Vanta Release Notes

Find out everything we've been working on here.

September 2022

New features & enhancements 

New Standards

• Ten new compliance frameworks are available in Vanta

Processing Integrity and Privacy Controls

• Customers are now opted into PI and P TSCs for SOC 2 with Vanta’s default control set, and can be mapped to new controls or other existing controls to these sections.

VMware Workspace One MDM(beta)

• Vanta uses its API to automatically pull computers and information related to hard drive encryption, password management, antivirus, and screen lock

Enhanced control Owner workflows

• Customers can assign owners to controls for tracking purposes. Assigning owners will also enable ISO 27001 to meet that standard's requirements for process oversight.
  
  

Tests Recieve SLAs

• If a test tracks an SLA, Vanta will show yellow “due soon” state, with the upcoming deadline. 
• Tests will only be flagged to auditors  once the SLA is exceeded
  
  

Auditor Preferred Evidence for All Customers

• Vanta can now detect when customers sign with a seamless partner throughout the whole customer lifecycle
• When we detect this from SFDC, the customer has the ability to opt into their auditor's preferred requirements, which include scoping out their irrelevant documents and adding any custom evidence they required.
• Additionally, if the customer switched seamless partners, we'll remove the previous auditor's preferred evidence requirements.

Improved GCP connection flow UI

• The improved GCP connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their GCP integration via Cloud Shell.

Improved AWS connection flow UI

• The improved AWS connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their AWS integration.

Audit Report Download/Edit for Auditors

• We've added the ability for auditors to both download and replace the existing audit report for a given audit engagement.

Code Changes Bulk Export Button

• Allow bulk export of the code changes page as a csv file. The button exports changes from the filtered repo and date range.

Bulk approval for policy updates

• Customers will now be able to bulk approve policy updates

Trust Report Watermarked Documents

• This feature adds watermarking for private PDFs (either on a private report or a private document in a public report). By adding a watermark, customers can feel more confident in sharing out documents in a Trust Report.

Monday.com integration support

• The 1-way monday.com integration lets customers pull their security issues data automatically into Vanta in order to track that they are being assigned priorities and owners and being closed within the set SLA. Additionally, customers can now review user access to monday.com via Vanta on the Access page.
  
  
  

August 2022‍

New features & enhancements:

Introducing: Smart System Description

One of the first documents your auditor will ask you for is a system description. The system description is a fundamental section of your SOC 2 report and outlines the scope of the system being audited, including all the internal controls in place.

It is your responsibility to write this section, oftentimes with limited or no support from your auditor. But gathering all the details for a system description can be time consuming and difficult—customers report spending up to 15 hours finding all the information and putting together the report itself, which can reach dozens of pages in length. A poorly written or incomplete system description can result in delays to your audit, or even a qualified SOC 2 report.

Smart System Description walks you through 13 important sections to complete, including details on your service description, people, and data operations. Best of all, Vanta pre-populates parts of these sections based on your existing work in the platform, saving you from over 10 hours of tracking down information.

An updated system description is needed each year for your SOC 2 audit, and Vanta will automatically remind your team or any assigned owner of its upcoming renewal. Keeping track of and modifying last year’s system description is easy because Vanta stores previous versions in one place for your team to access.

• View Smart System Description within the Documents page to get started.

‍

Vanta Seamless Audit

Finding a trusted compliance platform, like Vanta, to guide you through and automate the evidence collection process is just one part of the equation of an audit. It can be equally, if not more, daunting to research and interview a handful of auditors to determine which is the right one for you. To make solving for a SOC 2 report or ISO 27001 certification a single motion, we’ve rolled the auditor selection into Vanta with Vanta Seamless Audit.

Vanta Seamless Audit simplifies the audit process by providing access to Vanta platform along with an independent, Vanta-vetted SOC 2 auditor in one simple transaction, and for one attractive price. Get matched directly with an independent, five-star rated auditor who brings years of expertise and knowledge of Vanta to your audit, cutting out countless hours of interviews.

And because Seamless Audit partners have completed hundreds of audits in Vanta before, they know the system well and can quickly get a clear view of your organization’s compliance performance. This deep understanding of how to use Vanta to review, request, and accept evidence greatly reduces your effort and audit prep time, with some customers reporting an 80% reduction in total audit completion time.

