Vanta

"You can't just dictate or mandate. That's not what the function is about." We loved these insights from Anthony English at WorkJam about how to create a shared culture of responsibility around trust and security in any organization. Two big tips: 1?? Don't act like the "security police" — You're here to help and enable team members, not punish or restrict them. 2?? Don't place blame. When you find an issue, don't look for a culprit. Instead, look for a solution that will work for everyone and benefit the business. For more advice and tips, check out our full conversation with Anthony (plus Jadee Hanson and Nicole Dobias) here: https://lnkd.in/gJ5f2hV7

What happens when 7 GRC automation platforms sit down for a candid conversation about the future of the industry? You get real insights, a few spicy takes ???, and a look at where the industry is headed next. Our Chief Product Officer Jeremy Epling joined a first-of-its-kind roundtable with the GRC Engineering Podcast to discuss the future of GRC and share how Vanta helps our 10,000+ customers unlock growth through building and maintaining trust at any scale. Key topics from the roundtable: - Is compliance becoming a commodity or finally getting democratized? - Can GRC automation truly serve enterprise needs? - Taking a modular approach to winning enterprise customers - The role GRC engineering plays in modern security teams ?? Listen to the full conversation and share your thoughts below!? https://lnkd.in/eHgQ5JuY?

The DoD is rolling out CMMC enforcement over the next three years. If you plan to work with the DoD, it’s time to get CMMC certified.? Use this checklist to guide you through the steps to take to get CMMC certified and how to successfully implement and maintain the certification. https://lnkd.in/guMnZyUu

Did you hear? Questionnaire Automation will soon support the end-to-end automation of documents and portal-based questionnaires natively in Vanta. Complete security questionnaires faster and more efficiently, whether they come in the form of: ? PDFs ? Word documents ? Third-party portals All you have to do is review, approve, and submit. Voila! ?? Learn more about all of our new product capabilities (just announced last week) on our blog: https://lnkd.in/gvzMP6Bb

Compliance is a competitive advantage. When CipherStash teamed up with Vanta, the team was able to: - Open new opportunities with security-conscious customers - Significantly reduce the manual burden of managing security compliance - Concentrate on building their product—without being held back by time-consuming compliance tasks. Learn more: https://lnkd.in/gxEsbdE6

What is ISO 42001? ?? Learn more about how to demonstrate secure AI practices with ISO 42001 here: https://lnkd.in/eW5xV_ir

Is SOC II just security theater? ?? I read a lot of spicy ??? conversations about this topic. It seems like everyone wants to weigh in on the shortcomings of SOC II and compliance frameworks in general. Let me be clear, no one is claiming that SOC II = complete security. A SOC II report demonstrates that an organization has designed and implemented controls that meet the AICPA’s Trust Services Criteria, and that those controls are mature enough to withstand testing by an independent third party auditor. The common takeaway from a SOC II report is that an organization has implemented at least a fundamental baseline of cybersecurity controls.? What is SOC II then? And what is it NOT? ?? It is a framework for putting controls in place and attesting to their strength.? ?? It is not a comprehensive list of ALL the controls you need to put in place to secure your environment, business, etc. ?? It is an attestation framework—meaning the quality and integrity of your auditor is key.? ?? It is not a binary certification program. ?? It is one way to strengthen your security posture.? ?? It is not the ONLY way to strengthen your security posture—not by a long shot. Curious what else my peers would say. What do YOU think SOC II is and is not? At the end of the day, so much more goes into a comprehensive security and GRC program. I thought this conversation I had with some fellow CISOs a few months ago did a good job of scratching the surface of how we move into the future of GRC. Link here for anyone interested: https://lnkd.in/e6J4Q3dJ

This month we're diving into: ?? How to navigate AI risks ? The risks of waiting on compliance ? How to run a successful, modern TPRM program Check it out here ??

Get to know the 5 individuals who won our Global Excellence in Trust award, as part of the Vanta 25 to Trust awards program. This group of practitioners successfully led their organizations through the complexities of international frameworks like DORA, the EU AI Act, or ISO certifications. This award highlights leaders who demonstrate adaptability, vision, and outstanding leadership on the global stage, driving trust and security across diverse markets. Our winners are... - Jon Westholm, who expanded Tibber’s security program, rolling out compliance across six frameworks and managing risk for 100+ vendors. His leadership ensures continuous compliance, aligning security with business growth and strengthening trust across global markets. - Lazar Lazarov from BVNK, a global trust leader, educating security teams on frameworks like DORA and the EU AI Act. His work in compliance strategy and education fosters trust worldwide, helping organizations navigate evolving international security regulations. - Lucien PINTO, who scaled SWEEP’s Trust Center, maintaining 100% control completion in Vanta and monitoring 285 controls. His leadership in transparency and compliance has bolstered customer trust and enabled global revenue growth through security excellence. - Mandy Matthew, who built Duolingo’s security framework from scratch, achieving ISO 27001, GDPR, and SOC 2 compliance while navigating AI regulations. Her leadership positioned trust as a global advantage, unlocking new markets and enabling rapid, secure expansion. - Zafrul Sattar from Multiverse, who is driving ISO 27001 and SOC 2 compliance, mapping NIST controls for US clients, and streamlining third-party VRM in Vanta. With a structured gap analysis and a focus on integrations, they are executing an ambitious roadmap to scale global security standards. Congratulations to all of our winners. For more information about each category and honoree, visit: https://lnkd.in/gXgeqRhw

? Just released ?? Today we introduced new features that streamline collaboration with your extended team, including: ? - Team-based ownership and granular user access to empower cross-functional collaboration inside of Vanta. - Vanta Exchange to aid direct buyer-vendor collaboration for faster, efficient vendor security reviews. - Enhanced auditor collaboration with access to test source data, shared directly in Vanta or through the Auditor API. - Expanded Questionnaire Automation support for web portals, DOCX, and PDF formats. These features empower security and GRC teams to work smarter, not harder, across their entire network of stakeholders. Because maintaining continuous compliance and trust isn't a one-person job—it’s a team sport. ??? Check out our blog to learn more: https://lnkd.in/gvzMP6Bb