Consolidated across all 5 into a single All Assignment Notification sent via both email and Slack with a standard copy and a single setting for turning them off/on.
Inventory Page Defaults
This feature assigns default owner and description values to all inventory items that are missing these values.
GCP Permission Configuration
We now allow users to configure GCP to only fetch the resources they want to enable APIs for
Intercom Account Access Integration
All customers can add the Intercom integration to continuously monitor account access details on the Access page. Access Reviews customers can also include Intercom in their regular access reviews, saving time pulling files & managing stakeholders, reducing license fees & improving the quality of the review.
Week of November 21, 2022
AWS GovCloud Multi-Account
We moved GovCloud to our existing linking flow and architecture, improving our setup time and experience. Customers using GovCloud can link multiple accounts now and expect the safer role assumption that we use on commercial AWS.
OFDSS & ISO 27001:2022
We’re excited to continue to expand the number of standards Vanta supports with the launch of two new/updated standards.
Customers who haven't connected an IDP see a new homepage Zero State where they can add an Admin directly in a modal
Week of November 7, 2022
Personio HRIS Integration
The new Personio integration means we can better support international customers by getting the most accurate employment dates. Accurate employee end dates improve the ability to meet their commitments and offboard employees on time.
Trust Report Compliance & Subprocessors Sections
Include the compliance standards you have achieved and their subprocessors in the Vanta Trust Report!
Connectors Integrations
In September, we announced Connectors - a program for technology partners to build data-sending integrations to Vanta. Over the past 2 months, we worked with them to build and prototype integrations with alpha customers. Today, any customer can install these integrations by visiting the “Partner-built integrations” section on the Integrations page.
Integrations Include
Kolide: MDM
Incident.io: Incident Management
BreachRX: Incident Management
Haekka: Security Training
Riot: Security Training
EasyLlama: Security Training
Termius: Secrets
Kitemaker: Task Tracker
October 2022
Week of October 31, 2022
Filtering out non-resolvable vulnerabilities for AWS and Snyk
Non-resolvable vulnerabilities detected through AWS and Snyk will be automatically filtered. These will no longer show up in Vanta.
Share feedback form added to the How to fix section
We now collect feedback directly from users, on what we can change or add to the test details page to make fixing the test easier for them.
Event Log
Vanta's Event Log shows a history of changes made within Vanta including administrative activities, data modification, and user logins.
Week of October 24, 2022
System Description Network Diagram Image Size Limits are now removed
We now resize and/or compress the image to avoid this limitation. The act of having to download, edit, and re-upload their System Description is an annoying pattern we'd like to avoid, and makes our System Description feel less magical/smart. Now, having to do that due to image size restrictions will (virtually) never happen anymore.
Universal test SLAs
Users set a period of time to commit to fixing the test by and if a test fails, users are given a suggested due date to remediate, with the test failures only shown to auditors if the date passes.
System Description Custom Inputs
The tag and dropdown inputs now accept custom inputs while still keeping the suggested values from before.
Custom Inventory Tags
Users can now use their own tagging taxonomy for bulk tagging in Vanta. By doing a one-time mapping of their custom tags to Vanta's tags in the Vanta UI, Vanta will be able to read the information directly from their own tags.
Time Sensitive Tasks sidebar on the home page
Users will see a vertical sidebar on the right portion of the home page. This makes it easy to see and action on priority (overdue/due soon) tasks when the home page is opened.
Week of October 17, 2022
Custom Policy Approval & Acceptance Tests
When customers create new custom policies, new tests will be automatically created to monitor the (annual) approval and employee acceptance statuses. These tests will be viewable from the Tests page under the Policies category and behave, like our existing Vanta Policy Tests. Additionally, customers now get all the notifications that come with normal Vanta Tests.
Users can now add end dates when deactivating a test/document. This will allow them to deactivate tests/documents until a specified date, after which, they will automatically be reactivated when the date passes.
Week of October 3, 2022
Connect AWS accounts via CloudFormation
Customers can now connect their AWS accounts automatically using CloudFormation as a part of the AWS cloud provider connection flow.
