April 2023

 

Week of April 24,  2023

 

Notification Scheduling 

• Notifications can be scheduled to be sent during working hours or anytime

Manually Trigger Policy Sync

• Vanta now has a button to manually trigger a policy sync between Google Drive / Confluence & Vanta 

Notes for Policies 

• There is now a Notes field to the policy details page

 

Week of April 17,  2023

 

Access Reviews 

• Vanta's Access Reviews provides the necessary roles, workflows, and automation to manage access reviews efficiently within the platform
  
  

New Relic Integration

• Vanta integrates with New Relic for access and monitoring-related compliance purposes

 

Week of April 10,  2023

 

Questionnaire Automation

• Trustpage by Vanta’s Questionnaire Automation is designed to help organizations quickly respond to security questionnaires and effectively communicate their security and compliance to customers and prospects. 

 

Week of April 03,  2023

 

Vanta Rebrand

• Vanta has a brand-new look and mascot! Read all about the redesign and Ilma (the llama!) here.

Google Drive Policy Sync

• Sync policies stored in Google Drive to Vanta automatically, with the Google Drive integration 

Policies in multiple languages

• Policy templates can now be created in numerous languages. These languages can be selected at the time of creation and added or removed for future iterations. 
   

 

March 2023

 

Week of March 27,  2023

 

Ignore vulnerabilities until a specified date

• This new feature allows customers to ignore vulnerabilities only for a duration of time.

 

Delete All Custom Controls

• We added an option to delete all custom controls in one click on the controls page. This was highly requested by CSMs and customers alike and will save them significant time, coupled with the ability to re-upload said custom controls through OneSchema.

 

Week of March 20,  2023

 

Custom Notes for Controls

• Users can add custom notes to controls for better team collaboration and understanding.

System Reviewer Role for Access Reviews

• Any Vanta user can be assigned as a System Reviewer. System Reviewers with employee-level access only view the access reviews data they need to perform a review, specifically the systems that they have been assigned to review.

 

Week of March 13,  2023

 

SOC2 Starter Guide

• Vanta has implemented a SOC2 starter guide for new customers. This guide will walk new users through the implementation of Vanta and assist with the many components of prepping for a SOC2 attestation.

Support for Multiple Distinct Identity Providers

• Customers can integrate multiple distinct identity providers! Admins can manage user security workflows from multiple IdPs, including employee onboarding, offboarding & ongoing tasks, employee group management, monitors, access, and access reviews. 

 

Week of March 6,  2023

 

Remediation Task Tracking for Access Reviews

• Now System Reviewers can seamlessly create task-tracking tickets for any accounts that require changes and monitor the status of those tickets and associated changes in Vanta.

Risk CIA

• The CIA framework is now natively implemented in Vanta's Risk management - users can choose CIA categories for their risks and filter by those categories.

Bulk update policies via the policy editor

•  Users can bulk-update content across all policies by specifying the text they want to replace and the new text they want to be added

Manually add company logos in the policy editor

•  Users can now manually add their company logo to the beginning of a policy
  
  

 

February 2023

 

Week of February 27, 2023

 

Archive vendors on the Vendors page

• Users can now archive vendors on the Vendors page. Archived vendors live in a separate tab, where Vanta will retain all information about the vendor if it needs to be revisited later.

Account Access Data APIs for Access Reviews 

• Access Reviews customers can leverage our Account Access Data APIs to upload account access data for non-integrated systems. 

 

Week of February 13, 2023

 

Global Checklist Settings

• Global Checklist settings allow an admin to easily disable a security requirement (such as background checks or security training) across all checklists and employees. These global settings will be tied to product tests so that when admins disable a test for a given employee security task, the task will also be disabled on the People and Checklist pages.

Risk Auditor View and Private Risk Snapshots

• We've restricted the view for auditors to only snapshots, except for domains with an ongoing audit that would have been interrupted by this change. We've also added the ability for customers to create private/internal risk snapshots to track their own progress. 

Updated region selector in AWS

• Use TagInput from Alpaca to provide a more effortless experience.
  
