Users in the private preview can now automate spreadsheet questionnaires with custom dropdown responses using QAuto, allowing Vanta AI to select the most relevant predefined value and apply it directly in the export.

Users now see inline citations in VRM AI answers, clearly referencing the specific evidence and page location used to generate each response—making verification faster and easier.

Users benefit from improved accuracy in the Trust Center chatbot, which now respects applied tags to ensure it only surfaces relevant, tagged resources.

Users can export all issues and their metadata to CSV, simplifying external analysis, audit prep, and offline tracking.

Users can now query the status of their policies via Vanta’s REST API with two new endpoints: List policies and Get policy by ID, enabling deeper integration and automation.

Users in the private preview can now enable chatbot functionality on public Trust Centers, with safeguards to ensure only publicly available information is referenced.

Users now experience a more transparent AI workflow in QAuto with the introduction of the Vanta Agent answering experience, setting the stage for interactive and multi-step AI capabilities.

Users can now map issues directly to risks in the Issue Management module, providing better visibility into how individual issues impact broader compliance objectives.

Users on Growth+ plans can now control whether control history is visible to auditors via a new setting in the Audit Visibility section. This setting is off by default.

Users can now export all access requests directly from the Access Requests page for easier reporting and tracking.

Users benefit from improved QAuto responses thanks to a new AI classifier that determines optimal verbosity before answer generation, resulting in more reliably formatted answers.

Users can now export their filtered Answer Library as a CSV, making it easier to generate custom reports or maintain offline backups.

Users will experience significantly faster load times on the Policies Page following recent performance improvements, supporting larger orgs with extensive user and policy data.

Users can now bulk mark resources in or out of scope by resource group using Adaptive Framework Scoping, simplifying setup for frameworks like PCI and ISO 27017 and enabling precise, efficient configuration across large environments.

Users now have access to redesigned /code-changes auditor pages (beta) offering improved control, clarity, and exportability, with added support for Azure DevOps including accurate parsing of review groups for robust compliance checks.

Users can now access Penetration Tests directly from the Assets > Vulnerabilities section, streamlining visibility and laying the groundwork for enhanced pen test support and findings tracking in Q3.

Users can now access Wiz Vulnerabilities and Issues as the integration enters GA, expanding availability to all customers after months of refinements and successful adoption by over 150 teams.

Users can now apply owner, category, and status filters across all charts in the risk report, enabling more consistent and tailored risk insights.

Users can now leverage Vanta AI to automatically detect column types in spreadsheet questionnaires, streamlining setup and moving closer to fully automated questionnaire completion.

Users can customize a test’s SLA category, allowing them to adjust its priority or assign a different SLA based on their organizational needs.

Users can now integrate with Oracle Cloud at GA, featuring new product tests, expanded support for networking components, region editing, multi-tenant configurations, and more bringing Oracle in line with other cloud integrations.

Users can now restrict auditor actions in Vanta with new compliance settings that prevent auditors from creating audits, modifying controls, or adding additional auditors.

Users can now view failing test entities by segment on the Test Details page, enhancing visibility into which scoped resources are out of compliance and improving clarity across segments.

Users can access a new framework-specific tests table that displays only tests relevant to a given framework, with accurate statuses and direct links from the overall tests table for streamlined navigation.

Users can now access GDPR-specific policies in Policy Builder, expanding the existing library with two new templates to support GDPR compliance alongside SOC 2 and ISO 27001. All templates include updated editing guidance to align with GDPR requirements.

Users can stay on top of collaboration with the new Comment Notifications inbox, which consolidates all relevant comment threads in one place for easier tracking and responses.

Users can now interact with Vanta data using LLMs via the Vanta MCP Server (Public Preview), enabling advanced workflows like audit prep and automated remediation directly in tools like Claude Desktop or Cursor.

Users will see a redesigned AWS Integration Overview Page featuring a full-page layout with tabs for overview, capabilities, prerequisites, permissions, synced resources, and automation details streamlining decision-making and aligning with the content on vanta.com.

Users can now track personal emails in Vanta for 17 additional Merge HRIS platforms, expanding visibility into employee data across systems.

Users can now adjust answer columns in spreadsheet questionnaires and selectively re-run AI responses for unapproved answers, preserving approved content and reflecting the latest knowledge base updates.

Users can now mark VRM questions as reviewed, locking the primary answer to track progress and ensure stability in collaborative workflows, while still seeing the latest AI and vendor responses.

