Vanta - Experts & Thought Leaders

Vanta, the trust management platform announced new investments in the United Kingdom and Ireland, including new compliance frameworks, product features, and the opening of its London office.  These initiatives reflect Vanta’s ongoing commitment to helping UKI and European businesses easily achieve compliance and scale security programmes by providing the technology, local expertise, and trusted partnerships needed to compete on a global stage.  Support for the EU AI Act The rapid adoption of AI technologies presents both opportunities and risks for organisations. According to Vanta’s new State of Trust 2024 report, nearly half (49%) of UK companies are concerned about the risks AI poses to their security. Vanta’s support for the EU AI Act includes all AI-specific controls, policies, tests, and documents mandated by the act, helping companies meet emerging regulations and avoid significant penalties. AI risk assessments The new offering also ensures that customers have the necessary documentation for external auditors Vanta categorises AI systems as “high-risk” or “low-risk” based on regulatory criteria and automates the collection of the evidence needed to prove compliance, enabling continuous compliance monitoring while also automating AI risk assessments. The new offering also ensures that customers have the necessary documentation for external auditors making compliance with the EU AI Act seamless. Added support for DORA and NIS 2 In addition to the EU AI Act, Vanta has expanded its offerings to support DORA and NIS 2 for European businesses. DORA, which takes effect in January 2025, requires financial institutions to strengthen their digital operational resilience, ensuring that they can withstand, respond to, and recover from information and communication technology (ICT) disruptions. With Vanta’s support for the DORA framework, financial services firms in Europe can automate compliance efforts to ensure operational resilience by the January deadline. Cross-regional control set The NIS 2 directive raises standards for risk management, incident reporting, and control verification Vanta’s newly added support for the NIS 2 directive is designed to help organisations across sectors like energy, banking, and manufacturing improve their resilience and response to cyber threats. The NIS 2 directive raises standards for risk management, incident reporting, and control verification. Vanta’s support for this framework provides a cross-regional control set that allows companies to meet NIS 2 compliance regardless of where they are based, helping them to prepare ahead of the local NIS 2 law being released. Proactive approach “Vanta’s automated frameworks keep businesses up-to-date with the latest regulations, enabling them to move from point-in-time checks to a continuous, proactive approach to security and compliance,” said Jeremy Epling, Chief Product Officer, Vanta. “By automating evidence collection, streamlining workflows, and intelligently mapping requirements across multiple frameworks, Vanta helps companies achieve compliance faster and more efficiently allowing them to focus on innovation and growth.” Additional European frameworks and free penetration testing The NIS 2 directive raises standards for risk management, incident reporting, and control verification Organisations in the UK spend an average of 12 weeks a year on compliance tasks, more than in the U.S. and Australia highlighting the critical need for automation. By simplifying the implementation of new controls and policies, The NIS 2 directive raises standards for risk management, incident reporting, and control verification.       “Instead of hiring two full-time consultants and spending a year on the process, [with Vanta] we achieved compliance in just seven months, saving time and costs,” Magnus Sparf, CISO, Sitoo. UK Cyber Essentials framework Announced earlier this year, Vanta’s ISO 42001 solution helps organisations responsibly develop and use AI. By satisfying ISO 42001, organisations are better positioned to meet and exceed AI Act requirements. Vanta also enables compliance with the UK Cyber Essentials framework, a widely adopted cybersecurity framework critical for any company seeking to improve their overall security posture or bid on UK government contracts.  Black-box assessments Vanta provides free penetration testing for UKI and European customers through Cognisys Vanta’s cross-mapping of controls across frameworks enables customers to leverage already completed work to achieve compliance with these, and other, frameworks faster.  As part of these offerings, Vanta provides free penetration testing for UKI and European customers through Cognisys. These tests, which include external scans and black-box assessments, are integrated into Vanta’s platform simplifying the compliance process for European businesses. Expanded in-region presence with London office To better serve its customers in Europe, Vanta is expanding its local presence with an office in London. This is the latest investment by Vanta in the region, which includes a Frankfurt-based data centre providing customers with an option for meeting internal policies on data storage location and regulatory requirements, and its European headquarters in Dublin, which opened in 2022. Throughout the upcoming year, Vanta will expand its support in London and Dublin to ensure European businesses have the technology and guidance to establish and scale their security and compliance programmes, and demonstrate trust with Vanta.