Audit Preferred Evidence

An exciting new benefit that comes with Vanta Seamless Audit is Audit Preferred Evidence. Preparing evidence for your audit can be a daunting task, especially on first view of your required documents in Vanta. To alleviate some of this initial anxiety and eliminate unnecessary work done by your team, we’ve launched Audit Preferred Evidence.

With Audit Preferred Evidence, your Seamless Audit partner has predefined exactly which evidence they’re looking for in Vanta during an audit. In turn, your team has clear instruction on your auditor’s evidence expectations upon first login and can get started immediately knowing that you’re on the right track.

Vanta automatically adjusts the Documents pages to match the requirements as determined by your auditor. Additional pieces of evidence or the Vanta defaults can be added at any time for further customization. Best of all, you and your team know precisely what your Seamless Audit partner is expecting, greatly reducing the typical stress, uncertainty, and time needed to get to audit and through it.

• Contact your Success Manager to learn more about Vanta Seamless Audit.

‍

Customize your controls with Control Management

Controls are the commitments your organization maintains to stay secure and demonstrate trustworthiness to others. When preparing for an audit, much of your work centers on gathering evidence to show that your organization is delivering on its control commitments. Vanta greatly reduces the effort surrounding audit preparation by automating evidence collection and providing a list of industry-adopted controls for your company to follow.

There are times, however, when your organization may wish to maintain controls not reflected in Vanta’s default list. This is especially true for companies that have completed a SOC 2 or ISO 27001 audit in the past and wish to carry-over existing controls into Vanta. There are also times where Vanta’s default controls may not be applicable to your business. To address these scenarios and provide increased customization, we’ve released Control Management.

Control Management gives your team the flexibility to create custom controls and opt-out of Vanta defaults. Custom controls work seamlessly with the rest of Vanta and are displayed, monitored, and reported alongside Vanta’s default set. Custom controls can be further defined with evidence requirements. Choose one of Vanta’s default tests or create your own evidence requirement. The possibilities for the customization of controls are vast with Control Management.

‍

Control and Test ownership

When it comes time to get audit ready, lack of accountability can cost your team weeks in delays due to coordination costs and backlogged work. Control and test ownership in Vanta solves that with clear oversight and accountability within your compliance program.

Vanta makes it easy for teams to stay accountable with control and test ownership. Organizations can assign control owners, who are ultimately responsible for the health and implementation of a control. Control owners or admins can then assign tests to test owners who are responsible for getting the underlying issue resolved. Both control and test owners are kept updated on the health of their assigned items with notifications along the way.

Establishing ownership is crucial for any high-performing compliance program and especially so when your team approaches an audit. Keep your team informed and accountable throughout the audit experience with control and test ownership. 

• View and manage your controls from the Compliance page.

• Control ownership will be available to all users at the end of August.

‍

Managing policies in Vanta with Confluence‍

Policies codify your security practices into agreements for internal and external audiences. These documents can be challenging to understand or write. That’s why Vanta provides templates and an in-app policy editor to help your team create the collection of policies needed prior to an audit.

To get you through policy creation faster and one step closer to audit, we’re expanding the ways you can use Vanta to manage policies. We’ve heard that sometimes you’d prefer to use an external document management tool, such as Confluence, for policy creation and revision control. To match your team’s preferred workflow, you can now sync policies into Vanta directly from Confluence. 

Now your team can work on policy iterations within Confluence and sync the final version into Vanta. For any policies not stored in Confluence, you can always use Vanta’s document upload feature or native policy editor to meet your policy requirements.

• Visit the Integrations page to connect your Confluence account to Vanta.

July 2022‍

New features & enhancements:

• CCPA compliance support
  - Vanta now supports CCPA compliance!
  - Businesses that collect, use, or sell the personal information of California consumers are subject to the CCPA.
  - Read our announcement blog post.
  - View our CCPA solution. 
  
  
• ‍New Home page and navigation
  - You asked, we delivered. Introducing Vanta's new look.
  - These updates are designed to make Vanta more intuitive, actionable, and faster to navigate. Thank you for your feedback along the way.
  - Read the full story behind Vanta's new design.

• Assign tests to anyone with Test Assignments
  - Assignments allow you to delegate specific tests to anyone in your company.
  - Assigned employees are notified and provided access to a limited version of Vanta displaying only their assigned test and remediation details.
  - Watch a short demo video of this new feature.
  
