Product Updates

  • Updated

Vanta Release Notes




Week of March 20,  2023


Custom Notes for Controls

  • Users can add custom notes to controls to allow for better collaboration and understanding among teams.

System Reviewer Role for Access Reviews

  • Any Vanta user can be assigned as a System Reviewer. System Reviewers with employee-level access only view the access reviews data they need to perform a review, specifically the systems that they have been assigned to review.


Week of March 13,  2023


SOC2 Starter Guide

  • Vanta has implemented a SOC2 starter guide for new customers. This guide will walk new users through the implementation of Vanta and assist with the many components of prepping for a SOC2 attestation.

Support for Multiple Distinct Identity Providers

  • Customers can integrate multiple distinct identity providers! Admins can manage user security workflows from multiple IdPs, including employee onboarding, offboarding & ongoing tasks, employee group management, monitors, access, and access reviews. 


Week of March 6,  2023


Remediation Task Tracking for Access Reviews

  • Now System Reviewers can seamlessly create task-tracking tickets for any accounts that require changes and monitor the status of those tickets and associated changes in Vanta.

Risk CIA

  • The CIA framework is now natively implemented in Vanta's Risk management - users can choose CIA categories for their risks and filter by those categories.

Bulk update policies via the policy editor

  •  Users can bulk-update content across all policies by specifying the text they want to replace and the new text they want to be added

Manually add company logos in the policy editor

  •  Users can now manually add their company logo to the beginning of a policy


Week of February 27, 2023


Archive vendors on the Vendors page

  • Users can now archive vendors on the Vendors page. Archived vendors live in a separate tab, where Vanta will retain all information about the vendor if it needs to be revisited later.

Account Access Data APIs for Access Reviews 

  • Access Reviews customers can leverage our Account Access Data APIs to upload account access data for non-integrated systems. 

Week of February 13, 2023


Global Checklist Settings

  • Global Checklist settings allow an admin to easily disable a security requirement (such as background checks or security training) across all checklists and employees. These global settings will be tied to product tests so that when admins disable a test for a given employee security task, the task will also be disabled on the People and Checklist pages.

Risk Auditor View and Private Risk Snapshots

  • We've restricted the view for auditors to only snapshots, except for domains with an ongoing audit that would have been interrupted by this change. We've also added the ability for customers to create private/internal risk snapshots to track their own progress. 

Updated region selector in AWS

  • Use TagInput from Alpaca to provide a more effortless experience.

Week of February 6, 2023


Custom notes for tests

  • Vanta has added the ability to add custom notes to tests which is visible to everyone who has access to the test detail page.

Reading employee security task due dates from test SLAs

  • The due date for each employee task is now the same as the due date for the corresponding product test (This will bring employee tasks further in sync with the monitor's page. 

Cloudflare security config tests

  • Some of the key Cloudflare security components and settings are fetched now, and four new product tests have been added to validate them:
    • cloudflare-firewalls-used
    • cloudflare-ip-access-rules-enabled
    • cloudflare-zone-rules-enabled
    • cloudflare-notifications-enabled


Week of January 30, 2023


New tests for the GitHub integration

  • We have introduced 3 new tests for GitHub that will roll out on February 25:
    • The author is not the reviewer of pull requests
    • Repository visibility has been set to private
    • Pending organization invitations are not older than 1 year

Filter by scoping in scoping modal

  • Vanta now has the option to use additional filter on the scoping modal to allow users to filter resources by "in-scope" or "out-of-scope'

Allowing all SLAs to be saved in business days

  • Vanta has added the functionality of SLAs in business days to all SLAs, which creates a more standardized experience. Business days were added specifically to four categories of SLAs: account revocation, onboarding, vulnerabilities, and security issues.


Auditor View for the People Page


Week of January 23, 2023


Auditor View for the People Page

  • When auditors are conducting an active audit, they only have access to People that are relevant to the audit scope. Additionally, auditors no longer have access to the People page until the audit observation period starts. This ensures that users are not exposing unnecessary People data to their auditors, and there is less friction for auditors conducting sampling on People. task creation integration

  • The feature allows customers to create items directly within test pages to better manage Vanta tasks.

Access Control for Risk

  • Vanta now allows onboarding users to be assigned risk scenarios and risk tasks. Onboarding users can access the Risk register and Action tracker once they've been assigned a risk.



