, but disappoints at present. Need help making it work for us
The risk management module has a number of immaturities and limitations. For example, current risk (where you are today) is automatically calculated by Vanta and it is not possible to produce this score yourself. It's a very basic calculation method, where the risk score goes from the inherent to residual score only once all assigned controls are passing. It goes from 'zero to hero' just like that, which is often not an accurate reflection of your real, current risk score. It cannot take into account control effectiveness, or the difference between compliant vs secure.
There are a lot of gaps with reporting from automated tests. For example, we have continuous monitoring for all the ISO27001/SOC2 controls for the cloud, but currently you can only view by the overall tests, and not pull reports by which associated products/subscriptions are failing the most overall. You only see the overall control failure.
Top Vanta Alternatives
Peer Discussions
Vanta Reviews and Ratings
- VP, IT Security and Risk Management50M-1B USDSoftwareReview Source
Vanta is a useful product, but still immature with limitations (e.g. risk management)
Vanta has a product with good potential - overall, there are definitely some benefits to implementing it. That said, there are still some notable immaturities and shortfalls in the product (some of which may seem surprising for a fully fledged GRC tool). It is certainly not (in my opinion) the absolute gamechanger that it is advertised/sold as, but if you review the product carefully against your needs and understand its limitations (and achieve an appropriate price) then it can still be a valuable tool. The support has been reasonably good overall. The initial pricing and early negotiations were extremely inflated, but after some hard pushing, we arrived at a more reasonable price point. - Chief Information Security Officer<50M USDSoftwareReview Source
Fast, clear, measurable path to security baselines and continuous compliance management
Great product, excellent support from both the sales & success teams. I have a huge, short-interval challenge, and Vanta met me where I was -- lots of 'over-and-above' help, and reasonableness in negoitations. Got what I paid for, and then some. - Manager, IT Security and Risk Management50M-1B USDSoftwareReview Source
Robust Auditability and Control Monitoring Hindered by Reporting Gaps in Platform
This is the best GRC platform I have come across yet in my 11 years in the industry. There are still a lot of improvements to be had with reporting and the VRM module but overall the integrations for continuous control monitoring are a great value add to the business. - CISO50M-1B USDServices (non-Government)Review Source
A big time saver
We got Vanta to organise our ISO 27001 framework controls, to help us get going with Vendor Risk Management as well as automate answers to security questionnaires. All this worked well. However, the controls automation integrations are limited to the big players and so if you have something more bespoke or on-premises the integration is to either manually upload or work with Vanta API which doesn’t fully cover the UI functionality. - Site Reliability Engineer50M-1B USDIT ServicesReview Source
Comprehensive Test Coverage and Customizable Tasks Highlighted in Overall Usage Experience
Product largely works as advertised, and the technical support was excellent.