  
• Custom controls with Control Management
  - Create and manage custom controls with Control Management.
  - Custom controls are displayed, monitored, and reported alongside Vanta's default list of controls.
  - You can now opt-out of Vanta controls that are non-pertinent to your organization. Visit the Compliance page to get started.

Learn more in July's product updates blog post.

June 2022

New features & enhancements:

• Vanta Trust Reports
  - A Trust Report is the fastest way to demonstrate your commitment to security, speed up the security review process, and build trust with prospects.
  - Trust Reports are free to existing customers for the next year!
  - Get started by visiting the Trust Reports page.
  

• Scoping by IdP: OneLogin, Office, Okta, and Google
  - We’ve expanded scoping by identify provider (IdP) to support OneLogin and Office 365 users.
  - Use scoping by IdP to easily define which employees or user groups should be monitored by Vanta.
  - Scoping by IdP is also works with Okta and Google Workspace.
  
  
• Manual deactivation of employee accounts
  - Vanta admins can now manually mark accounts associated with offboarded employees as deactivated.
  - This tool is handy to use when a former employee's email or other login is knowingly still active and in use by your team.
  - Manual deactivation can be reset easily in case of error.
  
  
• Templates for non-technical evidence
  - Vanta now includes helpful templates for nearly all non-technical tests.
  - Manual evidence templates can be found linked within their test description on the Documents tab
  - We’ll continue to introduce new templates in the coming weeks!
  
  
• AWS DocumentDB, GCP Artifact Registry support
  - Vanta now supports AWS DocumentDB as a resource for NoSQL Databases.
  - New tests from Vanta, AWS Cloud Watch, and Datadog check for encryption at rest, backups, CPU usage monitoring, and read/write capacity.
  - Visit the Inventory page to view your AWS DocumentDB instance
  - Vanta now supports GCP Artifact Registry for vulnerability scanning.
  
  Read What's New In Vanta 6.15.22 to learn more.

May 2022

New features & enhancements:

• The Vanta API (beta)
  - Vanta’s API is now available in beta to all users. We launched the API to help customers leverage Vanta’s platform capabilities for custom security solutions.
  - Visit the Vanta developer site to learn more about the Vanta API.
  - Visit your API Tokens page to create and manage API tokens.
  
  
• Snowflake integration
  - Vanta now offers an integration with Snowflake’s cloud data platform to help users satisfy user access and inventory management requirements.
  - New tests check Snowflake for MFA and user access review.
  - Snowflake databases are now tracked within the Inventory page.
  - Visit your Connections page to add Snowflake to Vanta.
  
  
• Enhanced MDM migration support
  - For users seeking advanced device management features, we've made it easy to transition from the Vanta agent to a supported MDM.
  - Devices can be set to be monitored by Vanta or a third party MDM.
  - The Vanta agent can be set to continue monitoring unmigrated devices.
  - Visit your Connections page to add a supported MDM.
  
  

• New custom evidence features
  - To streamline the evidence collection process, Vanta now provides custom evidence request, approval, and comment features.
  - Auditors can request and manage custom evidence directly within Vanta tests.
  - Users can review custom evidence requests on the Documents as well as within daily summary emails.
  - Visit your Documents page to view the new Custom evidence section.
  
  Read What's New In Vanta 5.3.22 to learn more.

April 2022

New features & enhancements:

• Asana task creation
  - Easily create Asana tasks within Vanta test pages to better manage your team’s work
  - Vanta now supports Asana, Jira, and Shortcut for task tracking
  - Try creating a task within a Vanta test page
  
  
• AWS Lambda severless monitoring
  - AWS Lambda functions are now tracked as a resource within your Inventory page
  - Lambda functions can now be monitored for error rate alerts via our integration with AWS CloudWatch and Datadog
  - View and manage your Lambda functions on the Connections page within your AWS settings
• Native policy editor
  - Vanta now supports in-app editing of existing, new, and uploaded policies
  - View the new policy editor on the Policies page by editing or creating a policy
  
  

  Read What's New In Vanta 4.4.22 to learn more.

February 2022

New features & enhancements:

• Slack notifications
  – Slack notifications are here! Get immediate alerts, as well as daily or weekly summaries, to the Slack channel(s) of your choice.
  – Configure your team's Slack notifications.