Week of January 13, 2023


Swifteam Integration

  • Vanta now connects with Swifteam for MDM integration. This currently supports macOS, with other operating systems to be added in the future

AccessOwl Integration

  • Vanta now connects with AccessOwl to build a document upload integration. If a customer uses AccessOwl for access reviews, the integration will automatically pull in the evidence,

System Reviewer Updates

  • Review Status Metrics
    System reviewers can quickly view a snapshot of the status of the vendor accounts they are reviewing.
  • Account Flagging
    Vanta flags accounts for systems reviewers that are risky based on employee status and changes.
  • Bulk Assign Owners
    System reviewers can assign owners in bulk.

User Access File Uploader

  • Process Owners can leverage one of our AR file templates and import files in the AR dashboard. This cuts down on time to prepare and perform access reviews.

Sync risk management tasks with external task trackers

  • Vanta can now sync risk tasks to any of Asana, Jira, Linear, or Shortcut


Week of January 9, 2023


Critical vulnerabilities separated from high vulnerabilities

  • Vanta has included new SLA settings and tests for critical vulnerabilities. 


Week of January 1, 2023


Integrations Page Redesign

  • A new and efficient navigation setup for the Vanta Integrations page is now available. 

GCP Organization Support 

  • Vanta now allows customers to connect GCP projects to Vanta by linking their GCP organization is now available. Customers can easily specify which projects within the organization are in scope and out of scope and view which projects have been successfully fetched versus those that have failed, including the reason for the failure. Vanta now automatically detects and fetches new projects as they are created.


Week of December 19, 2022


Policies that have disabled approval tests no longer appear on the Policies page

  • Disabled tests will no longer appear on the policies page.

New Checklist UI & Reusable Custom Tasks

  • The Checklist UI guides new users through the four key steps to complete their employee tasks setup.

Test issue history

  • Every test now has a "View remediation history" button. Clicking it opens a dialog that lets you see the entire history of test issues.

New integrations - FleetDM and SOOS

  • Vanta now integrates with FleetDM and SOOS

Sync to Jira enabled for Risk Management tasks

  • Risk management now supports syncing risk tasks to Jira

Rippling Background Checks (Open Beta)

  • Customers can pull their Rippling background check data into Vanta (along with HR and MDM data or standalone). 


Week of December 12, 2022


Documents on the Tests Page

  • Tests and documents now both show in a single table on the Monitors page. The new page is essentially the Tests page with documents added to the table. Users can filter between Tests, Documents, or both.

Security Task tests show deadlines

  • Security task tests have been migrated to the SLA UI and now show deadlines for Security tasks ahead of due date

Snoozing test entities

  • Allow admins to snooze individual test entities

 Create task tracker tickets for Documents

  • Vanta now allows you to create tasks in your favorite task trackers, Jira, Asana, Linear, or Shortcut.

AWS linking via Terraform

  • Customers who use Terraform can now link their AWS account by adding a Vanta-generated script that automates roles and policies set up. AWS linking will be much faster than the previous manual console flow! 

Week of December 5, 2022


Multi-IdP Group Membership

  • With Multi-IdP Group Membership, Vanta Admins can assign employees to their IdP group of choice. Admins can do this as part of the Group Creation flow or as part of Employee Management.
  • Google 
  • Dynamic IdP Groups for Okta

Risk Management Migration 

  • Vanta Users on old versions of the risk assessment feature are now able to update themselves to the new risk management module from their respective risk assessment versions.

GCP Queues in Inventory

  • We started fetching GCP Queues and added them to the Inventory page

Integrations page feedback form

  • Vanta users can now provide feedback from the Integrations pages within Vanta 

My Tests & Docs view for non-admins

  • When non-admins or non-editor assignees login to Vanta, they can see the Monitors tab just with the tests and docs they own.

Vulnerabilities tests show deadlines ahead of time

  • We have migrated vulnerability tests to the new SLA UI, so they now show the deadline on the Monitors page ahead of time.
Inventory items group ownership
  • Users can enter any value as an inventory owner, in addition to Vanta users, via the inventory page UI.

Support for longer resource fetches and faster "refresh test" turnaround

  • For long-running fetches, we now support fetches that take up to 12 hours! We can opt in any (domainId, kind) to use a new queue with a longer timeout.



November 2022


Week of November 28, 2022

Standardizing Assignment Notifications

  • Consolidated across all 5 into a single All Assignment Notification sent via both email and Slack with a standard copy and a single setting for turning them off/on.

Inventory Page Defaults

  • This feature assigns default owner and description values to all inventory items that are missing these values.

