Product Updates

  • Updated

 

Vanta Release Notes

September 2024

 

Week of September 23,  2024

 

Vendor Risk Management: Locking AI answers and edited answers

  • Once an answer is locked, the AI will not re-run on those questions.

Updated Test Details Redesign 

  • Vanta has introduced a beta test details page with a tabbed design to focus on remediation details

 

Week of September 16,  2024

Full-page column selection  for Questionnaire Automation

  • Vanta now has a full-page view for column selection, making navigation and use more seamless

 

Week of September 2,  2024

Lacework Integration

  • Vanta now integrates with Lacework for vulnerability management 

Report Center Filter Improvements

  • Report center users can now configure their custom reports further by filtering charts by framework, enabling the creation of framework-specific reports. 

DORA Framework

  • Our new framework breaks down the regulation into actionable tests, documents, and policy addendums, offering clear guidance and prioritization for compliance managers. 

August 2024

 

Week of August 19,  2024

Questionnaire Automation Question Assignment  

  • Individual questions can be assigned to users in Vanta. Users can be notified via email or Slack and quickly click on the questionnaire to view and answer assigned questions.

SentinelOne Vulnerability Management & Vanta

  • Vanta now integrates with SentinelOne

Sync PDFs from Google Drive & Sharepoint for Policies & Documents

  • If you are utilizing the Google Drive or Sharepoint integration, you can sync PDF files through the Google Drive & Sharepoint integrations for policies and documents

 

Week of August 12,  2024

AWS Multi-Org Support

  • All AWS users can now add multiple orgs to a single Vanta Workspace

Cyber Insurance - Vanta & Vouch

  • Users can purchase cyber insurance directly within Vanta in as little as 15 minutes, powered by Vouch.

 

Week of August 5,  2024

Policy Builder

  • Policy Builder is a new policy creation and editing workflow to help create policies using Vanta templates.

Report Center

July 2024

 

Week of July 29,  2024

Update to USDP Framework

  • Vanta's existing US Data Privacy framework has added a net new control. This new control accommodates a recent addition to the Oregon Consumer Privacy Act.  Five existing documents and one existing test have been mapped to this control.

Updated Developer Hub

  • The API documentation will help customers understand our API’s capabilities, get started, and explore its use cases.

Questionnaire Automation for multi-product organizations

 

Week of July 15,  2024

Audit evidence

  • Evidence statuses can be applied to a piece of evidence within an audit engagement.

 

Week of July 8,  2024

VRM - findings, follow-ups, and residual risk

  • VRM users will be able to recommend treatment plans, recommend resolutions, create Jira tasks for follow-up, and set residual risk for the vendor.

Trust Center Media Tab

  • There is a new section on the Trust Center called Media for companies to upload videos hosted on YouTube or Vimeo.

 

June 2024

Week of June 24,  2024

 

Vanta & Orca integration 

  • Anyone using Orca can connect to Vanta to pull in vulnerability data, track status, and SLAs, and assign tests if something misses a resolution window.

REST API support for putting personnel on leave and marking as "not a person"

Access Tickets

  • Access Ticketing for Jira is now available. Users can enable it on the Manage section of the Jira integration, providing a label for access tickets.

 

Vendor Risk Management: Inherent Risk Rubric customization

  • VRM users will be able to customize the attributes used to determine inherent risk levels for each vendor and be able to apply those attributes to vendor categories to enable auto-scoring

 

Week of June 17,  2024

 

Comments in the Audit view

  • Customers and auditors can now communicate with each other through comments on evidence in the audit view 

Week of June 3,  2024

 

Updated User Interface

  •  A new and improved UI had been implemented in Vanta, designed to make it easier to find and act on the data and information in Vanta.

 

May 2024

 

Week of May 20,  2024

Questionnaire Automation

 

Week of May 13,  2024SSO

Background Checks POwered by Certn

 

Week of May 6,  2024SSO

(SAML) for standalone customers

  • Customers can now set up an SSO SAML connection to their IDP without first integrating their IDP via API. The SAML protocol allows customers to grant a subset of their users access to the Vanta application.

Ability to link multiple Trust Centers

  • Users can access all of a company's Trust Centers with a Trust Center picker in the Trust Center header.

Shareable Hidden Resources in Trust Center

  • There is a new visibility option for resources called Shareable that hides the document from their public Trust Center but can still be shared externally.

Knowledge Base for Trust Center

  • There is now a new Knowledge Base in Trust Center for customers to manage their Security Documents and Answers

 

April 2024

 

Week of April 29,  2024

 

The Vanta REST API Beta

  • We’re launching a new Vanta API with more functionality than GraphQL in the  REST protocol.  