Vanta, the trust management platform launched support for the ISO 42001 standard, giving customers a framework for responsibly developing and using AI through an AI Management system (AIMS) certified by third-party auditors. Aligned with the launch, Vanta unveiled the agenda for VantaCon UK, bringing their annual user conference to London on 23 April to discuss global trends in security, compliance, and the future of trust in an AI world amongst a gathering of experts and Vanta customers. Data management concerns According to Vanta’s State of Trust Report, 54% of business and IT leaders globally are concerned that secure data management is becoming more challenging with AI adoption, with another 51% saying that using Generative AI technologies could erode customer trust. As a result, security teams are spending more time building trust in their AI-powered products through back-and-forth conversations with prospects and creating bespoke documentation with less time for strategic security initiatives. Demonstrating AI trust with ISO 42001 in Vanta ISO 42001 assists by outlining the requirements for establishing, implementing, and maintaining an AIMS Established by the International Standards Organisation, ISO 42001 defines the requirements of an AIMS that helps organisations responsibly develop and use AI emphasising ethical considerations, transparency, and the necessity of continuous improvement. Designed for organisations that provide AI-based technologies or use AI sub-processors in their systems, ISO 42001 assists these organisations by outlining the requirements for establishing, implementing, maintaining, and improving an AIMS. Lifecycle approach Vanta’s ISO 42001 solution simplifies AI system management through a lifecycle approach, ensuring that ethical considerations and risk management are embedded throughout the product development, deployment, and operational stages. Vanta centralises all the ISO 42001 requirements in one place and helps customers document their AI policies, including: Centralise and track requirements: Vanta’s ISO 42001 solution comes with 70 new controls to streamline the implementation of governance requirements Establish AI policies and process: Vanta’s included policy templates help customers define the scope of their AIMS, associated risks, impact, and more Build responsible AI practices: Vanta helps customers understand, build, and document their AI practices such as AI system development, usage, and data management within their AI system lifecycle Coming soon, Vanta will release enhanced documentation automation, which automatically generates an Artificial Intelligence Impact Assessment (AIIA) report based on a customer’s AI provider type, AI model algorithm, the intended use of their system, and more having an AIIA report is a fundamental requirement of ISO 42001, but also to comply with the EU AI Act. VantaCon UK, the future of trust in an AI world To dive into the future of trust in an AI world, VantaCon UK is coming to London on 23 April featuring executives, founders, futurists, security experts and investors from Google DeepMind, Financial Times, Proofpoint, Sequoia Capital, Checkout.com, incident.io, Owkin, Evervault and more. The half-day event includes keynotes, panel discussions, and product announcements to explore where security and compliance are headed next, including: To Trust Management and Beyond: Introducing Vanta’s future product vision presented by Christina Cacioppo, CEO; Jeremy Epling, Chief Product Officer; Stevie Case, Chief Revenue Officer; and innovators from across Vanta. The Future of Trust in an AI World: Generative AI is transforming trust and what it means to be trustworthy. This panel of AI investors, innovators, and technology experts will discuss the obstacles and opportunities of building trust in an AI world. Featuring Christina Cacioppo, CEO, Vanta; Cristina Criddle, Technology Reporter, Financial Times; Pete Hamilton, Co-founder & CTO, incident.io; Luciana Lixandru, Partner, Sequoia Capital; and Tim Sadler, Group Vice President & General Manager, Tessian Group, Proofpoint. The Next Security Frontier: From Automated Compliance to AI: CISOs are in the business of instilling confidence, all while being confronted by more challenges than ever as we navigate an AI world. This panel of pioneering CISOs features Vijay Bolina, CISO, Head of Cybersecurity Research, Google DeepMind; Sean Catlett, former CISO, Reddit & Slack; Leo Cunningham, CISO, Owkin; and Jadee Hanson, CISO, Vanta. The State of Trust in an AI World: Vanta’s annual State of Trust industry report unveils the top barriers to improving and proving security and how AI and automation are transforming trust. Featuring insights and expert analysis from Colette Hanley, VP of Technology Risk, Checkout.com; John Hetherton, Head of Compliance, Evervault; and Jenny Thai, Head of Content, Vanta.

