✅ Feature availability: While the Risks page is included on all plans, Advanced Risk Management features are only available as an upgrade or add-on. Refer to Vanta Plans and Pricing for details.
Risk Management provides multiple ways to capture, analyze, and share your risk posture. Use snapshots to preserve a point-in-time view of your risk register, generate risk assessment reports to share structured summaries, and use risk reports to monitor trends and communicate insights over time.
⚙️ User permissions: Admins and Editors can view and manage risk snapshots, risk assessment reports, and risk reports. Collaborators can only view or generate risk assessment reports for specific registers they can access as a Viewer or Manager. Refer to Understanding User Roles and Permissions in Vanta for details.
Getting started
Vanta provides four primary ways to view and share risk data, each designed for a different use case:
Report | What it’s for | What it provides |
Monitoring current risk posture | Real-time view of your risk distribution across all scenarios | |
Audit evidence and point-in-time records | A fixed snapshot of approved risk scenarios at a specific moment in time, preserving historical state for audits | |
Formal reporting and exports | A structured, exportable report (PDF) summarizing risk scenarios, scores, and key details for a given register | |
Ongoing analysis and stakeholder communication | Customizable charts and dashboards to track trends, compare data, and communicate insights over time |
ℹ️ Note: Archived risk scenarios are excluded from snapshots and reports.
Risk overview
The Overview page shows how your risk scenarios are distributed based on inherent or residual risk scores.
Chart | Description |
Current risk | Distribution of risk scenarios based on current risk from your risk assessments. Uses residual risk if treatment is complete, or inherent risk if treatment is incomplete. |
Residual risk | Distribution of risk scenarios based on residual risk, regardless of risk assessment status. |
On some plans, the Overview page includes additional charts for deeper analysis—these charts are powered by the default risk report.
Risk snapshots
A snapshot captures your risk scenarios at a specific moment so you can track changes over time and share a fixed view with auditors. It does not update after it’s created.
Creating snapshots
Creating snapshots
The snapshot captures the selected scenarios and their current data.
To create a snapshot:
From the Risks page, click the ••menu and select View snapshots.
Click Create a snapshot.
If your plan includes multiple risk registers, choose whether to include risk scenarios from a specific register, all registers, or enterprise risks.
If your plan includes one risk register, you won’t see these options.
Choose which scenarios to include:
Only include approved risk scenarios, meaning completed risk assessments.
Include all risk scenarios, including risk assessments in progress.
Select whether an auditor can view this snapshot.
You can edit this selection after the snapshot is created.
Viewing and managing snapshots
Viewing and managing snapshots
Snapshots are stored in an archive and remain available as historical records.
To view snapshots:
Go to the Risks page
Click the ••menu.
Select View snapshots.
From the Snapshots page, you can:
View all snapshots by capture date, register, and visibility
Open a snapshot to view, download, or delete the snapshot
Manage which snapshots are shared with auditors
Sharing snapshots with auditors
Sharing snapshots with auditors
Snapshots can be shared with auditors to provide a fixed, read-only view of your risk posture.
When sharing is on: The snapshot is visible in the auditor’s audit portal, as long as it falls within the audit’s observation window.
When sharing is off: The snapshot is only visible to Admins and Editors in your workspace.
ℹ️ Note: Auditors only see snapshots that are shared and created within the audit’s observation window. Snapshots outside that window won’t appear unless the window is updated.
Example snapshot
Example snapshot
Risk assessment reports
A risk assessment report is an exportable PDF of your risk scenarios, used to share your current risk posture with auditors and stakeholders. The report includes a breakdown of current and residual risk, a snapshot of your risk scenarios, and your risk scoring framework.
Creating risk assessment reports
Creating risk assessment reports
To create a risk assessment report:
From the Risks page, open a risk register.
Depending on your plan, generate a report from one of two places:
From the Share menu, click Generate assessment report.
From the ••• menu, click Generate report.
Click the Export button to download the report as a PDF.
💡 Tip: If your plan includes multiple risk registers, you can include data across all your risk registers. From the Risks page, click the grey card to Generate a risk scenarios assessment report.
Sharing risk assessment reports
Sharing risk assessment reports
After generating a report, export it as a PDF to share. Reports capture your data at a specific moment and don’t refresh. They’re not stored in your account, so you’ll need to generate and export a new report each time—there’s no saved history like snapshots.
Example risk assessment report
Example risk assessment report
Risk reports
Risk reports are customizable dashboards found on the Reports page. They include charts like risk trends, risk distributions, treatment status, control status, and category breakdowns, and can be filtered and rearranged to fit your needs. If available on your plan, the default Risk report also powers the charts shown on the Overview page.
Editing the default report
Editing the default report
You can edit the default Risk report to control which charts display on the Overview page, as well as apply default filters.
To edit the default report:
From your account navigation, go to the Reports page.
Open the Risk report.
From the ••menu, click ✎ Edit.
Use the filters at the top of the report to choose the default filters that display. People viewing the report can still change these filters, but if they refresh the page, the filters go back to default.
Use the toggle at the top of each chart to control visibility. If you turn off a chart here, it can’t be viewed by people viewing the report.
Click the Save & apply changes button.
Creating risk reports
Creating risk reports
You can duplicate the default Risk report to create your own.
To create a report:
From your account navigation, go to the Reports page.
Open the Risk report.
Click the Duplicate & Customize button.
Customize the report:
Edit the name and description
Add and delete charts
Drag and drop charts
Change the chart size
When you’re done, click the Save & apply changes button.
Sharing risk reports
Sharing risk reports
⚠️ Note: Users need to be assigned an Admin, View-only Admin, or Editor role in your user permissions in before you can enter their name or email to share reports with them.
Click the Share button within a report to take the following actions:
Manage access: Control which users can view the live version of the report.
Manage report schedules: Email specific users a link to the report on a recurring basis.
Copy link: Share the link with users.
Example risk report
Example risk report