Users can now collaborate more effectively in Vanta by adding comments and tagging teammates directly on controls and risks, just like with audits and questionnaires. Notifications are sent as comments are added to keep everyone in the loop.

Users can now customize their risk register and action tracker with an updated filter experience that reduces clutter by showing key filters by default and allowing additional filters to be added as needed. This update adopts Vanta’s new filter overflow pattern for a cleaner, more flexible interface.

Users can now view and filter the people table by individual security tasks, making it easier to track task completion across personnel. The table can also be customized to show the most relevant columns for quick insights into task-level progress.

Users can now adjust the verbosity of individual QAuto answers by selecting from Concise, Standard, Extensive, or AI-recommended options. This manual control improves answer customization while helping train better automatic verbosity selection over time.

Users can now leverage Vanta AI to auto-populate security questionnaires by submitting a link as evidence, enabling quicker insights into a vendor’s risk posture without waiting for additional documentation.

Users can now apply framework scoping to all Vanta-built integrations, ensuring that only relevant data is monitored for compliance. All future first-party integrations will support this feature, with a few exceptions that don't import resources.

Users now benefit from a more scalable and secure role-based access system as all organizational role evaluations have been migrated to Oso, a centralized authorization engine. This upgrade standardizes permission checks, boosts performance, and lays the groundwork for advanced access control features.

Users will now see the domain name in the subject line of comment notification emails sent to auditors, along with the object type name included in the email body for clearer context.

Users can now access an in-app hub within the People tab that provides step-by-step guidance and interactive tours to help new admins navigate personnel setup in Vanta.

Users can now be assigned as owners of specific controls using object-level roles, granting them access only to those controls and their mapped evidence for more granular permission management. This enhancement enables precise delegation and supports least privilege by allowing control owners to reassign mapped tests and documents.

Users can now leverage Vanta AI to generate draft approval notes by comparing the latest policy draft with the last approved version, highlighting key changes for easier review. For first-time policies, Vanta AI provides a summary instead.

Users can now view Wiz Issues directly in Vanta through a new integration for Growth+ customers, enabling unified visibility into misconfigurations and risks alongside Wiz vulnerabilities. This feature supports filtering, pagination, and centralized risk monitoring while remediation continues in Wiz.

Users can automate how personnel request access to systems. Vanta routes requests to the right approvers and admins, tracks status, and simplifies provisioning.

Users can view test status, asset counts, and history by framework segment to simplify audit prep, support scalability, and keep compliance efforts organized.

Users can now filter scoped out integrations and accounts from the audit view. They won’t show up in product tests, or across any audit pages, providing a seamless framework scoping experience that just works (TM).

Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.

Users can schedule reports to be emailed daily, weekly, or monthly, with each email linking directly to the live report in Vanta for up-to-date visibility across stakeholders.

Users see quick views on the Documents page that filter and display relevant documents and columns based on the actions they need to take.

Users have the ability to drop messages to their designated approvers so they can make a more efficient and informed approval decision.

Users now see a detailed control history that logs changes to key fields and allows optional “reason for change” notes when tests or documents are unmapped.

Users can create questionnaires by choosing from a curated library built by Vanta SMEs, then customize them as needed—including options for general vendors and AI-specific use cases.

Users can sync Vanta Teams to their IdP Groups via SCIM, enabling seamless and programmatic Team management as the customer’s organization grows and changes.

If you are using Vanta's default template stack or bringing in your custom policies, you can use Vanta AI to help you map security controls back to the policy

The collaborator role is now available for object-level assignments and more granular access control within Vanta

The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location

The test metric allows customers to easily assess their program's progress by providing the key metrics they need, all in one seamless location

Users can now flexibly track any and all data they need to know about the vendor. They can choose from the following field types: text, date, number, and picklist.

VRM has two new standard fields: contract amount and vendor headquarters.

When a user merges two vendors, they can preserve the security reviews, evidence, and findings from both vendors, ensuring they don't lose any of the due diligence they've done.

Customers activating their Trust Centers for the first time will find a resource document already created for them, affirming their engagement with Vanta and ongoing compliance efforts.

Create custom tags for organizing your knowledge base and sharing resources from your Trust Center

Customers can select an audit type when creating an audit engagement in Vanta.

Customers can now create and assign Teams as owners of tests and documents.

Users receive Slack notifications when questionnaires are submitted and are notified when all evidence is available, and the security review is ready for analysis.

Trust Center admins now have the option to disable "Full access" on their public Trust Center

Vanta's new Merge.dev Multi-Tenancy Support enables seamless management of multiple instances of the same integration

Customers can now scope JumpCloud resources by framework

After adding a questionnaire, customers can select response rows and delete them.

