Penetration Testing: Hard Requirement or Best Practice?
A common question we receive at Vanta is in regards to penetration testing. Vanta users are unsure if it is a hard requirement for their audit or a best practice for security.
It's important first to understand what penetration testing is.
Penetration testing (pen testing) is a type of security testing where a simulated attack is carried out on a computer system, network, or application to identify weaknesses. A penetrating test aims to identify issues and resolve them before someone with malicious intent finds and exploits them. To put it simply, your organization hires an ethical hacker to test your system before an unethical hacker exploits any vulnerabilities.
In your Vanta account, you will see requests for the following pieces of information:
Documents: Penetration test report
Tests: Records of penetration testing
Controls: Security controls evaluated
These items are not required for your SOC 2 or HIPAA audit but are considered a best practice to maintain a strong security posture.
Comments
3 comments
Hi Sarah Wilkey!
That's such a great question. We have a list of partners we work with, here. We have quite a few options to make sure that users can pair with a company that fits their needs. (Some of these partners even offer a discount to Vanta customers!)
Very interesting, I have never looked at the control mapping, but just assumed it was required. Good to know!
Shannon Does Vanta have any penetration testing partners/recommendations?
Thank you so much, Shannon, for this list !!
Please sign in to leave a comment.