We’re thrilled to announce Vanta Workspaces, a new capability in our platform that enables complex organizations with multiple business units to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account. With Workspaces, your organization can save time and money, improve your compliance and security posture, and accelerate revenue with the attestations and certifications your end customers require.

David Bowie once sang, “ch-ch-ch-changes, turn and face the strange.” While the changes to ISO 27000-series may look strange, they’re primarily a configuration and modernization of the same standard you already know. The standard’s format looks entirely different, but most of your current controls will remain the same.

The Federal Information Processing Standard (FIPS) 140-3, is a collection of standards released by the United States government to examine cryptography modules. It explains how to design, develop, and run a cryptography module. The National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE) created FIPS 140-3 to safeguard critical, unclassified information.

After tons of hard work, your company has successfully completed a SOC 2 audit and received a well-deserved SOC 2 report! Congratulations! Receiving your SOC 2 attestation is no easy feat, and it’s a significant milestone that demonstrates your company’s commitment to security and trust assurance. If you’re not sure what to do next, no worries – the hard part is done.

At Vanta, we’re on a mission to secure the internet and protect consumer data by transforming the way companies meet their security compliance and establish and deepen trust with their customers, vendors, and partners. Today we’re excited to share several announcements that help us achieve our mission.

POV: an important prospect requires all of their partners to get a SOC 2 audit. You’ve just met with your auditing firm and you’ve been tasked with evidence collection, which sounds like tracking down a lot of people and documents. No one can tell you when the RFP knowledge base was last updated. The sales team is asking how long it will take, and can it go faster? You sit back and wonder the same thing: is it possible, and if so, how?

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs)

The Federal Information Processing Standard (FIPS) is a collection of rules published by the National Institute of Standards and Technology (NIST) that outlines how to store and handle sensitive data securely. It is a fundamental security precaution that all companies must use to protect Personally Identifiable Information (PII). FIPS defines best practices for data encryption, authentication, and access control.

The U.S. federal government tends to move very slowly – except when it comes to zero-trust cybersecurity. The drive to get all agencies to zero trust is cruising along at warp speed, as evidenced by White House Executive Order 14028, CISA’s Zero Trust Maturity Model, OMB OMB M-22-09 and the DoD zero trust strategy and roadmap, all of which were released within the span of less than two years.