Compliance Standards Library

Minimum Viable Security Product (MVSP)

  • Updated

Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers. MVSP is a modern, open-source control set co-created by leading technology companies and oriented towards software development organizations.


Who should follow MVSP?

  • It is recommended that all companies building B2B software
  • B2B companies that are handling sensitive information 


What is the timeline for MVSP compliance? 

  • Approximately 40 hours of preparation. 


What can Vanta automate?

  • Vanta has automated technical tests and document requests for every control.


Does MVSP require a formal audit?

  • No. MVSP compliance requires self-attestation. 
  • MSVP is an excellent option for smaller companies that need to prepare for significant compliance efforts, such as SOC 2; instead, they use MVSP as a baseline to ensure the security posture of their MVP. Vanta helps automate this process by running tests against the appropriate controls and managing necessary documents and evidence.