Using Vanta as a tool for ongoing SOC 2 compliance.
What do you like best?
The best aspect of using Vanta is how integrates with current services being used (like Azure) and identifies the important steps/items to be addressed for ensuring a quality system in place for all policies and procedures.
In addition, the step by step walk-through related to 'fixing' any outstanding items identified. Also, the automated process of continual monitoring and notifications allow for a very rapid identification, process initiation, and resolution of issues.
What do you dislike?
Although Vanta integrates with some main services (like Azure, AWS, etc.), there are items related to the overall process and expectations of what the auditor will need that are not included within the Vanta app/system. Unfortunately, there is no assigned storage, or availability to link to 3rd party storage (like OneDrive, FTP, etc.) for those additional items to be easily shared with an Auditor.
Recommendations to others considering the product:
The personal interaction and support is exceptional. Any and all questions are welcome and all aspects of using the tool are assisted with as needed. Your assigned support will happily schedule weekly meeting to review all progress, and emails sent between meetings are responded to promptly.
What problems are you solving with the product? What benefits have you realized?
We are using the Vanta tool to solve all our requirements to be SOC 2 compliant; not only as a one time snap shot, but an ongoing endeavor. This concept of continuous monitoring and notification for immediate fixes of issues and all related data being captured and avialble for an auditor streamlines the annual SOC 2 audit process which is expected to greatly reduce future time spent in preparations; as well as incurring a reduced price from the auditor for having access to a tool which shortens their required time and effort in gathering data for the final report.
Utilizing the supplied templates for policies allow for a very comprehensive policy creation and ensures that even the average individual with little technical writing skills can still achieve quality and thorough policies.