GCP Permission Configuration

  • We now allow users to configure GCP to only fetch the resources they want to enable APIs for

Intercom Account Access Integration

  • All customers can add the Intercom integration to continuously monitor account access details on the Access page. Access Reviews customers can also include Intercom in their regular access reviews, saving time pulling files & managing stakeholders, reducing license fees & improving the quality of the review.


Week of November 21, 2022

AWS GovCloud Multi-Account

  • We moved GovCloud to our existing linking flow and architecture, improving our setup time and experience. Customers using GovCloud can link multiple accounts now and expect the safer role assumption that we use on commercial AWS.

OFDSS & ISO 27001:2022 

Snoozing Standards

Week of November 14, 2022

New Invite Admins Flow

  • Customers who haven't connected an IDP see a new homepage Zero State where they can add an Admin directly in a modal


Week of November 7, 2022

Personio HRIS Integration

  • The new Personio integration means we can better support international customers by getting the most accurate employment dates. Accurate employee end dates improve the ability to meet their commitments and offboard employees on time.

Trust Report Compliance & Subprocessors Sections

  • Include the compliance standards you have achieved and their subprocessors in the Vanta Trust Report!

Connectors Integrations

  • In September, we announced Connectors - a program for technology partners to build data-sending integrations to Vanta. Over the past 2 months, we worked with them to build and prototype integrations with alpha customers. Today, any customer can install these integrations by visiting the “Partner-built integrations” section on the Integrations page.
  • Integrations Include
    • Kolide: MDM
    • Incident Management
    • BreachRX: Incident Management
    • Haekka: Security Training
    • Riot: Security Training
    • EasyLlama: Security Training
    • Termius: Secrets
    • Kitemaker: Task Tracker


October 2022

Week of October 31, 2022

  • Filtering out non-resolvable vulnerabilities for AWS and Snyk
    • Non-resolvable vulnerabilities detected through AWS and Snyk will be automatically filtered. These will no longer show up in Vanta.
  • Share feedback form added to the How to fix section
    • We now collect feedback directly from users, on what we can change or add to the test details page to make fixing the test easier for them.

  • Event Log
    • Vanta's Event Log shows a history of changes made within Vanta including administrative activities, data modification, and user logins. 


Week of October 24, 2022

  • System Description Network Diagram Image Size Limits are now removed
    • We now resize and/or compress the image to avoid this limitation. The act of having to download, edit, and re-upload their System Description is an annoying pattern we'd like to avoid, and makes our System Description feel less magical/smart. Now, having to do that due to image size restrictions will (virtually) never happen anymore.
  • Universal test SLAs
    • Users set a period of time to commit to fixing the test by and if a test fails, users are given a suggested due date to remediate, with the test failures only shown to auditors if the date passes.
  • System Description Custom Inputs
    • The tag and dropdown inputs now accept custom inputs while still keeping the suggested values from before. 
  • Custom Inventory Tags
    • Users can now use their own tagging taxonomy for bulk tagging in Vanta. By doing a one-time mapping of their custom tags to Vanta's tags in the Vanta UI, Vanta will be able to read the information directly from their own tags.
  • Time Sensitive Tasks sidebar on the home page
    • Users will see a vertical sidebar on the right portion of the home page. This makes it easy to see and action on priority (overdue/due soon) tasks when the home page is opened.


Week of October 17, 2022

  • Custom Policy Approval & Acceptance Tests

    When customers create new custom policies, new tests will be automatically created to monitor the (annual) approval and employee acceptance statuses. These tests will be viewable from the Tests page under the Policies category and behave, like our existing Vanta Policy Tests. Additionally, customers now get all the notifications that come with normal Vanta Tests.


Week of October 10, 2022

  • Temporarily deactivate tests or documents
    • Users can now add end dates when deactivating a test/document. This will allow them to deactivate tests/documents until a specified date, after which, they will automatically be reactivated when the date passes.

Week of October 3, 2022

  • Connect AWS accounts via CloudFormation
    • Customers can now connect their AWS accounts automatically using CloudFormation as a part of the AWS cloud provider connection flow.
    • A CloudFormation script is available directly in the connection flow for customers to use (copy or download), to make the process as smooth as possible.
  • Inventory Page CSV export now includes more fields
    • An exported CSV file will contain all the data fields displayed in the inventory table for each inventory type.
  • New Auditor View
    • A new page has been built for auditors to view customer evidence. Tests, policies, and documents all live in a single place for auditors, scoped down to the standard under audit and the observation window. 