 

Week of April 22,  2024

 

Custom Banner Images for Trust Center 

  • Users can now upload custom images which will appear on the top banner of the Trust Center

New ability to reject discovered vendors

  • For those using Vendor Risk Management, discovered vendors can be rejected and provide a reason for the decision

 

Week of April 15,  2024

 

Vendor Risk Management: Ability to add reason when ignoring a discovered vendor

  • Users can give reasons when ignoring a vendor so that it's visible and trackable

  

Week of April 1,  2024

 

Support for multiple Bitbucket workspaces

  • Customers now can connect their different workspaces to Vanta

 

March 2024

 

Week of March 25,  2024

 

Unlimited Custom Attributes in Risk Scenario Import

  • Customers can now include as custom attributes when importing risks

Specific templates for bulk importing custom controls

  • Controls import templates are now specific to the user, meaning they show only the frameworks the customer has purchased and include the customer’s custom frameworks. 

Week of March 18,  2024

 

Remediation information for Vulnerabilities

  • We now pull in the following information for vulns that helps give guidance on how to remediate:
    • Affected versions of the package/software
    • Fixed versions of the package/software
    • Remediation details (if the scanner provides it)

New dashboard widgets on the Vulns "Findings by Asset" page

  • Two new widgets have been added to the Findings by Asset page,
    • Asset Scan Coverage
    • Asset SLA status

New Security Training Modules released

 

 

Week of March 11,  2024

 

Support for employees in multiple groups

  • Employees can now be included in multiple groups of employee task programs and import their IdP groups 1:1

New Vendor Overview Page and Risk Register Integration

  • Customers can now link a vendor's findings to existing risk scenarios, bridging the gap between Vendor risk and risk management.  

Updates to SOC 2 Controls

Custom Procurement Labels in Vendor Risk Management

  • Users can now create custom labels for Vendor risk management procurement requests with task tracker integrations

 

 

Week of March 4,  2024

 

People Export Background Job

  • Users can click the export button immediately and navigate away from the People page

New auditor evidence drawer

  • Replacing the full-screen model with a drawer allows us to build performance improvements and new UX features and prepares us for further improvements to the audit experience.

Netlify cloud deeper security tests

 

February 2024

 

Week of February 26,  2024

 

Additional Admin Onboarding 

  • A new, higher-context, and more streamlined onboarding experience has been made available for additional invited admins.

CloudFormation connection for AWS Orgs linking flow

  • Vanta has added support for the CloudFormation connection method for the AWS Organization linking flow. 

 

Week of February 19,  2024

 

One-column layout for Trust Center overview page

  • A one column layout has been enabled for Vanta Trust center to create a cleaner and more seamless UI experience

Multi-language policies upgrade

  •  Multi-language policies enable customers to manage and maintain multiple documents for the same policy so their employees can choose the one to review in their preferred language

 

 

January 2024

 

Week of January 29,  2024

 

Supporting Role Changes in Access Reviews

  • There’s a new button for access reviews, aptly called “Change roles”, that Access Review customers can use to denote accounts that need a role/permissions change instead of outright approving or denying access.

Flag access accounts by last login in Access Reviews

  • In order to flag potentially inactive accounts, we have:
    • Added the last login as a column in the System Reviewer dashboard
    • Added flagging for accounts where the user has not logged in for over 90 days

Last login flagging works initially with the Vanta, Zoom, and MongoDB Atlas integrations, with more to come!

 

Week of January 22,  2024

 

Sync IDP user scope with accounts and access tests

  • Allows admins the option to opt into applying user scope to accounts they own and reduces the manual effort needed.

Risk Notifications

  • We've added several improvements to our risk notifications, including:
    • Manual reminder buttons for risk scenarios and tasks
    • Risk task status for due soon or overdue tasks
    • Risk needs attention (e.g. control failing, task overdue, needs completion, needs approval)
    • Improvements to the Daily/Weekly summary email

 

Week of January 15,  2024

 

Bulk Link Account Owners on the Access Page

  • We now support bulk-linking account owners via OneSchema. Customers can download a .xlsx file of all their unlinked accounts, enter the owner email for each account, and upload the same file via OneSchema to link all accounts to owners at once. 

 

AI-powered Access Data Import for Access Reviews - Public Beta

  • Users can now take screenshots or export a PDF of users from an unintegrated system, and Vanta's AI access data importer will extract the user data, drastically reducing manual data entry.

 

Vendor Risk Management: Private Links 

  •  Vendor risk management customers can request both documents and questionnaires with a single reach out to the customer. Vanta will send the email with the requested documentation and a link to upload questionnaires and documents. 

Week of January 8,  2024

 

Vendor Risk Management Private Link Emails

  • VRM customers can request both documents and questionnaires through a link single link

 

Week of January 1,  2024

 

GDPR with EU-US Data Privacy Framework

  • Vanta has released an add-on to GDPR for the EU-US Data Privacy Framework. The add-on includes 7 new controls and 6 new documents to help US-based customers subject to GDPR achieve compliance more efficiently  

 

December 2023

 

Week of December 18,  2023

Vanta AI Custom Templates for VRM

  • Vanta AI templates allow customers to upload multiple templates and efficiently be able to switch between them 

 

NDA Data Export 

  • NDA data can now be exported from the Trust Center settings page 

Automatically re-open vulnerabilities when a fix is available 

  • Vulnerabilities can be unmonitored, and then automatically reopened when a known remediation becomes available 

 

Week of December 11,  2023

 

Bulk download available for Trust Centers

  • We've launched a new bulk download button to generate a zip file of all accessible files on a Trust Center.