  

Week of February 6, 2023

 

Custom notes for tests

• Vanta has added the ability to add custom notes to tests which is visible to everyone who has access to the test detail page.

Reading employee security task due dates from test SLAs

• The due date for each employee task is now the same as the due date for the corresponding product test (This will bring employee tasks further in sync with the monitor's page. 

Cloudflare security config tests

• Some of the key Cloudflare security components and settings are fetched now, and four new product tests have been added to validate them:
  • cloudflare-firewalls-used
  • cloudflare-ip-access-rules-enabled
  • cloudflare-zone-rules-enabled
  • cloudflare-notifications-enabled
    
    

 

January 2023

 

Week of January 30, 2023

 

New tests for the GitHub integration

• We have introduced 3 new tests for GitHub that will roll out on February 25:
  • The author is not the reviewer of pull requests
  • Repository visibility has been set to private
  • Pending organization invitations are not older than 1 year

Filter by scoping in scoping modal

• Vanta now has the option to use additional filter on the scoping modal to allow users to filter resources by "in-scope" or "out-of-scope'

Allowing all SLAs to be saved in business days

• Vanta has added the functionality of SLAs in business days to all SLAs, which creates a more standardized experience. Business days were added specifically to four categories of SLAs: account revocation, onboarding, vulnerabilities, and security issues.

 

Week of January 23, 2023

 

Auditor View for the People Page

• When auditors are conducting an active audit, they only have access to People that are relevant to the audit scope. Additionally, auditors no longer have access to the People page until the audit observation period starts. This ensures that users are not exposing unnecessary People data to their auditors, and there is less friction for auditors conducting sampling on People.

Monday.com task creation integration

• The feature allows customers to create monday.com items directly within test pages to better manage Vanta tasks.

Access Control for Risk

• Vanta now allows onboarding users to be assigned risk scenarios and risk tasks. Onboarding users can access the Risk register and Action tracker once they've been assigned a risk.

 

Week of January 13, 2023

 

Swifteam Integration

• Vanta now connects with Swifteam for MDM integration. This currently supports macOS, with other operating systems to be added in the future

AccessOwl Integration

• Vanta now connects with AccessOwl to build a document upload integration. If a customer uses AccessOwl for access reviews, the integration will automatically pull in the evidence,

System Reviewer Updates

• Review Status Metrics
  System reviewers can quickly view a snapshot of the status of the vendor accounts they are reviewing.
• Account Flagging
  Vanta flags accounts for systems reviewers that are risky based on employee status and changes.
• Bulk Assign Owners
  System reviewers can assign owners in bulk.

User Access File Uploader

• Process Owners can leverage one of our AR file templates and import files in the AR dashboard. This cuts down on time to prepare and perform access reviews.

Sync risk management tasks with external task trackers

• Vanta can now sync risk tasks to any of Asana, Jira, Linear, or Shortcut

 

Week of January 9, 2023

 

Critical vulnerabilities separated from high vulnerabilities

• Vanta has included new SLA settings and tests for critical vulnerabilities. 

 

Week of January 1, 2023

 

Integrations Page Redesign

• A new and efficient navigation setup for the Vanta Integrations page is now available. 

GCP Organization Support 

• Vanta now allows customers to connect GCP projects to Vanta by linking their GCP organization is now available. Customers can easily specify which projects within the organization are in scope and out of scope and view which projects have been successfully fetched versus those that have failed, including the reason for the failure. Vanta now automatically detects and fetches new projects as they are created.

 

December

 

Week of December 19, 2022

 

Policies that have disabled approval tests no longer appear on the Policies page

• Disabled tests will no longer appear on the policies page.

New Checklist UI & Reusable Custom Tasks

• The Checklist UI guides new users through the four key steps to complete their employee tasks setup.

Test issue history

• Every test now has a "View remediation history" button. Clicking it opens a dialog that lets you see the entire history of test issues.

New integrations - FleetDM and SOOS

• Vanta now integrates with FleetDM and SOOS

Sync to Jira enabled for Risk Management tasks

• Risk management now supports syncing risk tasks to Jira

Rippling Background Checks (Open Beta)

• Customers can pull their Rippling background check data into Vanta (along with HR and MDM data or standalone). 