September 2022

Week of September 27, 2022


  • Processing Integrity and Privacy Controls
    • Customers are now opted into PI and P TSCs for SOC 2 with Vanta’s default control set, and can be mapped to new controls or other existing controls to these sections.


  • Enhanced control Owner workflows
    • Customers can assign owners to controls for tracking purposes. Assigning owners will also enable ISO 27001 to meet that standard's requirements for process oversight.


  • Audit Report Download/Edit for Auditors
    • We've added the ability for auditors to both download and replace the existing audit report for a given audit engagement.


  • Bulk approval for policy updates
    • Customers will now be able to bulk approve policy updates


  • Trust Report Watermarked Documents
    • This feature adds watermarking for private PDFs (either on a private report or a private document in a public report). By adding a watermark, customers can feel more confident in sharing out documents in a Trust Report.


  • integration support
    • The 1-way integration lets customers pull their security issues data automatically into Vanta in order to track that they are being assigned priorities and owners and being closed within the set SLA. Additionally, customers can now review user access to via Vanta on the Access page.


Week of September 19, 2022
  • Code Changes Bulk Export Button
    • Allow bulk export of the code changes page as a csv file. The button exports changes from the filtered repo and date range.
  • Tests Recieve SLAs
    • If a test tracks an SLA, Vanta will show yellow “due soon” state, with the upcoming deadline. 
    • Tests will only be flagged to auditors  once the SLA is exceeded


Week of September 12, 2022

  • Improved AWS connection flow UI
    • The improved AWS connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their AWS integration.


  • VMware Workspace One MDM(beta)
    • Vanta uses its API to automatically pull computers and information related to hard drive encryption, password management, antivirus, and screen lock


  • Improved GCP connection flow UI
    • The improved GCP connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their GCP integration via Cloud Shell.


 Week of September 1, 2022

  • Auditor Preferred Evidence for All Customers
    • Vanta can now detect when customers sign with a seamless partner throughout the whole customer lifecycle
    • When we detect this from SFDC, the customer has the ability to opt into their auditor's preferred requirements, which include scoping out their irrelevant documents and adding any custom evidence they required.
    • Additionally, if the customer switched seamless partners, we'll remove the previous auditor's preferred evidence requirements.


August 2022‍


Smart System Description

  • The system description is a fundamental section of your SOC 2 report and outlines the scope of the system being audited, including all the internal controls in place.


Customize your controls with Control Management

  • Controls are the commitments your organization maintains to stay secure and demonstrate trustworthiness to others. When preparing for an audit, much of your work centers on gathering evidence to show that your organization is delivering on its control commitments. Vanta greatly reduces the effort surrounding audit preparation by automating evidence collection and providing a list of industry-adopted controls for your company to follow.

Control and Test ownership

  • Vanta makes it easy for teams to stay accountable with control and test ownership. Organizations can assign control owners, who are ultimately responsible for the health and implementation of control. Control owners or admins can then assign tests to test owners who are responsible for getting the underlying issue resolved. Both control and test owners are kept updated on the health of their assigned items with notifications along the way.

Managing policies in Vanta with Confluence


  • To get you through policy creation faster and one step closer to audit, we’re expanding the ways you can use Vanta to manage policies. We’ve heard that sometimes you’d prefer to use an external document management tool, such as Confluence, for policy creation and revision control. To match your team’s preferred workflow, you can now sync policies into Vanta directly from Confluence.
  • Visit the Integrations page to connect your Confluence account to Vanta.


July 2022‍

New features & enhancements:

  • CCPA compliance support
    - Vanta now supports CCPA compliance!
    - Businesses that collect, use, or sell the personal information of California consumers are subject to the CCPA.
    - Read our announcement blog post.
    - View our CCPA solution

  • New Home page and navigation
    - You asked, we delivered. Introducing Vanta's new look.
    - These updates are designed to make Vanta more intuitive, actionable, and faster to navigate. Thank you for your feedback along the way.
    - Read the full story behind Vanta's new design.
  • Assign tests to anyone with Test Assignments
    - Assignments allow you to delegate specific tests to anyone in your company.
    - Assigned employees are notified and provided access to a limited version of Vanta displaying only their assigned test and remediation details.
    - Watch a short demo video of this new feature.

  • Custom controls with Control Management
    - Create and manage custom controls with Control Management.
    - Custom controls are displayed, monitored, and reported alongside Vanta's default list of controls.
    - You can now opt-out of Vanta controls that are non-pertinent to your organization. Visit the Compliance page to get started.

Learn more in July's product updates blog post.