Bulk Actions in Risk Register

  • Allows bulk selection of risk scenarios, which can then be assigned an owner, approved, or archived with one click

 

November 2023

 

Week of November 25,  2023

 

Trust Center Updates

  • Customers can now post updates on their Trust Center and notify subscribers via email.

Access Review support for Private Integrations

  • Customers can now create custom integrations for Vanta to automatically pull in access data, streamlining Access Reviews.

 

Week of November 13,  2023

 

"No Security Tasks" status on the People Page

  • When an employee has no tasks assigned to them, we display their status as 'No tasks.' In this state, we also provide a prompt in their user drawer, encouraging the admin to assign tasks."

 

Week of November 6,  2023

 

Australian Essential 8 and UK Cyber Essentials Frameworks Release

  • Vanta has developed and deployed both UK Cyber Essentials and The Australian Essential 8 as Framework offerings.

Updated Vanta Policy Templates

  • Several Policy Templates have been updated for more comprehensive security policies   

 

October 2023

 

Week of Oct 30,  2023

 

Vulnerabilities Page 

  • The redesign of the vulnerabilities page comes with improvements that make the experience more intuitive and streamlined to manage vulnerabilities

 

Week of Oct 23,  2023

 

Trust Report DocuSign Integration

  • Customers now have the option to connect their DocuSign account to Vanta and use it to send NDAs.

Trust Report Salesforce Integration

  • Trust Reports can now integrate with  Salesforce and allow custom auto-approvals and NDA bypass rulesets. 

Vendor Risk Management - Private links for vendor document upload

  • Vanta customers can now generate a unique link for each vendor to collect security documents 

Trust Report - Custom frameworks and badges

  • Customers have the ability to add new frameworks that aren't part of the pre-existing list, as well as customize the name and badge icon for new and existing frameworks

 

Week of Oct 16,  2023

 

Automatic evidence collection for access reviews

  • Vanta will automatically upload the Access Review report as evidence to meet the controls around Access Reviews

 

Week of Oct 9,  2023

 

Control Mapping to Risk Scenarios 

  • Risk scenarios can now be mapped to controls within Vanta

 

Week of Oct 2,  2023

 

Multiple organization and group support for Snyk

  • Users can now choose which organization(s) or group(s) they would like Vanta to monitor and pull relevant resources from 

Vanta AI for Vendors Custom Questions

  • Users now have the ability to ask their own questions to Vanta AI in additional to the default questions provided 

 

September 2023

 

Week of Sept 25,  2023

 

Role-Based Access Controls: Custom roles

  • Vanta Admins can now create and tailor custom roles, which they can then assign to users within their accounts

Import Documents from external sources - Drive, Confluence, Sharepoint

  • Users can now import Documents from external sources - Drive, Confluence, Sharepoint

 

Week of Sept 18,  2023

 

Policy Editor Commenting Feature

  • The policy editor now allows users to comment on the document, making communications for suggestions and feedback more streamlined in a centralized location

Additional controls and guidance added to ISO 27017

  • 36 new controls have been added to ISO 27017 to provide valuable guidance to customers


Week of Sept 11,  2023

 

Controls Affect Risk Status

  • Controls now affect the completion status of risks. Risks are now considered complete if they have at least one control or task, all tasks are completed, and all controls pass
 
Manual file upload capability for integrated vendors
  • We're adding an option to upload files for vendors where a connection is possible
 
JumpCloud IdP
Vanta Agent Quality Improvements
  • The most recent version of the Vanta Agent upgrades it to use the most recent version of osquery (5.9.1)
  • This version also includes general bug fixes and improvements

 

Week of Sept 4,  2023

 

Improved Agent installation experience for employees

  • Employees now register their Vanta Agent to their company's domain by copy-and-pasting a simple registration key during the Agent installation process

Risk Management Redesign

  • The Risk Register has been redesigned to allow edits and additions to be made to risk scenarios entirely from the sidebar

 

August 2023

Week of August 28,  2023

 

New roles in Vanta: View-only Admin + Sales Admin

  • Our new roles page will now show all available roles and what specifically each role has access to
    • View-only Admins will be able to view the entire product but won't have the ability to make any changes.
    • Sales admins will only be allowed to manage external access to the Trust Report. Our new roles page will now show all available roles and what specifically each role has access to.

Vendor merge & delete options

  • VRM customers can merge vendors (combining data) and delete vendors

Configure idle session timeout

  • We are providing a security settings page where the user can choose to change their idle session timeout configuration. Currently, they'll be asked to choose between 7 days, 3 days, 24 hours, and 30 minutes

ISO 27001:2022 Control/Test Updates

  • Risk management tests have been added so customers can leverage work they have already done to enrich the existing policy and documentation asks

 

Week of August 21,  2023

 

Workspace Console User Management

  • Workspace Console Admins can now access the Workspace Console, which provides them with an aggregate view of data across all connected Workspaces. 