A CloudFormation script is available directly in the connection flow for customers to use (copy or download), to make the process as smooth as possible.
Inventory Page CSV export now includes more fields
An exported CSV file will contain all the data fields displayed in the inventory table for each inventory type.
New Auditor View
A new page has been built for auditors to view customer evidence. Tests, policies, and documents all live in a single place for auditors, scoped down to the standard under audit and the observation window.
Customers are now opted into PI and P TSCs for SOC 2 with Vanta’s default control set, and can be mapped to new controls or other existing controls to these sections.
Enhanced control Owner workflows
Customers can assign owners to controls for tracking purposes. Assigning owners will also enable ISO 27001 to meet that standard's requirements for process oversight.
Audit Report Download/Edit for Auditors
We've added the ability for auditors to both download and replace the existing audit report for a given audit engagement.
Bulk approval for policy updates
Customers will now be able to bulk approve policy updates
Trust Report Watermarked Documents
This feature adds watermarking for private PDFs (either on a private report or a private document in a public report). By adding a watermark, customers can feel more confident in sharing out documents in a Trust Report.
Monday.com integration support
The 1-way monday.com integration lets customers pull their security issues data automatically into Vanta in order to track that they are being assigned priorities and owners and being closed within the set SLA. Additionally, customers can now review user access to monday.com via Vanta on the Access page.
Week of September 19, 2022
Code Changes Bulk Export Button
Allow bulk export of the code changes page as a csv file. The button exports changes from the filtered repo and date range.
Tests Recieve SLAs
If a test tracks an SLA, Vanta will show yellow “due soon” state, with the upcoming deadline.
Tests will only be flagged to auditors once the SLA is exceeded
Week of September 12, 2022
Improved AWS connection flow UI
The improved AWS connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their AWS integration.
VMware Workspace One MDM(beta)
Vanta uses its API to automatically pull computers and information related to hard drive encryption, password management, antivirus, and screen lock
Improved GCP connection flow UI
The improved GCP connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their GCP integration via Cloud Shell.
Week of September 1, 2022
Auditor Preferred Evidence for All Customers
Vanta can now detect when customers sign with a seamless partner throughout the whole customer lifecycle
When we detect this from SFDC, the customer has the ability to opt into their auditor's preferred requirements, which include scoping out their irrelevant documents and adding any custom evidence they required.
Additionally, if the customer switched seamless partners, we'll remove the previous auditor's preferred evidence requirements.
August 2022
Smart System Description
The system description is a fundamental section of your SOC 2 report and outlines the scope of the system being audited, including all the internal controls in place.
Customize your controls with Control Management
Controls are the commitments your organization maintains to stay secure and demonstrate trustworthiness to others. When preparing for an audit, much of your work centers on gathering evidence to show that your organization is delivering on its control commitments. Vanta greatly reduces the effort surrounding audit preparation by automating evidence collection and providing a list of industry-adopted controls for your company to follow.
Control and Test ownership
Vanta makes it easy for teams to stay accountable with control and test ownership. Organizations can assign control owners, who are ultimately responsible for the health and implementation of control. Control owners or admins can then assign tests to test owners who are responsible for getting the underlying issue resolved. Both control and test owners are kept updated on the health of their assigned items with notifications along the way.
Managing policies in Vanta with Confluence
To get you through policy creation faster and one step closer to audit, we’re expanding the ways you can use Vanta to manage policies. We’ve heard that sometimes you’d prefer to use an external document management tool, such as Confluence, for policy creation and revision control. To match your team’s preferred workflow, you can now sync policies into Vanta directly from Confluence.
Visit the Integrations page to connect your Confluence account to Vanta.
July 2022
New features & enhancements:
CCPA compliance support - Vanta now supports CCPA compliance! - Businesses that collect, use, or sell the personal information of California consumers are subject to the CCPA. - Read our announcement blog post. - View our CCPA solution.
New Home page and navigation - You asked, we delivered. Introducing Vanta's new look. - These updates are designed to make Vanta more intuitive, actionable, and faster to navigate. Thank you for your feedback along the way. - Read the full story behind Vanta's new design.