June 2022

New features & enhancements:

  • Vanta Trust Reports
    - A Trust Report is the fastest way to demonstrate your commitment to security, speed up the security review process, and build trust with prospects.
    - Trust Reports are free to existing customers for the next year!
    - Get started by visiting the Trust Reports page.

  • Scoping by IdP: OneLogin, Office, Okta, and Google
    - We’ve expanded scoping by identify provider (IdP) to support OneLogin and Office 365 users.
    - Use scoping by IdP to easily define which employees or user groups should be monitored by Vanta.
    - Scoping by IdP is also works with Okta and Google Workspace.

  • Manual deactivation of employee accounts
    - Vanta admins can now manually mark accounts associated with offboarded employees as deactivated.
    - This tool is handy to use when a former employee's email or other login is knowingly still active and in use by your team.
    - Manual deactivation can be reset easily in case of error.

  • Templates for non-technical evidence
    - Vanta now includes helpful templates for nearly all non-technical tests.
    - Manual evidence templates can be found linked within their test description on the Documents tab
    - We’ll continue to introduce new templates in the coming weeks!

  • AWS DocumentDB, GCP Artifact Registry support
    - Vanta now supports AWS DocumentDB as a resource for NoSQL Databases.
    - New tests from Vanta, AWS Cloud Watch, and Datadog check for encryption at rest, backups, CPU usage monitoring, and read/write capacity.
    - Visit the Inventory page to view your AWS DocumentDB instance
    - Vanta now supports GCP Artifact Registry for vulnerability scanning.

    Read What's New In Vanta 6.15.22 to learn more.

May 2022

New features & enhancements:

  • The Vanta API (beta)
    - Vanta’s API is now available in beta to all users. We launched the API to help customers leverage Vanta’s platform capabilities for custom security solutions.
    - Visit the Vanta developer site to learn more about the Vanta API.
    - Visit your API Tokens page to create and manage API tokens.

  • Snowflake integration
    - Vanta now offers an integration with Snowflake’s cloud data platform to help users satisfy user access and inventory management requirements.
    - New tests check Snowflake for MFA and user access review.
    - Snowflake databases are now tracked within the Inventory page.
    - Visit your Connections page to add Snowflake to Vanta.

  • Enhanced MDM migration support
    - For users seeking advanced device management features, we've made it easy to transition from the Vanta agent to a supported MDM.
    - Devices can be set to be monitored by Vanta or a third party MDM.
    - The Vanta agent can be set to continue monitoring unmigrated devices.
    - Visit your Connections page to add a supported MDM.

  • New custom evidence features
    - To streamline the evidence collection process, Vanta now provides custom evidence request, approval, and comment features.
    - Auditors can request and manage custom evidence directly within Vanta tests.
    - Users can review custom evidence requests on the Documents as well as within daily summary emails.
    - Visit your Documents page to view the new Custom evidence section.

    Read What's New In Vanta 5.3.22 to learn more.

April 2022

New features & enhancements:

  • Asana task creation
    - Easily create Asana tasks within Vanta test pages to better manage your team’s work
    - Vanta now supports Asana, Jira, and Shortcut for task tracking
    - Try creating a task within a Vanta test page

  • AWS Lambda severless monitoring
    - AWS Lambda functions are now tracked as a resource within your Inventory page
    - Lambda functions can now be monitored for error rate alerts via our integration with AWS CloudWatch and Datadog
    - View and manage your Lambda functions on the Connections page within your AWS settings
  • Native policy editor
    - Vanta now supports in-app editing of existing, new, and uploaded policies
    - View the new policy editor on the Policies page by editing or creating a policy

    Read What's New In Vanta 4.4.22 to learn more.

February 2022

New features & enhancements:


January 2022

New features & enhancements:

  • Improved Vulnerability Management
    - New Ignore Center to track & reopen ignored vulnerabilities
    - Reworked SLA Page to explain SLA violations or remediation reasons
    - New export button to bulk download vulnerability data as a CSV file
    - New summarized vulnerability statistics displayed on server and container pages
    - Vulnerabilities are automatically marked as passing once they are resolved within SLA
  • External Task Creation: Jira Issues
    - New option to create Jira Issues directly within test pages to better manage Vanta tasks.
  • Custom Evidence Requests and Control Mapping
    - Auditors and users can now generate custom evidence requests within test pages
    - New email notification to alert users of custom evidence requests
    - Custom evidence type supported & displayed throughout Vanta
  • Updated People Page
    - New filter to view people based on task status, employment, groups, or audit window
    - New edit details button to make it easier to edit employee information
    - New option to bulk assign people to a selected group
    - New Groups Page in company settings to easily manage and create groups

    Read What's New In Vanta 2.1.22 to learn more.