Vendor AI answers will be organized in bullet points

Users can choose to move a vendor from Discovery into Procurement, following the funnel and typical workflow of our users

Users can now scope individual accounts within organizations for GCP and Azure.

Users now have control over which frameworks they include their GitHub organizations and project assets in.

With AWS organization sub-account scoping, users now have more granular control over their assets.

An approval workflow can now be facilitated within Questionnaire Automation. This workflow allows an approver to be assigned and notified when the questionnaire is ready for review with a new set of statuses to track and communicate each step of the process clearly.

Admins can now send a bulk one-time reminder to specific people by selecting them on the People Page table. The admin can also select whether to send these reminders over Slack, email, or both (the reminder will default to their current personnel notification settings).

There is a new column in the documents table to indicate if a document is "sensitive"

We’ve added an “Add Controls” button directly on the Policy details page

Users can transition flagged evidence back into ready-for-audit; this lets them know that a piece of evidence is ready for another review, eliminating the need for back and forth between auditors and customers.

Users can filter evidence to view evidence created by the auditor

For each permission in a custom RBAC role, the admin can choose from “no access,” “view-only,” or “view and edit.”

When a user maps a risk to a control, they will be able to see the risk ID along with other pertinent information about the risk.

Users are now prompted to add all relevant files to satisfy the document evidence request and mark it as complete before the document status changes to OK.

Test data can now be exported to a .csv file from the Report Center

Custom fields can be created in a new settings page in the compliance hub and displayed in the controls table. You can create fields that are free text, pick list, numbers, or dates. You can also choose whether custom fields are visible to your auditor.

Vanta now supports two new frameworks, TISAX and CMMC.

Vanta AI now contains a classifier for the questionnaire automation tool that detects whether a question is of a Yes, No, N/A type.

Customers can now edit questions and answers in the pending import list before approving and applying them to the answer library.

VRM users can import public Trust Center documents directly from within the Vendor Risk Management tool

Trust Center admins now have the ability for Trust admins to edit the access expiration date in bulk

Vanta integrates directly with HITRUST MyCSF, enabling customers to sync controls and evidence seamlessly between the two platforms.

Each FAQ on your FAQs page has a perma-link for seamless sharing.

In both Policy Builder and Policy Editor, drafts can now be downloaded as a PDF or .docx.

Customers will now be able to add custom fields (date, number, text, pick list) to their controls within Vanta.

Trust Centers now watermarks NDAs with the name, email, and timestamp of the viewer who has accepted the NDA, allowing security teams to share adequate proof with their legal teams that a customer has signed an NDA. Trust Center admins can view the watermarked NDA in the Activity table for easy access.

In addition to being able to view the trends on remediated items within SLA, you can now drill down and understand the underlying historical data driving those trends.

Beta users can automatically create tasks in Jira when a test starts to fail.

With the power of AI, Vanta now offers personalized, Terraform-based remediation solutions for all 180 of our Terraform-remediable tests. Users can now choose between Vanta-written instructions or customized Terraform solutions, allowing them to remediate Cloud tests more effectively and on their terms.

Users can now edit section titles in Policy Builder

When in the Policy Builder tool, users can skip sections that do not require input

Commenting is now available on Security questionnaires, providing a single source of truth for conversations on individual questions

We’ve updated the Groups Page to offer a cleaner, more streamlined experience for assigning tasks to your personnel

Automate Access Requests and NDAs Through Hubspot CRM
​

Vanta now fully supports the NIS 2 framework

Domain allowlists allow customers to specify up to 50 domains. If a user requests access from one of those domains, they will automatically get access to the Trust Center
​
​

Once an answer is locked, the AI will not re-run on those questions.

Vanta has introduced a beta test details page with a tabbed design to focus on remediation details

Vanta now has a full-page view for column selection, making navigation and use more seamless

Vanta now integrates with Lacework for vulnerability management

Report center users can now configure their custom reports further by filtering charts by framework, enabling the creation of framework-specific reports.

Our new framework breaks down the regulation into actionable tests, documents, and policy addendums, offering clear guidance and prioritization for compliance managers.

Individual questions can be assigned to users in Vanta. Users can be notified via email or Slack and quickly click on the questionnaire to view and answer assigned questions.

Vanta now integrates with SentinelOne

If you are utilizing the Google Drive or Sharepoint integration, you can sync PDF files through the Google Drive & Sharepoint integrations for policies and documents

All AWS users can now add multiple orgs to a single Vanta Workspace

Users can purchase cyber insurance directly within Vanta in as little as 15 minutes, powered by Vouch.