 

Week of December 12, 2022

 

Documents on the Tests Page

• Tests and documents now both show in a single table on the Monitors page. The new page is essentially the Tests page with documents added to the table. Users can filter between Tests, Documents, or both.
  

Security Task tests show deadlines

• Security task tests have been migrated to the SLA UI and now show deadlines for Security tasks ahead of the due date

Snoozing test entities

• Allow admins to snooze individual test entities

 Create task tracker tickets for Documents

• Vanta now allows you to create tasks in your favorite task trackers, Jira, Asana, Linear, or Shortcut.

AWS linking via Terraform

• Customers who use Terraform can now link their AWS account by adding a Vanta-generated script that automates roles and policies setup. AWS linking will be much faster than the previous manual console flow! 

 

Week of December 5, 2022

 

Multi-IdP Group Membership

• With Multi-IdP Group Membership, Vanta Admins can assign employees to their IdP group of choice. Admins can do this as part of the Group Creation flow or as part of Employee Management.
• Google 
• Dynamic IdP Groups for Okta

Risk Management Migration 

• Vanta Users on old versions of the risk assessment feature are now able to update themselves to the new risk management module from their respective risk assessment versions.

GCP Queues in Inventory

• We started fetching GCP Queues and added them to the Inventory page

Integrations page feedback form

• Vanta users can now provide feedback from the Integrations pages within Vanta 

Support for longer resource fetches and faster "refresh test" turnaround

• For long-running fetches, we now support fetches that take up to 12 hours! We can opt in any (domainId, kind) to use a new queue with a longer timeout.
  
  
  

November 2022

 

Week of November 28, 2022

 

Standardizing Assignment Notifications

• Consolidated across all 5 into a single All Assignment Notification sent via both email and Slack with a standard copy and a single setting for turning them off/on.

Inventory Page Defaults

• This feature assigns default owner and description values to all inventory items that are missing these values.

GCP Permission Configuration

• We now allow users to configure GCP to only fetch the resources they want to enable APIs for

Intercom Account Access Integration

• All customers can add the Intercom integration to continuously monitor account access details on the Access page. Access Reviews customers can also include Intercom in their regular access reviews, saving time pulling files & managing stakeholders, reducing license fees & improving the quality of the review.

 

Week of November 21, 2022

 

AWS GovCloud Multi-Account

• We moved GovCloud to our existing linking flow and architecture, improving our setup time and experience. Customers using GovCloud can link multiple accounts now and expect the safer role assumption that we use on commercial AWS.

OFDSS & ISO 27001:2022 

• We’re excited to continue to expand the number of standards Vanta supports with the launch of two new/updated standards.
  • Open Finance Data Security Standard (OFDSS) 
  • ISO 27001:2022, which replaces ISO 27001:2013

Snoozing Standards

• Customers can now focus on just the standards that are currently their priority by snoozing the rest for a period of their choosing
   

Week of November 14, 2022

 

New Invite Admins Flow

• Customers who haven't connected an IDP see a new homepage Zero State where they can add an Admin directly in a modal

 

Week of November 7, 2022

 

Personio HRIS Integration

• The new Personio integration means we can better support international customers by getting the most accurate employment dates. Accurate employee end dates improve the ability to meet their commitments and offboard employees on time.

Trust Report Compliance & Subprocessors Sections

• Include the compliance standards you have achieved and their subprocessors in the Vanta Trust Report!

Connectors Integrations

• In September, we announced Connectors - a program for technology partners to build data-sending integrations to Vanta. Over the past 2 months, we worked with them to build and prototype integrations with alpha customers. Today, any customer can install these integrations by visiting the “Partner-built integrations” section on the Integrations page.
• Integrations Include
  • Kolide: MDM
  • Incident.io: Incident Management
    
  • BreachRX: Incident Management
    
  • Haekka: Security Training
    
  • Riot: Security Training
    
  • EasyLlama: Security Training
    
  • Termius: Secrets
    
  • Kitemaker: Task Tracker

 

October 2022

Week of October 31, 2022

• Filtering out non-resolvable vulnerabilities for AWS and Snyk
  
  • Non-resolvable vulnerabilities detected through AWS and Snyk will be automatically filtered. These will no longer show up in Vanta.