December 2021

New features

  • Task Management with Shortcut Stories – Shortcut users can now create tickets (stories) directly within Vanta to better manage compliance tasks. Upon connecting your Shortcut account to Vanta, a new "Create Shortcut Story" button will appear within each test page.

  • New Email Notification & Subscription Settings – Users may now elect to receive immediate email alerts, digest emails, or both. Immediate emails cover high priority security alerts, whereas summary emails contain both critical and non-urgent notices. Users may also choose to receive notifications concerning specific categories, such as tests pertaining to employees, engineering, policies, or risk.

  • Group Email Support – Group mailing lists and non-Vanta user can now receive immediate or summary email notifications for enhanced awareness of detected changes that may impact your organization's security and compliance.

New integrations

General enhancements

  • Closed captions (CC) to increase the accessibility of security awareness training videos for PCI, GDPR, and Vanta's general employee SAT module.


November 2021

New products

  • Vanta now supports PCI DSS compliance.

  • Vanta now supports GDPR compliance.

New features

  • Recurring Security Awareness Training – Vanta now supports recurring employee training. Employees can automatically be reminded to complete their annual training, and all past and new completion dates are stored in Vanta.
  • Automatic Email Reminders for Employees – Set Vanta to remind employees of assigned tasks including: security trainings, Vanta Agent installations, background check completions, and policy acceptances.
  • The New Vanta Help Center – We’ve revamped the Vanta Help Center to make it even easier to get the most out of Vanta.

New integrations

  • KnowBe4 (GA) integration for custom SAT and completion tracking
  • JumpCloud (beta) integration for MDM resource management

General enhancements

  • Screen-lock status is now viewable within the Computers page, Employee drawer, and via CSV export
  • PCI DSS and GDPR standards are now visible within the Vanta Standards page
  • Security awareness training for PCI DSS now available
  • Vanta Agent support for Windows 11
  • When both the Vanta Agent and a 3rd party MDM are installed, only the MDM data is displayed within Vanta
  • Employee Groups can now be applied to Policies for improved policy management and tracking


October 2021

New tools

  • The AWS Inspector integration for vulnerability scanning is now available for all users. With this launch, we intend to deprecate the Vanta Vulnerability Server Agent on December 1, 2021. For more information on this transition, please read our support articles here and here.
  • The Documents tab now supports recurring evidence for uploaded documents.

New tests

  • Check that log sink destinations in GCP are tracked by Vanta is now its own test.
  • Check that only authorized users can access tracked log sinks in GCP is now its own test.

New integrations

  • AWS Inspector
  • Microsoft Intune for MDM
  • Namely for HR
  • Insperity for HR

General enhancements

  • HIPAA SAT is now available for all HIPAA users
  • Final audit reports can be viewed and exported from the Security Reports page
  • Policy templates can now be exported en mass as a single file
  • Information on when a test has been deactivated and who deactivated it is now included in the test’s history chart as well as within compliance reports.

August 2021

New tools

  • HIPAA Security Awareness Training for PHI is now available at no additional cost to HIPAA customers. Vanta admins can enable HIPAA SAT in the Onboarding Settings. Vanta now automatically tracks and records the completion of HIPAA SAT by employees, in additional to general SAT.

New tests

The following Tests have been rolled out to further automate your security and compliance:

  • Check that HIPAA security awareness training is enabled
  • Document HIPAA security awareness training completion
  • Check that MFA is enabled for Microsoft 365 IDP
  • Check that AWS S3 buckets are closed to public ports
  • Check that NoSQL databases are encrypted
  • Check that NoSQL databases have backups

New integrations

The following Integration has been introduced to validate that your organization is using a task tracking system for software development:

  • ClickUp

General enhancements

  • Raw data exports now include SLA requirements for security, vulnerability, and onboarding tests
  • Drag and drop now available when uploading policy documents
  • Vanta Standard reports can now be searched by keyword or status for improved usability


July 2021

New tools

New tests

The following Tests have been rolled out to further automate security and compliance:

  • Check for MFA enabled for Bitbucket, Clubhouse, Github, Heroku, and Slack
  • Check for screen lock enabled for Windows Agent and Intune
  • Check that AWS EC2 Instances, GCP Compute Instances, and DigitalOcean Droplets are closed to public ports

New integrations

The following Integrations have been rolled out to make onboarding and offboarding employees easier:

  • ADP Workforce Now
  • Paychex Flex

Plus, a historical record of onboarding checklists for offboarded employees is now accessible within Vanta.