Policy Builder is a new policy creation and editing workflow to help create policies using Vanta templates.

Customers can now create custom reports in the Report Center.
​
​

Vanta's existing US Data Privacy framework has added a net new control. This new control accommodates a recent addition to the Oregon Consumer Privacy Act. Five existing documents and one existing test have been mapped to this control.

The API documentation will help customers understand our API’s capabilities, get started, and explore its use cases.

Resources and answers in the knowledge base can be configured with one, multiple, or all products.

Evidence statuses can be applied to a piece of evidence within an audit engagement.

VRM users will be able to recommend treatment plans, recommend resolutions, create Jira tasks for follow-up, and set residual risk for the vendor.

There is a new section on the Trust Center called Media for companies to upload videos hosted on YouTube or Vimeo.

Anyone using Orca can connect to Vanta to pull in vulnerability data, track status, and SLAs, and assign tests if something misses a resolution window.

Vanta's REST API now supports two new endpoints:

For more information, see our https://developer.vanta.com/docs/vanta-api-overview

Access Ticketing for Jira is now available. Users can enable it on the Manage section of the Jira integration, providing a label for access tickets.

VRM users will be able to customize the attributes used to determine inherent risk levels for each vendor and be able to apply those attributes to vendor categories to enable auto-scoring

Customers and auditors can now communicate with each other through comments on evidence in the audit view

A new and improved UI had been implemented in Vanta, designed to make it easier to find and act on the data and information in Vanta.

Customers can leverage questionnaire automation directly within Vanta

Customers can now run their background checks directly from Vanta using our background check functionality powered by Certn

Customers can now set up an SSO SAML connection to their IDP without first integrating their IDP via API. The SAML protocol allows customers to grant a subset of their users access to the Vanta application.

Users can access all of a company's Trust Centers with a Trust Center picker in the Trust Center header.

There is a new visibility option for resources called Shareable that hides the document from their public Trust Center but can still be shared externally.

There is now a new Knowledge Base in Trust Center for customers to manage their Security Documents and Answers

We’re launching a new Vanta API with more functionality than GraphQL in the REST protocol.

Users can now upload custom images which will appear on the top banner of the Trust Center

For those using Vendor Risk Management, discovered vendors can be rejected and provide a reason for the decision

Users can give reasons when ignoring a vendor so that it's visible and trackable

Customers now can connect their different workspaces to Vanta

Customers can now include as custom attributes when importing risks

Controls import templates are now specific to the user, meaning they show only the frameworks the customer has purchased and include the customer’s custom frameworks.

We now pull in the following information for vulns that helps give guidance on how to remediate:

Two new widgets have been added to the Findings by Asset page,

We’ve created and launched three new Security and Privacy Training modules in Vanta, including

Employees can now be included in multiple groups of employee task programs and import their IdP groups 1:1

Customers can now link a vendor's findings to existing risk scenarios, bridging the gap between Vendor risk and risk management.

A new document request was added to the “Network Firewall reviewed” control to provide evidence on the results of the Firewall ruleset review.

Users can now create custom labels for Vendor risk management procurement requests with task tracker integrations

Users can click the export button immediately and navigate away from the People page

Replacing the full-screen model with a drawer allows us to build performance improvements and new UX features and prepares us for further improvements to the audit experience.

Vanta now provides deeper automation for Netlify integration

A new, higher-context, and more streamlined onboarding experience has been made available for additional invited admins.

Vanta has added support for the CloudFormation connection method for the AWS Organization linking flow.

A one column layout has been enabled for Vanta Trust center to create a cleaner and more seamless UI experience

Multi-language policies enable customers to manage and maintain multiple documents for the same policy so their employees can choose the one to review in their preferred language

There’s a new button for access reviews, aptly called “Change roles”, that Access Review customers can use to denote accounts that need a role/permissions change instead of outright approving or denying access.

In order to flag potentially inactive accounts, we have:

Allows admins the option to opt into applying user scope to accounts they own and reduces the manual effort needed.

We've added several improvements to our risk notifications, including:
• Manual reminder buttons for risk scenarios and tasks
• Risk task status for due soon or overdue tasks
• Risk needs attention (e.g. control failing, task overdue, needs completion, needs approval)
• Improvements to the Daily/Weekly summary email

We now support bulk-linking account owners via OneSchema. Customers can download a .xlsx file of all their unlinked accounts, enter the owner email for each account, and upload the same file via OneSchema to link all accounts to owners at once.