Access Review Free Trials: Beta

  • Customers who are interested in Access Reviews can sign up for a Free Trial within Vanta 

VRM Reporting

  • We built out a reporting page that tracks a few metrics over time. The initial metrics are
    • Number of vendors over time broken down by origin/risk level
    • Number of completed security reviews per month
    • Average time for completing security review/procurement

Snowflake integration now supports connecting multiple warehouses

  • Vanta users can now connect to more than one Snowflake warehouse on the Integrations page.  

 

Week of August 14,  2023

Auto-populated Statement of Applicability for ISO 27001 (2022)

  • Auto-populate the SoA for both the 2013 and 2022 versions of ISO 27001! The banner and button to download the pre-filled template are the same, but the downloaded document will include a sheet for any ISO 27001 versions the user has enabled

 

Week of August 7,  2023

 

Answer editing in the questionnaire browser extension

  • Answer editing in the questionnaire browser extension enables customers to edit past answers without visiting the answer library

Scoped Document Access for Trust Reports

  • Customers now have an opt-in Trust Report access model that allows them to provision individual documents. Requesters can specify which documents they are interested in, and customers can select which documents they ultimately want to provide access to

 

Week of August 1,  2023

 

Connectors integrations are now available for EU customers

  • Customers can now see all Connectors integrations on the Integrations Page. 

Risk scenarios now have an editable "Identified" field

  • Users are now able to edit an "Identified" field

 

July 2023

 

Week of July 31,  2023

 

Connectors integrations are now available for EU customers

  • Customers can now see all Connectors integrations on the Integrations Page. 

Risk scenarios now have an editable "Identified" field

  • Users are now able to edit an "Identified" field

 

Week of July 24,  2023

 

Sumo Logic monitoring integration

  •  Sumo Logic integrations now fetch monitors, and a new product test has been added to verify that at least one active monitor is configured in Sumo Logic

 

Week of July 17,  2023

 

Risk Custom Attributes

  •  Customers who utilize Risk management can create Text, Number, and Date attributes on risk scenarios, allowing even the most complex cases to be managed through Vanta 

Tags in the Trust Center's Answer Library + Extension

  • Tags can be added to answer library items through the Answer Library page and browser extensions, allowing users to filter and group items

Week of July 10,  2023

 

Column Selection for Questionnaire Imports

  • When uploading a questionnaire to be imported, users will be able to review detected columns and make adjustments as needed before starting the import process 

 

Week of July 03,  2023

 

Edit Vanta Document Metadata & Recurrence

  • Document names, descriptions, and recurrence can be edited from the document's detail page

 

June 2023

Week of June 26,  2023

 

Vanta Library customization: Mapping of Vanta Controls to Frameworks

  • Vanta Controls now have the same flexibility as custom ones.

Okta OAuth with roles 

  • We're changing the Okta integration to use OAuth authentication instead of API tokens 

Policy name and description customization

  • The name and description of policies can be edited while still taking advantage of the control <> policy mappings that Vanta provides out of the box.

Leave Status

  • Administrators can set or unset their Vanta users’ leave status manually. Administrators can also optionally specify a date on which the leave starts or ends when setting leave status.

 

Week of June 19,  2023

 

Custom Framework Audits

  • Auditors can now view Audits for custom frameworks 

Horizontal Table Scrolling in the risk register

  • Vanta now supports horizontal table scrolling in the Risk Register; we also allow an optional frozen column on the left, so users can still see the item's Name or ID while they scroll left and right in the table.

Custom security review cadence on vendors

  • VRM customers can customize the cadence at which they want to conduct security reviews (including an option to turn off required reviews for vendors of certain risk levels)

 

 

Week of June 12,  2023

 

Show/hide columns in the Risk Register

  • Vanta now allows you to toggle which columns are visible in the Risk Register, as well as display new columns we haven't allowed before (Categories, Created, and Updated).

 

Week of June 5,  2023

 

Beta release of Microsoft Teams notifications

  • Vanta now has native support for sending notifications to customers who use Microsoft Teams as their chat application. Customers will be able to select a Teams channel for each of our preset categories, similar to the Slack Integration 

Customizing Security Issue Tracking in Vanta

  • Vanta allows customers to customize the labels that Vanta uses to automatically track security issues for all task trackers

Marking Custom Documents as Sensitive

 

May 2023

 

Week of May 22,  2023

 

Dynamic IdP Groups for OneLogin

  • Dynamic IdP Groups for OneLogin reduce the time to create groups and eliminate the time to keep them up to date by allowing groups to sync from OneLogin over to Vanta

Editable account status for access reviews

  • Vanta now allows users to edit the status for access reviews 

 

Week of May 15,  2023

 

Checklist Previews 

  • Customers can preview their changes in the checklist edit flow before publishing. This offers admins an easy way to understand the onboarding experience for their employees.