Assign tests to anyone with Test Assignments - Assignments allow you to delegate specific tests to anyone in your company. - Assigned employees are notified and provided access to a limited version of Vanta displaying only their assigned test and remediation details. - Watch a short demo video of this new feature.
Custom controls with Control Management - Create and manage custom controls with Control Management. - Custom controls are displayed, monitored, and reported alongside Vanta's default list of controls. - You can now opt-out of Vanta controls that are non-pertinent to your organization. Visit the Compliance page to get started.
Vanta Trust Reports - A Trust Report is the fastest way to demonstrate your commitment to security, speed up the security review process, and build trust with prospects. - Trust Reports are free to existing customers for the next year! - Get started by visiting the Trust Reports page.
Scoping by IdP: OneLogin, Office, Okta, and Google - We’ve expanded scoping by identify provider (IdP) to support OneLogin and Office 365 users. - Use scoping by IdP to easily define which employees or user groups should be monitored by Vanta. - Scoping by IdP is also works with Okta and Google Workspace.
Manual deactivation of employee accounts - Vanta admins can now manually mark accounts associated with offboarded employees as deactivated. - This tool is handy to use when a former employee's email or other login is knowingly still active and in use by your team. - Manual deactivation can be reset easily in case of error.
Templates for non-technical evidence - Vanta now includes helpful templates for nearly all non-technical tests. - Manual evidence templates can be found linked within their test description on the Documents tab - We’ll continue to introduce new templates in the coming weeks!
AWS DocumentDB, GCP Artifact Registry support - Vanta now supports AWS DocumentDB as a resource for NoSQL Databases. - New tests from Vanta, AWS Cloud Watch, and Datadog check for encryption at rest, backups, CPU usage monitoring, and read/write capacity. - Visit the Inventory page to view your AWS DocumentDB instance - Vanta now supports GCP Artifact Registry for vulnerability scanning.
The Vanta API (beta) - Vanta’s API is now available in beta to all users. We launched the API to help customers leverage Vanta’s platform capabilities for custom security solutions. - Visit the Vanta developer site to learn more about the Vanta API. - Visit your API Tokens page to create and manage API tokens.
Snowflake integration - Vanta now offers an integration with Snowflake’s cloud data platform to help users satisfy user access and inventory management requirements. - New tests check Snowflake for MFA and user access review. - Snowflake databases are now tracked within the Inventory page. - Visit your Connections page to add Snowflake to Vanta.
Enhanced MDM migration support - For users seeking advanced device management features, we've made it easy to transition from the Vanta agent to a supported MDM. - Devices can be set to be monitored by Vanta or a third party MDM. - The Vanta agent can be set to continue monitoring unmigrated devices. - Visit your Connections page to add a supported MDM.
New custom evidence features - To streamline the evidence collection process, Vanta now provides custom evidence request, approval, and comment features. - Auditors can request and manage custom evidence directly within Vanta tests. - Users can review custom evidence requests on the Documents as well as within daily summary emails. - Visit your Documents page to view the new Custom evidence section.
Asana task creation - Easily create Asana tasks within Vanta test pages to better manage your team’s work - Vanta now supports Asana, Jira, and Shortcut for task tracking - Try creating a task within a Vanta test page
AWS Lambda severless monitoring - AWS Lambda functions are now tracked as a resource within your Inventory page - Lambda functions can now be monitored for error rate alerts via our integration with AWS CloudWatch and Datadog - View and manage your Lambda functions on the Connections page within your AWS settings
Native policy editor - Vanta now supports in-app editing of existing, new, and uploaded policies - View the new policy editor on the Policies page by editing or creating a policy
Slack notifications – Slack notifications are here! Get immediate alerts, as well as daily or weekly summaries, to the Slack channel(s) of your choice. – Configure your team's Slack notifications.
Datadog expanded integration - Datadog users now have over 30 new tests for enhanced server monitoring. - New tests include: Load balancer health and latency, CPU utilization, VM utilization, Free storage space, Free memory, Read and write capacity, and more. - Learn about connecting Vanta to Datadog.