Users can now take screenshots or export a PDF of users from an unintegrated system, and Vanta's AI access data importer will extract the user data, drastically reducing manual data entry.

Vendor risk management customers can request both documents and questionnaires with a single reach out to the customer. Vanta will send the email with the requested documentation and a link to upload questionnaires and documents.

VRM customers can request both documents and questionnaires through a link single link

Vanta has released an add-on to GDPR for the EU-US Data Privacy Framework. The add-on includes 7 new controls and 6 new documents to help US-based customers subject to GDPR achieve compliance more efficiently

Vanta AI templates allow customers to upload multiple templates and efficiently be able to switch between them

NDA data can now be exported from the Trust Center settings page

Vulnerabilities can be unmonitored, and then automatically reopened when a known remediation becomes available

We've launched a new bulk download button to generate a zip file of all accessible files on a Trust Center.

Allows bulk selection of risk scenarios, which can then be assigned an owner, approved, or archived with one click

Customers can now post updates on their Trust Center and notify subscribers via email.

Customers can now create custom integrations for Vanta to automatically pull in access data, streamlining Access Reviews.

When an employee has no tasks assigned to them, we display their status as 'No tasks.' In this state, we also provide a prompt in their user drawer, encouraging the admin to assign tasks."

Vanta has developed and deployed both UK Cyber Essentials and The Australian Essential 8 as Framework offerings.

Several Policy Templates have been updated for more comprehensive security policies

The redesign of the vulnerabilities page comes with improvements that make the experience more intuitive and streamlined to manage vulnerabilities

Customers now have the option to connect their DocuSign account to Vanta and use it to send NDAs.

Trust Reports can now integrate with Salesforce and allow custom auto-approvals and NDA bypass rulesets.

Vanta customers can now generate a unique link for each vendor to collect security documents

Customers have the ability to add new frameworks that aren't part of the pre-existing list, as well as customize the name and badge icon for new and existing frameworks

Vanta will automatically upload the Access Review report as evidence to meet the controls around Access Reviews

Risk scenarios can now be mapped to controls within Vanta

Users can now choose which organization(s) or group(s) they would like Vanta to monitor and pull relevant resources from

Users now have the ability to ask their own questions to Vanta AI in additional to the default questions provided

Vanta Admins can now create and tailor custom roles, which they can then assign to users within their accounts

Users can now import Documents from external sources - Drive, Confluence, Sharepoint

The policy editor now allows users to comment on the document, making communications for suggestions and feedback more streamlined in a centralized location

36 new controls have been added to ISO 27017 to provide valuable guidance to customers
​
​
​

Controls now affect the completion status of risks. Risks are now considered complete if they have at least one control or task, all tasks are completed, and all controls pass

We're adding an option to upload files for vendors where a connection is possible

Vanta now supports JumpCloud as an IdP

The most recent version of the Vanta Agent upgrades it to use the most recent version of osquery (5.9.1)

This version also includes general bug fixes and improvements

Employees now register their Vanta Agent to their company's domain by copy-and-pasting a simple registration key during the Agent installation process

The Risk Register has been redesigned to allow edits and additions to be made to risk scenarios entirely from the sidebar

Our new roles page will now show all available roles and what specifically each role has access to

VRM customers can merge vendors (combining data) and delete vendors

We are providing a security settings page where the user can choose to change their idle session timeout configuration. Currently, they'll be asked to choose between 7 days, 3 days, 24 hours, and 30 minutes

Risk management tests have been added so customers can leverage work they have already done to enrich the existing policy and documentation asks

Workspace Console Admins can now access the Workspace Console, which provides them with an aggregate view of data across all connected Workspaces.

Customers who are interested in Access Reviews can sign up for a Free Trial within Vanta

We built out a reporting page that tracks a few metrics over time. The initial metrics are

Vanta users can now connect to more than one Snowflake warehouse on the Integrations page.

Auto-populate the SoA for both the 2013 and 2022 versions of ISO 27001! The banner and button to download the pre-filled template are the same, but the downloaded document will include a sheet for any ISO 27001 versions the user has enabled

Answer editing in the questionnaire browser extension enables customers to edit past answers without visiting the answer library

Customers now have an opt-in Trust Report access model that allows them to provision individual documents. Requesters can specify which documents they are interested in, and customers can select which documents they ultimately want to provide access to

Customers can now see all Connectors integrations on the Integrations Page.

Users are now able to edit an "Identified" field

Customers can now see all Connectors integrations on the Integrations Page.