View as an auditor without an audit engagement

  • Vanta users will see the option to specify a custom date range when they select "View as auditor".  An audit engagement is no longer required.

 

Week of May 8,  2023

 

Vendor Risk Management

  • Conduct comprehensive security reviews that enable your organization to proactively mitigate risk associated with the vendors you utilize

Customizable Test SLAs

  • Made Vanta's SLA range provides recommended time frames, which users can override.

Grafana Monitoring Integration

  • Vanta now has an expanded integration with Grafana

 

 

April 2023

 

Week of April 24,  2023

 

Notification Scheduling 

  • Notifications can be scheduled to be sent during working hours or anytime

Manually Trigger Policy Sync

  • Vanta now has a button to manually trigger a policy sync between Google Drive / Confluence & Vanta 

Notes for Policies 

  • There is now a Notes field to the policy details page

 

Week of April 17,  2023

 

Access Reviews 

  • Vanta's Access Reviews provides the necessary roles, workflows, and automation to manage access reviews efficiently within the platform

New Relic Integration

  • Vanta integrates with New Relic for access and monitoring-related compliance purposes

 

Week of April 10,  2023

 

Questionnaire Automation

  • Trustpage by Vanta’s Questionnaire Automation is designed to help organizations quickly respond to security questionnaires and effectively communicate their security and compliance to customers and prospects. 

 

Week of April 03,  2023

 

Vanta Rebrand

  • Vanta has a brand-new look and mascot! Read all about the redesign and Ilma (the llama!) here.

Google Drive Policy Sync

Policies in multiple languages

  • Policy templates can now be created in numerous languages. These languages can be selected at the time of creation and added or removed for future iterations. 
     

 

March 2023

 

Week of March 27,  2023

 

Ignore vulnerabilities until a specified date

 

Delete All Custom Controls

  • We added an option to delete all custom controls in one click on the controls page. This was highly requested by CSMs and customers alike and will save them significant time, coupled with the ability to re-upload said custom controls through OneSchema.

 

Week of March 20,  2023

 

Custom Notes for Controls

  • Users can add custom notes to controls for better team collaboration and understanding.

System Reviewer Role for Access Reviews

  • Any Vanta user can be assigned as a System Reviewer. System Reviewers with employee-level access only view the access reviews data they need to perform a review, specifically the systems that they have been assigned to review.

 

Week of March 13,  2023

 

SOC2 Starter Guide

  • Vanta has implemented a SOC2 starter guide for new customers. This guide will walk new users through the implementation of Vanta and assist with the many components of prepping for a SOC2 attestation.

Support for Multiple Distinct Identity Providers

  • Customers can integrate multiple distinct identity providers! Admins can manage user security workflows from multiple IdPs, including employee onboarding, offboarding & ongoing tasks, employee group management, monitors, access, and access reviews. 

 

Week of March 6,  2023

 

Remediation Task Tracking for Access Reviews

  • Now System Reviewers can seamlessly create task-tracking tickets for any accounts that require changes and monitor the status of those tickets and associated changes in Vanta.

Risk CIA

  • The CIA framework is now natively implemented in Vanta's Risk management - users can choose CIA categories for their risks and filter by those categories.

Bulk update policies via the policy editor

  •  Users can bulk-update content across all policies by specifying the text they want to replace and the new text they want to be added

Manually add company logos in the policy editor

  •  Users can now manually add their company logo to the beginning of a policy

 

February 2023

 

Week of February 27, 2023

 

Archive vendors on the Vendors page

  • Users can now archive vendors on the Vendors page. Archived vendors live in a separate tab, where Vanta will retain all information about the vendor if it needs to be revisited later.

Account Access Data APIs for Access Reviews 

  • Access Reviews customers can leverage our Account Access Data APIs to upload account access data for non-integrated systems. 

 

Week of February 13, 2023

 

Global Checklist Settings

  • Global Checklist settings allow an admin to easily disable a security requirement (such as background checks or security training) across all checklists and employees. These global settings will be tied to product tests so that when admins disable a test for a given employee security task, the task will also be disabled on the People and Checklist pages.

Risk Auditor View and Private Risk Snapshots

  • We've restricted the view for auditors to only snapshots, except for domains with an ongoing audit that would have been interrupted by this change. We've also added the ability for customers to create private/internal risk snapshots to track their own progress. 

Updated region selector in AWS

  • Use TagInput from Alpaca to provide a more effortless experience.

Week of February 6, 2023

 

Custom notes for tests

  • Vanta has added the ability to add custom notes to tests which is visible to everyone who has access to the test detail page.

Reading employee security task due dates from test SLAs

  • The due date for each employee task is now the same as the due date for the corresponding product test (This will bring employee tasks further in sync with the monitor's page. 