General enhancements

  • The Documents Tab now supports restricted evidence so that only admins and auditors may upload or download these sensitive documents. This restriction is automatically placed on uploaded background checks, employee exit interviews, org charts, and board notes.


June 2021

New tools

New standards

  • ISO 27001 - now available to all customers
  • HIPAA - now available to all customers

New integrations

General enhancements

  • Launched 40 new tests to automate additional security and compliance workflows
    • Improved employee off-boarding tests to ensure accounts are properly de-provisioned
    • Added tests to ensure MFA is enabled for services monitored by Vanta
    • Added tests to ensure that a code review is required before committing to the main branch
  • Enhanced test functionality and instructions for over 100 tests 

May 2021

New integrations

  • HRIS integrations with BambooHR, Gusto, Justworks, Paylocity, Quickbooks Payroll, Rippling, Run Powered by ADP, Square Payroll, Trinet, Zenefits. Connect your HRIS integration to power Vanta's onboarding, offboarding. Learn more from our blog

General enhancements

  • Improved account linking logic to automatically connect more user accounts on the Access page
  • Added new tests to automate more evidence collection
  • Added CSV exports to the Computers and People pages
  • Policy templates are available as Google docs
  • Updated UI/UX for the Computers and Policy pages

Vanta Agent 1.8.5

  • Released universal binaries on MacOS, adding official support for new M1 macs with Apple Silicon
  • Automatically detect invalid GCP cloud provider IDs to improve agent reliability


April 2021

New integrations

  • Azure Devops Boards
  • Azure Government
  • Datadog EU
  • Vetty background check

General Enhancements

  • Improved Slack integration account linking. Re-connect your Slack integration receive the update

March 2021

New integrations

  • Snyk vulnerability scanning
  • Azure DevOps Repos

New standards

  • ISO 27001 (Beta)
  • HIPAA (Beta)

General enhancements

  • Refreshed the people page with an updated interface
  • Added search to the vulnerabilities tab

February 2021

General enhancements

  • Added search to inventory tab
  • Employee laptop descriptions are now updated automatically
  • Vanta users can remove and update security awareness training evidence from employee records

January 2021

New integrations

  • Jamf device management
  • MongoDB Atlas
  • GitLab task tracker
  • Azure container scanning

General enhancements

  • PDF exports for Vanta reports
  • Improved search experience for tasks

Learn more on our blog

December 2020

  • Container scanning for Google Cloud Platform and Amazon Web Services
  • Improvements to the policy creation flow and templates
  • Updated risk assessment flows

November 2020

  • Bug fixes and general enhancements

October 2020

  • New personnel onboarding flow
  • Revamped People page (formerly called Personnel)

September 2020

  • HIPAA support beta pack
  • Azure infrastructure monitoring

August 2020

  • Update to Company Information fields to accept wider range of upload types
  • Small update to Inventory page to sort resources by age
  • Computer SSH key access now visible for each user on Access page

July 2020

  • New Risk Register format and questions!
  • Updates to app infrastructure to improve speed and data loading times on Inventory and Vulnerability pages.
  • Vanta-agent version 1.5.9 released with hotfixes for MacOS toolbar icon display.
  • Vulnerabilities server view will now auto-sort machines to streamline remediation workflows.
  • New management tools on package view of Vulnerabilities page to control scope of remediation tasks
  • Updated tools on Connections page

June 2020

  • New offboarding checklist to help manage offboarding workflows directly from the Personnel page!
  • New access management reports for each connected service now available on Access page!
  • New audit scheduling tools available on Audit Schedule homepage to streamline audit planning
  • New auditor user access management tools now available on Users page

May 2020

  • Okta SSO provider support now available on the Connections page
  • New Vanta agent v1.5.0 released. Includes updates and new commands in vanta cli toolbox, latest updates to osquery, bug and security fixes
  • New feature to refresh data on demand on the Tasks page
  • New tools to manage (deleted, disconnect) services as needed on the Connections page

April 2020

  • O365 SSO provider support now available on the Connections page
  • Linear task tracker support now available on the Connections page
  • Clubhouse task tracker support now available on the Connections page
  • Launched new Procedures section for management of control behavior in accordance with company policies
  • Added malware email alerts for all machines running Vanta agent
  • New Vanta agent v1.4.1 released including osquery updates and security upgrades
  • Added support for policy deletion on Policies page