• Share feedback form added to the How to fix section
  • We now collect feedback directly from users, on what we can change or add to the test details page to make fixing the test easier for them.
    
    
• Event Log
  • Vanta's Event Log shows a history of changes made within Vanta including administrative activities, data modification, and user logins. 

 

Week of October 24, 2022

• System Description Network Diagram Image Size Limits are now removed
  • We now resize and/or compress the image to avoid this limitation. The act of having to download, edit, and re-upload their System Description is an annoying pattern we'd like to avoid, and makes our System Description feel less magical/smart. Having to do that due to image size restrictions will (virtually) never happen anymore.

• Universal test SLAs
  • Users set a period of time to commit to fixing the test by and if a test fails, users are given a suggested due date to remediate, with the test failures only shown to auditors if the date passes.

• System Description Custom Inputs
  • The tag and dropdown inputs now accept custom inputs while still keeping the suggested values from before. 

• Custom Inventory Tags
  • Users can now use their own tagging taxonomy for bulk tagging in Vanta. By doing a one-time mapping of their custom tags to Vanta's tags in the Vanta UI, Vanta will be able to read the information directly from their own tags.

• Time Sensitive Tasks sidebar on the home page
  • Users will see a vertical sidebar on the right portion of the home page. This makes it easy to see and action on priority (overdue/due soon) tasks when the home page is opened.

 

Week of October 17, 2022

• Custom Policy Approval & Acceptance Tests

  When customers create new custom policies, new tests will be automatically created to monitor the (annual) approval and employee acceptance statuses. These tests will be viewable from the Tests page under the Policies category and behave, like our existing Vanta Policy Tests. Additionally, customers now get all the notifications that come with normal Vanta Tests.

 

Week of October 10, 2022

• Temporarily deactivate tests or documents
  
  • Users can now add end dates when deactivating a test/document. This will allow them to deactivate tests/documents until a specified date, after which, they will automatically be reactivated when the date passes.

 

Week of October 3, 2022

• Connect AWS accounts via CloudFormation
  
  • Customers can now connect their AWS accounts automatically using CloudFormation as a part of the AWS cloud provider connection flow.
  • A CloudFormation script is available directly in the connection flow for customers to use (copy or download), to make the process as smooth as possible.

• Inventory Page CSV export now includes more fields
  • An exported CSV file will contain all the data fields displayed in the inventory table for each inventory type.

• New Auditor View
  • A new page has been built for auditors to view customer evidence. Tests, policies, and documents all live in a single place for auditors, scoped down to the standard under audit and the observation window. 

 

September 2022

 

Week of September 27, 2022

• New Standards
  • Ten new compliance frameworks are available in Vanta

• Processing Integrity and Privacy Controls
  • Customers are now opted into PI and P TSCs for SOC 2 with Vanta’s default control set, and can be mapped to new controls or other existing controls to these sections.

• Enhanced control Owner workflows
  • Customers can assign owners to controls for tracking purposes. Assigning owners will also enable ISO 27001 to meet that standard's requirements for process oversight.

• Audit Report Download/Edit for Auditors
  • We've added the ability for auditors to both download and replace the existing audit report for a given audit engagement.

• Bulk approval for policy updates
  • Customers will now be able to bulk approve policy updates

• Trust Report Watermarked Documents
  • This feature adds watermarking for private PDFs (either on a private report or a private document in a public report). By adding a watermark, customers can feel more confident in sharing out documents in a Trust Report.

• Monday.com integration support
  • The 1-way monday.com integration lets customers pull their security issues data automatically into Vanta in order to track that they are being assigned priorities and owners and being closed within the set SLA. Additionally, customers can now review user access to monday.com via Vanta on the Access page.

 

Week of September 19, 2022