Cloudflare security config tests

  • Some of the key Cloudflare security components and settings are fetched now, and four new product tests have been added to validate them:
    • cloudflare-firewalls-used
    • cloudflare-ip-access-rules-enabled
    • cloudflare-zone-rules-enabled
    • cloudflare-notifications-enabled

 

January 2023

 

Week of January 30, 2023

 

New tests for the GitHub integration

  • We have introduced 3 new tests for GitHub that will roll out on February 25:
    • The author is not the reviewer of pull requests
    • Repository visibility has been set to private
    • Pending organization invitations are not older than 1 year

Filter by scoping in scoping modal

  • Vanta now has the option to use additional filter on the scoping modal to allow users to filter resources by "in-scope" or "out-of-scope'

Allowing all SLAs to be saved in business days

  • Vanta has added the functionality of SLAs in business days to all SLAs, which creates a more standardized experience. Business days were added specifically to four categories of SLAs: account revocation, onboarding, vulnerabilities, and security issues.

 

Week of January 23, 2023

 

Auditor View for the People Page

  • When auditors are conducting an active audit, they only have access to People that are relevant to the audit scope. Additionally, auditors no longer have access to the People page until the audit observation period starts. This ensures that users are not exposing unnecessary People data to their auditors, and there is less friction for auditors conducting sampling on People.

Monday.com task creation integration

  • The feature allows customers to create monday.com items directly within test pages to better manage Vanta tasks.

Access Control for Risk

  • Vanta now allows onboarding users to be assigned risk scenarios and risk tasks. Onboarding users can access the Risk register and Action tracker once they've been assigned a risk.

 

Week of January 13, 2023

 

Swifteam Integration

  • Vanta now connects with Swifteam for MDM integration. This currently supports macOS, with other operating systems to be added in the future

AccessOwl Integration

  • Vanta now connects with AccessOwl to build a document upload integration. If a customer uses AccessOwl for access reviews, the integration will automatically pull in the evidence,

System Reviewer Updates

  • Review Status Metrics
    System reviewers can quickly view a snapshot of the status of the vendor accounts they are reviewing.
  • Account Flagging
    Vanta flags accounts for systems reviewers that are risky based on employee status and changes.
  • Bulk Assign Owners
    System reviewers can assign owners in bulk.

User Access File Uploader

  • Process Owners can leverage one of our AR file templates and import files in the AR dashboard. This cuts down on time to prepare and perform access reviews.

Sync risk management tasks with external task trackers

  • Vanta can now sync risk tasks to any of Asana, Jira, Linear, or Shortcut

 

Week of January 9, 2023

 

Critical vulnerabilities separated from high vulnerabilities

  • Vanta has included new SLA settings and tests for critical vulnerabilities. 

 

Week of January 1, 2023

 

Integrations Page Redesign

  • A new and efficient navigation setup for the Vanta Integrations page is now available. 

GCP Organization Support 

  • Vanta now allows customers to connect GCP projects to Vanta by linking their GCP organization is now available. Customers can easily specify which projects within the organization are in scope and out of scope and view which projects have been successfully fetched versus those that have failed, including the reason for the failure. Vanta now automatically detects and fetches new projects as they are created.

 

December

 

Week of December 19, 2022

 

Policies that have disabled approval tests no longer appear on the Policies page

  • Disabled tests will no longer appear on the policies page.

New Checklist UI & Reusable Custom Tasks

  • The Checklist UI guides new users through the four key steps to complete their employee tasks setup.

Test issue history

  • Every test now has a "View remediation history" button. Clicking it opens a dialog that lets you see the entire history of test issues.

New integrations - FleetDM and SOOS

  • Vanta now integrates with FleetDM and SOOS

Sync to Jira enabled for Risk Management tasks

  • Risk management now supports syncing risk tasks to Jira

Rippling Background Checks (Open Beta)

  • Customers can pull their Rippling background check data into Vanta (along with HR and MDM data or standalone). 

 

Week of December 12, 2022

 

Documents on the Tests Page

  • Tests and documents now both show in a single table on the Monitors page. The new page is essentially the Tests page with documents added to the table. Users can filter between Tests, Documents, or both.

Security Task tests show deadlines

  • Security task tests have been migrated to the SLA UI and now show deadlines for Security tasks ahead of the due date

Snoozing test entities

  • Allow admins to snooze individual test entities

 Create task tracker tickets for Documents

  • Vanta now allows you to create tasks in your favorite task trackers, Jira, Asana, Linear, or Shortcut.

AWS linking via Terraform

  • Customers who use Terraform can now link their AWS account by adding a Vanta-generated script that automates roles and policies setup. AWS linking will be much faster than the previous manual console flow! 

 

Week of December 5, 2022

 

Multi-IdP Group Membership

  • With Multi-IdP Group Membership, Vanta Admins can assign employees to their IdP group of choice. Admins can do this as part of the Group Creation flow or as part of Employee Management.
  • Google 
  • Dynamic IdP Groups for Okta

Risk Management Migration 

  • Vanta Users on old versions of the risk assessment feature are now able to update themselves to the new risk management module from their respective risk assessment versions.