Improved Vulnerability Management - New Ignore Center to track & reopen ignored vulnerabilities - Reworked SLA Page to explain SLA violations or remediation reasons - New export button to bulk download vulnerability data as a CSV file - New summarized vulnerability statistics displayed on server and container pages - Vulnerabilities are automatically marked as passing once they are resolved within SLA
External Task Creation: Jira Issues - New option to create Jira Issues directly within test pages to better manage Vanta tasks.
Custom Evidence Requests and Control Mapping - Auditors and users can now generate custom evidence requests within test pages - New email notification to alert users of custom evidence requests - Custom evidence type supported & displayed throughout Vanta
Updated People Page - New filter to view people based on task status, employment, groups, or audit window - New edit details button to make it easier to edit employee information - New option to bulk assign people to a selected group - New Groups Page in company settings to easily manage and create groups
Task Management with Shortcut Stories – Shortcut users can now create tickets (stories) directly within Vanta to better manage compliance tasks. Upon connecting your Shortcut account to Vanta, a new "Create Shortcut Story" button will appear within each test page.
New Email Notification & Subscription Settings – Users may now elect to receive immediate email alerts, digest emails, or both. Immediate emails cover high priority security alerts, whereas summary emails contain both critical and non-urgent notices. Users may also choose to receive notifications concerning specific categories, such as tests pertaining to employees, engineering, policies, or risk.
Group Email Support – Group mailing lists and non-Vanta user can now receive immediate or summary email notifications for enhanced awareness of detected changes that may impact your organization's security and compliance.
Recurring Security Awareness Training – Vanta now supports recurring employee training. Employees can automatically be reminded to complete their annual training, and all past and new completion dates are stored in Vanta.
Automatic Email Reminders for Employees – Set Vanta to remind employees of assigned tasks including: security trainings, Vanta Agent installations, background check completions, and policy acceptances.
The New Vanta Help Center – We’ve revamped the Vanta Help Center to make it even easier to get the most out of Vanta.
New integrations
KnowBe4 (GA) integration for custom SAT and completion tracking
JumpCloud (beta) integration for MDM resource management
General enhancements
Screen-lock status is now viewable within the Computers page, Employee drawer, and via CSV export
PCI DSS and GDPR standards are now visible within the Vanta Standards page
Security awareness training for PCI DSS now available
Vanta Agent support for Windows 11
When both the Vanta Agent and a 3rd party MDM are installed, only the MDM data is displayed within Vanta
Employee Groups can now be applied to Policies for improved policy management and tracking
October 2021
New tools
The AWS Inspector integration for vulnerability scanning is now available for all users. With this launch, we intend to deprecate the Vanta Vulnerability Server Agent on December 1, 2021. For more information on this transition, please read our support articles here and here.
The Documents tab now supports recurring evidence for uploaded documents.
New tests
Check that log sink destinations in GCP are tracked by Vanta is now its own test.
Check that only authorized users can access tracked log sinks in GCP is now its own test.
Information on when a test has been deactivated and who deactivated it is now included in the test’s history chart as well as within compliance reports.
August 2021
New tools
HIPAA Security Awareness Training for PHI is now available at no additional cost to HIPAA customers. Vanta admins can enable HIPAA SAT in the Onboarding Settings. Vanta now automatically tracks and records the completion of HIPAA SAT by employees, in additional to general SAT.
New tests
The following Tests have been rolled out to further automate your security and compliance:
Check that HIPAA security awareness training is enabled
Document HIPAA security awareness training completion
Check that MFA is enabled for Microsoft 365 IDP
Check that AWS S3 buckets are closed to public ports
Check that NoSQL databases are encrypted
Check that NoSQL databases have backups
New integrations
The following Integration has been introduced to validate that your organization is using a task tracking system for software development:
ClickUp
General enhancements
Raw data exports now include SLA requirements for security, vulnerability, and onboarding tests
Drag and drop now available when uploading policy documents
Vanta Standard reports can now be searched by keyword or status for improved usability
July 2021
New tools
The Tasks Page is now the Tests Dashboard. We’ve revamped this highly used page to make it even more informative and actionable. Learn more.