Vanta, the pioneering trust management platform, announced several growth, product and partner milestones showcasing the company’s continued acceleration as the platform of choice pioneering the next generation of Governance, Risk, and Compliance capabilities. Surpassing a number of growth metrics in FY ‘24 including $100M in Annual Recurring Revenue (ARR) and nearly doubling customers to 7,000 companies around the world, Vanta's performance has been further powered by the announcement of new enterprise-ready features and the rollout of AI innovations, including support for the NIST AI Risk Management Framework. Vanta unlocks new milestones Capping a record year, Vanta announced that it surpassed $100M in ARR in FY ‘24, ending January 31, 2024. In addition to reaching the milestone within five years of entering the market, Vanta nearly doubled its global customer base this past year, adding approximately 900 customers per quarter. Vanta announced that it surpassed $100M in ARR in FY ‘24, ending January 31, 2024 Vanta is the trust management platform of choice for nearly 7,000 companies around the world including Atlassian, Chili Piper, Flo Health and Quora, to build, maintain and demonstrate their trust—all in a way that's real-time and transparent. Organisational growth in FY ‘24 Vanta delivered unprecedented product, customer and organisational growth in FY ‘24 including: Launching over 260 new product features, including Vanta AI, Vendor Risk Management, and Vanta Trust Centre Expanding globally in EMEA and APAC with almost one in four customers now headquartered outside of the U.S. Appointing David Eckstein, Chief Financial Officer, Jeremy Epling, Chief Product Officer and Jadee Hanson, Chief Information Security Officer Vanta’s industry-pioneering innovation has been recognised across a range of rankings and awards in the past year including CNBC Disruptor 50, Forbes Cloud 100, Fortune Cyber 60 and Inc. Best Workplaces. Enterprise-ready features for sophisticated GRC teams To accelerate its enterprise momentum, Vanta has built the capabilities required by GRC and information security teams to scale their compliance program, unify key risk management workflows and streamline third-party risk management including: 300 pre-built integrations providing continuous, real-time monitoring of security and compliance across cloud providers, HRIS, datastore providers, and many more Vanta API to build private integrations with internal systems or public integrations accessible by Vanta customers Increased customisation for GRC practitioners, including the ability to create custom frameworks and customise Vanta’s built-in automated tests Executive reporting to prioritise and act on the key risks, measure the success of the security program, and easily report the impact to stakeholders (currently in Beta) Enterprise-ready capabilities such as Single Sign On, Workspaces, custom Role-Based Access Controls, and more Vanta’s breadth of workflows and depth of automation has catapulted the firm to be the trusted choice for Atlassian, Chegg and Omni Hotels.  Author's quote New GRC platforms are emerging in the marketplace that reduce the necessary but laborious tasks involved “Both risk management and compliance software and services continue to be top investment areas for organisations. Still, in an increasingly hostile cybersecurity environment, security teams often find themselves under-resourced and without the in-house capabilities to fully utilise their legacy GRC technology investment,” said Phil Harris, Research Director, Governance, Risk and Compliance, IDC. “New GRC platforms are emerging in the marketplace that reduce the necessary but laborious tasks involved with identifying, tracking, treating and closing risks, increasing productivity and giving team members more time to focus on business-critical projects.” Advancing the future of trust in an AI world With AI and LLM usage in 2024 continuing to accelerate, Vanta is helping customers ensure they are managing the associated risks, and demonstrate their management of those risks, to their stakeholders. Previously introduced at VantaCon in December 2023, Vanta announced that it is releasing the NIST AI Risk Management Framework (RMF) as a product that customers can use to centralise their AI risk management workflows in beta with general availability starting in February 2024. The NIST AI RMF is a governance framework developed by NIST aimed at mitigating risks associated with the design, development, use, and evaluation of AI products, services, and systems. By adding support for the NIST AI RMF directly within the Vanta platform, Vanta will enable pioneering companies to continue pushing innovation boundaries while growing trust. Vanta’s Access Reviews solution Vanta is also raising the use of AI within the forum to help clients automate once-manual Vanta is also expanding the use of AI within the platform to help customers further automate once-manual and tedious security and compliance workflows. Starting, customers can customise the questions Vanta AI uses to analyse security documents within Vanta’s Vendor Risk Management solution, reducing the time and effort to conduct thorough vendor security reviews. In addition, Vanta’s Access Reviews solution now can leverage Vanta AI to automatically and reliably import user access data from images and PDFs – valuable for legacy or on-premises systems that may not have integration capabilities. Vanta AI also now suggests mapping existing tests and policies to relevant controls, making it easier to set up new compliance frameworks within Vanta. A-LIGN partnership According to Vanta’s State of Trust Report, two in three businesses say that their customers are increasingly looking for more proof of security—with nearly one in three organisations losing new business because of missing compliance certification. While customer expectations are on the rise, security teams are expected to do more with less. A mere 9% of operating budgets are dedicated to security, leaving many teams inadequately resourced to prepare for and complete audits. With Vanta and A-LIGN, customers can now get the best of both worlds—a scalable platform to automate up to 90% of the evidence collection needed to complete a SOC 2 or ISO 27001 audit, and a highly-regarded firm to complete the audit. As a technology-enabled security and compliance partner, A-LIGN is trusted by more than 4,000 global organisations to mitigate cybersecurity risks by offering customised solutions tailored specifically with an organisation’s unique goals and objectives. Enterprise brands and scale-ups trust A-LIGN and Vanta for their organisation’s security and compliance needs.