Company attributes
Other attributes
Vanta develops compliance and security automation software designed to protect consumer data. The company's software secures businesses' networks and enables them to obtain compliance certifications such as the following:
- SOC 2
- ISO/IEC 27001
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- California Consumer Protection Act (CCPA)
In order to encrypt customers' data at rest and in transit, the Vanta platform utilizes tools such as Amazon Web Services' (AWS) Key Management System (KMS) to manage encryption keys using hardware security modules.
Vanta engages security experts for third-party penetration tests on a regular basis. The company's penetration testers evaluate the source code, the running application, and the deployed environment. Vanta also employs GitHub Advanced Security's static analysis tooling, such as CodeQL, Secrets Scanner, and Dependabot, to secure its products throughout the development process.
Vanta's application is hosted on AWS, and the platform uses the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector. In addition, Vanta deploys its application using containers operating on AWS' managed services, and as a result, normally the platform does not manage servers or EC2 instances in production.