The following Tests have been rolled out to further automate security and compliance:
Check for MFA enabled for Bitbucket, Clubhouse, Github, Heroku, and Slack
Check for screen lock enabled for Windows Agent and Intune
Check that AWS EC2 Instances, GCP Compute Instances, and DigitalOcean Droplets are closed to public ports
New integrations
The following Integrations have been rolled out to make onboarding and offboarding employees easier:
ADP Workforce Now
Paychex Flex
Plus, a historical record of onboarding checklists for offboarded employees is now accessible within Vanta.
General enhancements
The Documents Tab now supports restricted evidence so that only admins and auditors may upload or download these sensitive documents. This restriction is automatically placed on uploaded background checks, employee exit interviews, org charts, and board notes.
Launched 40 new tests to automate additional security and compliance workflows
Improved employee off-boarding tests to ensure accounts are properly de-provisioned
Added tests to ensure MFA is enabled for services monitored by Vanta
Added tests to ensure that a code review is required before committing to the main branch
Enhanced test functionality and instructions for over 100 tests
May 2021
New integrations
HRIS integrations with BambooHR, Gusto, Justworks, Paylocity, Quickbooks Payroll, Rippling, Run Powered by ADP, Square Payroll, Trinet, Zenefits. Connect your HRIS integration to power Vanta's onboarding, offboarding. Learn more from our blog.
General enhancements
Improved account linking logic to automatically connect more user accounts on the Access page
Added new tests to automate more evidence collection
Added CSV exports to the Computers and People pages
Policy templates are available as Google docs
Updated UI/UX for the Computers and Policy pages
Vanta Agent 1.8.5
Released universal binaries on MacOS, adding official support for new M1 macs with Apple Silicon
New offboarding checklist to help manage offboarding workflows directly from the Personnel page!
New access management reports for each connected service now available on Access page!
New audit scheduling tools available on Audit Schedule homepage to streamline audit planning
New auditor user access management tools now available on Users page
May 2020
Okta SSO provider support now available on the Connections page
New Vanta agent v1.5.0 released. Includes updates and new commands in vanta cli toolbox, latest updates to osquery, bug and security fixes
New feature to refresh data on demand on the Tasks page
New tools to manage (deleted, disconnect) services as needed on the Connections page
April 2020
O365 SSO provider support now available on the Connections page
Linear task tracker support now available on the Connections page
Clubhouse task tracker support now available on the Connections page
Launched new Procedures section for management of control behavior in accordance with company policies
Added malware email alerts for all machines running Vanta agent
New Vanta agent v1.4.1 released including osquery updates and security upgrades
Added support for policy deletion on Policies page
March 2020
Features and improvements
O365 beta enrollment is now open! Please reach out to our audit-ops team (audit@vanta.com) to learn more about what this integration can support and sign up for the program.
Checkr background checks integration is now live on the Connections page!
Certn background checks integration is now live on the Connections page!
Added ability for admins to link background checks to personnel on the Personnel table.
Fixed an issue where suggested vulnerability remediation commands were not appearing on the vulnerability page for some customers
Fixed an issue where access users could not assign computers to owners on the Inventory page
Migrated privacy policy and terms of service to new web design
Fixed an issue with email notifications being sent too frequently in a short space of time
Fixed an issue with duplication of apps in list of installed apps on mac resources
Various copy fixes and updates
January 2020
Features and improvements
Bitbucket is now available for all customers on the Connections page! 🎉 We encourage all customers using this service as their version control tool to connect their accounts to initiate monitoring for deployment best practices and change management evidence collection for audit.
Updated the binary for all macOS users to our latest version (v0.2.0)! This app version includes:
A new debugging tool called vanta-cli doctor.
A new version of osqueryd.
More robust toolbar app that shows a red notification when the agent is not registered.
Various bugfixes.
Updated design on the Vanta Reports page to simplify navigation.
Updated design of pen test report upload flow and added a new history view table
Added ability to reassign the Vanta agent between laptops on the Inventory list.
Added ability to rotate Vanta agent key from Inventory install page.
Deprecated the laptop admins feature (as of 12pm, Jan 8th):