Users are now able to edit an "Identified" field

Sumo Logic integrations now fetch monitors, and a new product test has been added to verify that at least one active monitor is configured in Sumo Logic

Customers who utilize Risk management can create Text, Number, and Date attributes on risk scenarios, allowing even the most complex cases to be managed through Vanta

Tags can be added to answer library items through the Answer Library page and browser extensions, allowing users to filter and group items

When uploading a questionnaire to be imported, users will be able to review detected columns and make adjustments as needed before starting the import process

Document names, descriptions, and recurrence can be edited from the document's detail page

Vanta Controls now have the same flexibility as custom ones.

We're changing the Okta integration to use OAuth authentication instead of API tokens

The name and description of policies can be edited while still taking advantage of the control <> policy mappings that Vanta provides out of the box.

Administrators can set or unset their Vanta users’ leave status manually. Administrators can also optionally specify a date on which the leave starts or ends when setting leave status.

Auditors can now view Audits for custom frameworks

Vanta now supports horizontal table scrolling in the Risk Register; we also allow an optional frozen column on the left, so users can still see the item's Name or ID while they scroll left and right in the table.

VRM customers can customize the cadence at which they want to conduct security reviews (including an option to turn off required reviews for vendors of certain risk levels)

Vanta now allows you to toggle which columns are visible in the Risk Register, as well as display new columns we haven't allowed before (Categories, Created, and Updated).

Vanta now has native support for sending notifications to customers who use Microsoft Teams as their chat application. Customers will be able to select a Teams channel for each of our preset categories, similar to the Slack Integration

Vanta allows customers to customize the labels that Vanta uses to automatically track security issues for all task trackers

Custom docs can now be marked as sensitive

Dynamic IdP Groups for OneLogin reduce the time to create groups and eliminate the time to keep them up to date by allowing groups to sync from OneLogin over to Vanta

Vanta now allows users to edit the status for access reviews

Customers can preview their changes in the checklist edit flow before publishing. This allows admins to easily understand their employees' onboarding experience.

Vanta users will see the option to specify a custom date range when they select "View as auditor". An audit engagement is no longer required.

Conduct comprehensive security reviews that enable your organization to proactively mitigate risk associated with the vendors you utilize

Made Vanta's SLA range provides recommended time frames, which users can override.

Vanta now has an expanded integration with Grafana

Notifications can be scheduled to be sent during working hours or anytime

Vanta now has a button to manually trigger a policy sync between Google Drive / Confluence & Vanta

There is now a Notes field to the policy details page

Vanta's Access Reviews provides the necessary roles, workflows, and automation to manage access reviews efficiently within the platform
​
​

Vanta integrates with New Relic for access and monitoring-related compliance purposes

Trustpage by Vanta’s Questionnaire Automation is designed to help organizations quickly respond to security questionnaires and effectively communicate their security and compliance to customers and prospects.

Vanta has a brand-new look and mascot! Read all about the redesign and Ilma (the llama!) here.

Sync policies stored in Google Drive to Vanta automatically, with the Google Drive integration

Policy templates can now be created in numerous languages. These languages can be selected at the time of creation and added or removed for future iterations.
​​

This new feature allows customers to ignore vulnerabilities only for a duration of time.

We added an option to delete all custom controls in one click on the controls page. This was highly requested by CSMs and customers alike and will save them significant time, coupled with the ability to re-upload said custom controls through OneSchema.

Users can add custom notes to controls for better team collaboration and understanding.

Any Vanta user can be assigned as a System Reviewer. System Reviewers with employee-level access only view the access reviews data they need to perform a review, specifically the systems that they have been assigned to review.

Vanta has implemented a SOC2 starter guide for new customers. This guide will walk new users through the implementation of Vanta and assist with the many components of prepping for a SOC2 attestation.

Customers can integrate multiple distinct identity providers! Admins can manage user security workflows from multiple IdPs, including employee onboarding, offboarding & ongoing tasks, employee group management, monitors, access, and access reviews.

Now System Reviewers can seamlessly create task-tracking tickets for any accounts that require changes and monitor the status of those tickets and associated changes in Vanta.

The CIA framework is now natively implemented in Vanta's Risk management - users can choose CIA categories for their risks and filter by those categories.

Users can bulk-update content across all policies by specifying the text they want to replace and the new text they want to be added

Users can now manually add their company logo to the beginning of a policy
​​
​

Users can now archive vendors on the Vendors page. Archived vendors live in a separate tab, where Vanta will retain all information about the vendor if it needs to be revisited later.