March 2020

Features and improvements

  • O365 beta enrollment is now open! Please reach out to our audit-ops team ( to learn more about what this integration can support and sign up for the program.
  • Checkr background checks integration is now live on the Connections page!
  • Certn background checks integration is now live on the Connections page!
  • Added ability for admins to link background checks to personnel on the Personnel table.
  • Our new navigation style is now live for all customers! In this change we:
    • Simplified our navigation by grouping pages with a similar purpose
    • Increase space for page content by moving primary nav to the header bar
  • Added support for customer-defined policy types on the Policies table
  • Added support for custom security awareness training links for use during personnel onboarding on the Roles and onboarding page
  • Vanta agent update, v 1.4.0, now available while includes new cli commands, bug fixes and process improvements.
  • Updated Vanta agent information across the app including troubleshooting information on Computers and Vulnerability install pages!
  • Added Vanta agent support for Windows Defender
  • Added ability to modify email settings from the user Notifications page.
  • Added labels support for GCP resources to automate inventory management and updates on the Inventory list
  • Added ability to reassign personal laptops from the Inventory list
  • Added view of background check status for admin users on Personnel table
  • Added ability to view and modify resources that have been marked as out of scope ("whitelisted") through the Tasks table
  • Added AWS account id to all AWS resources on the Inventory page in support for customers with multiple linked AWS accounts.
  • Updated designs on the Vendors page to remove use of alert icons
  • Added support for Dashlane AV on Firefox
  • Added support for Avast Antivirus

Bug fixes

  • Fixed an issue with the several tests to prevent test flips and false positives
  • Fixed an issue where all fields were required for business information before saving the form
  • Fixed an issue with tables to sort by last name instead of first
  • Fixed an issue with copy on the Computers page
  • Fixed an issue with session to prevent users being logged out after 1 day
  • Fixed an issue that prevented mobile users from viewing policies
  • Removed a subset of database location checks due to overlapping logic with remaining test set (reach out to for more information).

February 2020

Features and improvements

Bug fixes

  • Fixed an issue where suggested vulnerability remediation commands were not appearing on the vulnerability page for some customers
  • Fixed an issue where access users could not assign computers to owners on the Inventory page
  • Migrated privacy policy and terms of service to new web design
  • Fixed an issue with email notifications being sent too frequently in a short space of time
  • Fixed an issue with duplication of apps in list of installed apps on mac resources
  • Various copy fixes and updates

January 2020

Features and improvements

  • Bitbucket is now available for all customers on the Connections page! 🎉 We encourage all customers using this service as their version control tool to connect their accounts to initiate monitoring for deployment best practices and change management evidence collection for audit.
  • Updated the binary for all macOS users to our latest version (v0.2.0)! This app version includes:
    • A new debugging tool called vanta-cli doctor.
    • A new version of osqueryd.
    • More robust toolbar app that shows a red notification when the agent is not registered.
    • Various bugfixes.
  • Updated design on the Vanta Reports page to simplify navigation.
  • Updated design of pen test report upload flow and added a new history view table
  • Added ability to reassign the Vanta agent between laptops on the Inventory list.
  • Added ability to rotate Vanta agent key from Inventory install page.
  • Deprecated the laptop admins feature (as of 12pm, Jan 8th):
  • Policy packet update to download policies in alphabetical order.
  • Added ability to sort on the Computers table for last ping time and OS
  • Added ability to store historical pen test results
  • Added additional metadata for Linux machines on the Inventory list for easier identification
  • Added support for distinct SLAs based on security task severity
  • Added onboarding grace period for version control system accounts (e.g. GitHub)

Bug fixes

  • Copy updates in remediation instructions for infrastructure root account use
  • Fix display of long hostnames in our Computers table
  • Fix login redirect path on 403 error
  • Copy correction for agent installation instructions
  • Fixed changes log to show only merges to master or default branch
  • Removed immediate SLA option for critical vulnerability resolution
  • Fixed pen test upload dialog to include date selection
  • Removed tabbed layout on the Reports page
  • Copy update for agent install reminder email
  • Updated privacy policy links
  • Fixed issue with guest accounts showing for Asana workspaces
  • Fixed redirect for contractors with admin privileges to dashboard instead of onboarding flow
  • Fixed email notifications for background checks so that customers running their own will be alerted for missing reports during audit period

Was this article helpful?

Have more questions? Submit a request