GCP Queues in Inventory

  • We started fetching GCP Queues and added them to the Inventory page

Integrations page feedback form

  • Vanta users can now provide feedback from the Integrations pages within Vanta 

Support for longer resource fetches and faster "refresh test" turnaround

  • For long-running fetches, we now support fetches that take up to 12 hours! We can opt in any (domainId, kind) to use a new queue with a longer timeout.


November 2022

 

Week of November 28, 2022

 

Standardizing Assignment Notifications

  • Consolidated across all 5 into a single All Assignment Notification sent via both email and Slack with a standard copy and a single setting for turning them off/on.

Inventory Page Defaults

  • This feature assigns default owner and description values to all inventory items that are missing these values.

GCP Permission Configuration

  • We now allow users to configure GCP to only fetch the resources they want to enable APIs for

Intercom Account Access Integration

  • All customers can add the Intercom integration to continuously monitor account access details on the Access page. Access Reviews customers can also include Intercom in their regular access reviews, saving time pulling files & managing stakeholders, reducing license fees & improving the quality of the review.

 

Week of November 21, 2022

 

AWS GovCloud Multi-Account

  • We moved GovCloud to our existing linking flow and architecture, improving our setup time and experience. Customers using GovCloud can link multiple accounts now and expect the safer role assumption that we use on commercial AWS.

OFDSS & ISO 27001:2022 

Snoozing Standards

Week of November 14, 2022

 

New Invite Admins Flow

  • Customers who haven't connected an IDP see a new homepage Zero State where they can add an Admin directly in a modal

 

Week of November 7, 2022

 

Personio HRIS Integration

  • The new Personio integration means we can better support international customers by getting the most accurate employment dates. Accurate employee end dates improve the ability to meet their commitments and offboard employees on time.

Trust Report Compliance & Subprocessors Sections

  • Include the compliance standards you have achieved and their subprocessors in the Vanta Trust Report!

Connectors Integrations

  • In September, we announced Connectors - a program for technology partners to build data-sending integrations to Vanta. Over the past 2 months, we worked with them to build and prototype integrations with alpha customers. Today, any customer can install these integrations by visiting the “Partner-built integrations” section on the Integrations page.
  • Integrations Include
    • Kolide: MDM
    • Incident.io: Incident Management
    • BreachRX: Incident Management
    • Haekka: Security Training
    • Riot: Security Training
    • EasyLlama: Security Training
    • Termius: Secrets
    • Kitemaker: Task Tracker

 

October 2022


Week of October 31, 2022

  • Filtering out non-resolvable vulnerabilities for AWS and Snyk
    • Non-resolvable vulnerabilities detected through AWS and Snyk will be automatically filtered. These will no longer show up in Vanta.
  • Share feedback form added to the How to fix section
    • We now collect feedback directly from users, on what we can change or add to the test details page to make fixing the test easier for them.

  • Event Log
    • Vanta's Event Log shows a history of changes made within Vanta including administrative activities, data modification, and user logins. 

 

Week of October 24, 2022

  • System Description Network Diagram Image Size Limits are now removed
    • We now resize and/or compress the image to avoid this limitation. The act of having to download, edit, and re-upload their System Description is an annoying pattern we'd like to avoid, and makes our System Description feel less magical/smart. Having to do that due to image size restrictions will (virtually) never happen anymore.
  • Universal test SLAs
    • Users set a period of time to commit to fixing the test by and if a test fails, users are given a suggested due date to remediate, with the test failures only shown to auditors if the date passes.
  • System Description Custom Inputs
    • The tag and dropdown inputs now accept custom inputs while still keeping the suggested values from before. 
  • Custom Inventory Tags
    • Users can now use their own tagging taxonomy for bulk tagging in Vanta. By doing a one-time mapping of their custom tags to Vanta's tags in the Vanta UI, Vanta will be able to read the information directly from their own tags.
  • Time Sensitive Tasks sidebar on the home page
    • Users will see a vertical sidebar on the right portion of the home page. This makes it easy to see and action on priority (overdue/due soon) tasks when the home page is opened.

 

Week of October 17, 2022

  • Custom Policy Approval & Acceptance Tests

    When customers create new custom policies, new tests will be automatically created to monitor the (annual) approval and employee acceptance statuses. These tests will be viewable from the Tests page under the Policies category and behave, like our existing Vanta Policy Tests. Additionally, customers now get all the notifications that come with normal Vanta Tests.

 

Week of October 10, 2022

  • Temporarily deactivate tests or documents
    • Users can now add end dates when deactivating a test/document. This will allow them to deactivate tests/documents until a specified date, after which, they will automatically be reactivated when the date passes.

 

Week of October 3, 2022

  • Connect AWS accounts via CloudFormation
    • Customers can now connect their AWS accounts automatically using CloudFormation as a part of the AWS cloud provider connection flow.
    • A CloudFormation script is available directly in the connection flow for customers to use (copy or download), to make the process as smooth as possible.
  • Inventory Page CSV export now includes more fields
    • An exported CSV file will contain all the data fields displayed in the inventory table for each inventory type.
  • New Auditor View
    • A new page has been built for auditors to view customer evidence. Tests, policies, and documents all live in a single place for auditors, scoped down to the standard under audit and the observation window. 