Access Reviews customers can leverage our Account Access Data APIs to upload account access data for non-integrated systems.

Global Checklist settings allow an admin to easily disable a security requirement (such as background checks or security training) across all checklists and employees. These global settings will be tied to product tests so that when admins disable a test for a given employee security task, the task will also be disabled on the People and Checklist pages.

We've restricted the view for auditors to only snapshots, except for domains with an ongoing audit that would have been interrupted by this change. We've also added the ability for customers to create private/internal risk snapshots to track their own progress.

Use TagInput from Alpaca to provide a more effortless experience.
​
​

Vanta has added the ability to add custom notes to tests which is visible to everyone who has access to the test detail page.

The due date for each employee task is now the same as the due date for the corresponding product test (This will bring employee tasks further in sync with the monitor's page.

Some of the key Cloudflare security components and settings are fetched now, and four new product tests have been added to validate them:

We have introduced 3 new tests for GitHub that will roll out on February 25:

Vanta now has the option to use additional filter on the scoping modal to allow users to filter resources by "in-scope" or "out-of-scope'

Vanta has added the functionality of SLAs in business days to all SLAs, which creates a more standardized experience. Business days were added specifically to four categories of SLAs: account revocation, onboarding, vulnerabilities, and security issues.

When auditors are conducting an active audit, they only have access to People that are relevant to the audit scope. Additionally, auditors no longer have access to the People page until the audit observation period starts. This ensures that users are not exposing unnecessary People data to their auditors, and there is less friction for auditors conducting sampling on People.

The feature allows customers to create monday.com items directly within test pages to better manage Vanta tasks.

Vanta now allows onboarding users to be assigned risk scenarios and risk tasks. Onboarding users can access the Risk register and Action tracker once they've been assigned a risk.

Vanta now connects with Swifteam for MDM integration. This currently supports macOS, with other operating systems to be added in the future

Vanta now connects with AccessOwl to build a document upload integration. If a customer uses AccessOwl for access reviews, the integration will automatically pull in the evidence,

Review Status Metrics
System reviewers can quickly view a snapshot of the status of the vendor accounts they are reviewing.

Account Flagging
Vanta flags accounts for systems reviewers that are risky based on employee status and changes.

Bulk Assign Owners
System reviewers can assign owners in bulk.

Process Owners can leverage one of our AR file templates and import files in the AR dashboard. This cuts down on time to prepare and perform access reviews.

Vanta can now sync risk tasks to any of Asana, Jira, Linear, or Shortcut

Vanta has included new SLA settings and tests for critical vulnerabilities.

A new and efficient navigation setup for the Vanta Integrations page is now available.

Vanta now allows customers to connect GCP projects to Vanta by linking their GCP organization is now available. Customers can easily specify which projects within the organization are in scope and out of scope and view which projects have been successfully fetched versus those that have failed, including the reason for the failure. Vanta now automatically detects and fetches new projects as they are created.

Disabled tests will no longer appear on the policies page.

The Checklist UI guides new users through the four key steps to complete their employee tasks setup.

Every test now has a "View remediation history" button. Clicking it opens a dialog that lets you see the entire history of test issues.

Vanta now integrates with FleetDM and SOOS

Risk management now supports syncing risk tasks to Jira

Customers can pull their Rippling background check data into Vanta (along with HR and MDM data or standalone).

Tests and documents now both show in a single table on the Monitors page. The new page is essentially the Tests page with documents added to the table. Users can filter between Tests, Documents, or both.
​

Security task tests have been migrated to the SLA UI and now show deadlines for Security tasks ahead of the due date

Allow admins to snooze individual test entities

Vanta now allows you to create tasks in your favorite task trackers, Jira, Asana, Linear, or Shortcut.

Customers who use Terraform can now link their AWS account by adding a Vanta-generated script that automates roles and policies setup. AWS linking will be much faster than the previous manual console flow!

With Multi-IdP Group Membership, Vanta Admins can assign employees to their IdP group of choice. Admins can do this as part of the Group Creation flow or as part of Employee Management.

Google

Dynamic IdP Groups for Okta

Vanta Users on old versions of the risk assessment feature are now able to update themselves to the new risk management module from their respective risk assessment versions.

We started fetching GCP Queues and added them to the Inventory page

Vanta users can now provide feedback from the Integrations pages within Vanta

For long-running fetches, we now support fetches that take up to 12 hours! We can opt in any (domainId, kind) to use a new queue with a longer timeout.
​​
​
​

Consolidated across all 5 into a single All Assignment Notification sent via both email and Slack with a standard copy and a single setting for turning them off/on.

