Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers. MVSP is a modern, open-source control set co-created by leading technology companies and oriented towards software development organizations.

Who should follow MVSP?

• It is recommended that all companies building B2B software
• B2B companies that are handling sensitive information 

What is the timeline for MVSP compliance? 

• Approximately 40 hours of preparation. 

What can Vanta automate?

• Vanta has automated technical tests and document requests for every control.

Does MVSP require a formal audit?

• No. MVSP compliance requires self-attestation. 
• MSVP is an excellent option for smaller companies that need to prepare for large compliance efforts, such as SOC 2; instead, they use MVSP as a baseline to ensure the security posture of their MVP. Vanta helps automate this process by running tests against the appropriate controls and managing necessary documents and evidence.