 

September 2022

 

Week of September 27, 2022

  • Processing Integrity and Privacy Controls
    • Customers are now opted into PI and P TSCs for SOC 2 with Vanta’s default control set, and can be mapped to new controls or other existing controls to these sections.
  • Enhanced control Owner workflows
    • Customers can assign owners to controls for tracking purposes. Assigning owners will also enable ISO 27001 to meet that standard's requirements for process oversight.
  • Audit Report Download/Edit for Auditors
    • We've added the ability for auditors to both download and replace the existing audit report for a given audit engagement.
  • Bulk approval for policy updates
    • Customers will now be able to bulk approve policy updates
  • Trust Report Watermarked Documents
    • This feature adds watermarking for private PDFs (either on a private report or a private document in a public report). By adding a watermark, customers can feel more confident in sharing out documents in a Trust Report.
  • Monday.com integration support
    • The 1-way monday.com integration lets customers pull their security issues data automatically into Vanta in order to track that they are being assigned priorities and owners and being closed within the set SLA. Additionally, customers can now review user access to monday.com via Vanta on the Access page.

 

Week of September 19, 2022

 
  • Code Changes Bulk Export Button
    • Allow bulk export of the code changes page as a csv file. The button exports changes from the filtered repo and date range.

 

  • Tests Recieve SLAs
    • If a test tracks an SLA, Vanta will show yellow “due soon” state, with the upcoming deadline. 
    • Tests will only be flagged to auditors  once the SLA is exceeded

 

Week of September 12, 2022

  • Improved AWS connection flow UI
    • The improved AWS connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their AWS integration.
  • VMware Workspace One MDM(beta)
    • Vanta uses its API to automatically pull computers and information related to hard drive encryption, password management, antivirus, and screen lock
  • Improved GCP connection flow UI
    • The improved GCP connection flow UI is a full-screen modal with more clear steps and copy that will make it easier for customers to set up their GCP integration via Cloud Shell.

 

 Week of September 1, 2022

 
  • Auditor Preferred Evidence for All Customers
    • Vanta can now detect when customers sign with a seamless partner throughout the whole customer lifecycle
    • When we detect this from SFDC, the customer has the ability to opt into their auditor's preferred requirements, which include scoping out their irrelevant documents and adding any custom evidence they required.
    • Additionally, if the customer switched seamless partners, we'll remove the previous auditor's preferred evidence requirements.

 

July 2022‍

 

CCPA compliance support

  • Vanta now supports CCPA compliance
  • Businesses that collect, use, or sell the personal information of California consumers are subject

New Home page and navigation

 

Assign tests to anyone with Test Assignments

  • Assignments allow you to delegate specific tests to anyone in your company.
  • Assigned employees are notified and provided access to a limited version of Vanta displaying only their assigned test and remediation details.

Custom controls with Control Management

  •  Create and manage custom controls with Control Management.

June 2022

 

Vanta Trust Reports

  • A Trust Report is the fastest way to demonstrate your commitment to security, speed up the security review process, and build trust with prospects.

Scoping by IdP: OneLogin, Office, Okta, and Google

Manual deactivation of employee accounts

Templates for non-technical evidence

  • Vanta now includes helpful templates for nearly all non-technical tests.

AWS DocumentDB, GCP Artifact Registry support

  • Vanta now supports AWS DocumentDB as a resource for NoSQL Databases.


May 2022

 

The Vanta API (beta)

  • Vanta’s API is now available in beta to all users. We launched the API to help customers leverage Vanta’s platform capabilities for custom security solutions.

Snowflake integration

  • Vanta now offers an integration with Snowflake’s cloud data platform to help users satisfy user access and inventory management requirements.

Enhanced MDM migration support

  • For users seeking advanced device management features, we've made it easy to transition from the Vanta agent to a supported MDM.

New custom evidence features

  • To streamline the evidence collection process, Vanta now provides custom evidence request, approval, and comment features.


April 2022

Asana task creation

  • Easily create Asana tasks within Vanta test pages to better manage your team’s work

AWS Lambda severless monitoring

  • AWS Lambda functions are now tracked as a resource within your Inventory page

Native policy editor

  • Vanta now supports in-app editing of existing, new, and uploaded policies


 

February 2022

 

Slack notifications

Okta IdP scoping

  •  Easily control who's in Vanta scope within Okta.

Datadog expanded integration

  • Datadog users now have over 30 new tests for enhanced server monitoring.


 

 

January 2022

Improved Vulnerability Management

External Task Creation: Jira Issues

  • New option to create Jira Issues directly within test pages to better manage Vanta tasks.

Custom Evidence Requests and Control Mapping

  • Auditors and users can now generate custom evidence requests within test pages