This feature assigns default owner and description values to all inventory items that are missing these values.

We now allow users to configure GCP to only fetch the resources they want to enable APIs for

All customers can add the Intercom integration to continuously monitor account access details on the Access page. Access Reviews customers can also include Intercom in their regular access reviews, saving time pulling files & managing stakeholders, reducing license fees & improving the quality of the review.

We moved GovCloud to our existing linking flow and architecture, improving our setup time and experience. Customers using GovCloud can link multiple accounts now and expect the safer role assumption that we use on commercial AWS.

We’re excited to continue to expand the number of standards Vanta supports with the launch of two new/updated standards.

Customers can now focus on just the standards that are currently their priority by snoozing the rest for a period of their choosing
​

Customers who haven't connected an IDP see a new homepage Zero State where they can add an Admin directly in a modal

The new Personio integration means we can better support international customers by getting the most accurate employment dates. Accurate employee end dates improve the ability to meet their commitments and offboard employees on time.

Include the compliance standards you have achieved and their subprocessors in the Vanta Trust Report!

In September, we announced Connectors - a program for technology partners to build data-sending integrations to Vanta. Over the past 2 months, we worked with them to build and prototype integrations with alpha customers. Today, any customer can install these integrations by visiting the “Partner-built integrations” section on the Integrations page.

Integrations Include

Filtering out non-resolvable vulnerabilities for AWS and Snyk
​

Share feedback form added to the How to fix section

Event Log

System Description Network Diagram Image Size Limits are now removed

Universal test SLAs

System Description Custom Inputs

Custom Inventory Tags

Time Sensitive Tasks sidebar on the home page

Custom Policy Approval & Acceptance Tests

When customers create new custom policies, new tests will be automatically created to monitor the (annual) approval and employee acceptance statuses. These tests will be viewable from the Tests page under the Policies category and behave, like our existing Vanta Policy Tests. Additionally, customers now get all the notifications that come with normal Vanta Tests.

Temporarily deactivate tests or documents
​

Connect AWS accounts via CloudFormation
​

Inventory Page CSV export now includes more fields

New Auditor View

New Standards

Processing Integrity and Privacy Controls

Enhanced control Owner workflows

Audit Report Download/Edit for Auditors

Bulk approval for policy updates

Trust Report Watermarked Documents

Monday.com integration support

Code Changes Bulk Export Button

Tests Recieve SLAs

Improved AWS connection flow UI

VMware Workspace One MDM(beta)

Improved GCP connection flow UI

Auditor Preferred Evidence for All Customers

Vanta now supports CCPA compliance

Businesses that collect, use, or sell the personal information of California consumers are subject

Assignments allow you to delegate specific tests to anyone in your company.

Assigned employees are notified and provided access to a limited version of Vanta displaying only their assigned test and remediation details.

Create and manage custom controls with Control Management.
​
​

A Trust Report is the fastest way to demonstrate your commitment to security, speed up the security review process, and build trust with prospects.
​​

We’ve expanded scoping by identify provider (IdP) to support OneLogin and Office 365 users.

Vanta admins can now manually mark accounts associated with offboarded employees as deactivated.

Vanta now includes helpful templates for nearly all non-technical tests.

Vanta now supports AWS DocumentDB as a resource for NoSQL Databases.
​
​

Vanta’s API is now available in beta to all users. We launched the API to help customers leverage Vanta’s platform capabilities for custom security solutions.

Vanta now offers an integration with Snowflake’s cloud data platform to help users satisfy user access and inventory management requirements.

For users seeking advanced device management features, we've made it easy to transition from the Vanta agent to a supported MDM.

To streamline the evidence collection process, Vanta now provides custom evidence request, approval, and comment features.
​
​

Easily create Asana tasks within Vanta test pages to better manage your team’s work

AWS Lambda functions are now tracked as a resource within your Inventory page

Vanta now supports in-app editing of existing, new, and uploaded policies
​
​
​

Slack notifications are here! Get immediate alerts, as well as daily or weekly summaries, to the Slack channel(s) of your choice.
– Configure your team's Slack notifications.

Easily control who's in Vanta scope within Okta.

Datadog users now have over 30 new tests for enhanced server monitoring.
​
​
​

New Ignore Center to track & reopen ignored vulnerabilities

New option to create Jira Issues directly within test pages to better manage Vanta tasks.

Auditors and users can now generate custom evidence requests within test pages
​
​
​