Vanta

What is ISO 42001? 👇 Learn more about how to demonstrate secure AI practices with ISO 42001 here: https://lnkd.in/eW5xV_ir

Is SOC II just security theater? 🤔 I read a lot of spicy 🌶️ conversations about this topic. It seems like everyone wants to weigh in on the shortcomings of SOC II and compliance frameworks in general. Let me be clear, no one is claiming that SOC II = complete security. A SOC II report demonstrates that an organization has designed and implemented controls that meet the AICPA’s Trust Services Criteria, and that those controls are mature enough to withstand testing by an independent third party auditor. The common takeaway from a SOC II report is that an organization has implemented at least a fundamental baseline of cybersecurity controls.  What is SOC II then? And what is it NOT? 🟢 It is a framework for putting controls in place and attesting to their strength.  🔴 It is not a comprehensive list of ALL the controls you need to put in place to secure your environment, business, etc. 🟢 It is an attestation framework—meaning the quality and integrity of your auditor is key.  🔴 It is not a binary certification program. 🟢 It is one way to strengthen your security posture.  🔴 It is not the ONLY way to strengthen your security posture—not by a long shot. Curious what else my peers would say. What do YOU think SOC II is and is not? At the end of the day, so much more goes into a comprehensive security and GRC program. I thought this conversation I had with some fellow CISOs a few months ago did a good job of scratching the surface of how we move into the future of GRC. Link here for anyone interested: https://lnkd.in/e6J4Q3dJ

This month we're diving into: 🧭 How to navigate AI risks ⏳ The risks of waiting on compliance ✅ How to run a successful, modern TPRM program Check it out here 👇

Get to know the 5 individuals who won our Global Excellence in Trust award, as part of the Vanta 25 to Trust awards program. This group of practitioners successfully led their organizations through the complexities of international frameworks like DORA, the EU AI Act, or ISO certifications. This award highlights leaders who demonstrate adaptability, vision, and outstanding leadership on the global stage, driving trust and security across diverse markets. Our winners are... - Jon Westholm, who expanded Tibber’s security program, rolling out compliance across six frameworks and managing risk for 100+ vendors. His leadership ensures continuous compliance, aligning security with business growth and strengthening trust across global markets. - Lazar Lazarov from BVNK, a global trust leader, educating security teams on frameworks like DORA and the EU AI Act. His work in compliance strategy and education fosters trust worldwide, helping organizations navigate evolving international security regulations. - Lucien PINTO, who scaled SWEEP’s Trust Center, maintaining 100% control completion in Vanta and monitoring 285 controls. His leadership in transparency and compliance has bolstered customer trust and enabled global revenue growth through security excellence. - Mandy Matthew, who built Duolingo’s security framework from scratch, achieving ISO 27001, GDPR, and SOC 2 compliance while navigating AI regulations. Her leadership positioned trust as a global advantage, unlocking new markets and enabling rapid, secure expansion. - Zafrul Sattar from Multiverse, who is driving ISO 27001 and SOC 2 compliance, mapping NIST controls for US clients, and streamlining third-party VRM in Vanta. With a structured gap analysis and a focus on integrations, they are executing an ambitious roadmap to scale global security standards. Congratulations to all of our winners. For more information about each category and honoree, visit: https://lnkd.in/gXgeqRhw

⭐ Just released ⭐  Today we introduced new features that streamline collaboration with your extended team, including:   - Team-based ownership and granular user access to empower cross-functional collaboration inside of Vanta. - Vanta Exchange to aid direct buyer-vendor collaboration for faster, efficient vendor security reviews. - Enhanced auditor collaboration with access to test source data, shared directly in Vanta or through the Auditor API. - Expanded Questionnaire Automation support for web portals, DOCX, and PDF formats. These features empower security and GRC teams to work smarter, not harder, across their entire network of stakeholders. Because maintaining continuous compliance and trust isn't a one-person job—it’s a team sport. 💪⚽ Check out our blog to learn more: https://lnkd.in/gvzMP6Bb

Register for our webinar with Graham Cluley to chat about the evolution of cybercrime and how you can protect your business. Link below 👇 https://lnkd.in/g69KVh46

Christina Cacioppo weighs in on the future of AI regulation 👇

😉

🔔 Last call 🔔 Register today for our virtual launch event on Wednesday, March 19 to get the scoop on: - New product capabilities to help you collaborate with your extended team of employees, vendors, auditors, and customers - Expert insights about how to create a shared culture of responsibility around trust and security Register here: https://lnkd.in/gNb-DmRa

Curious to learn more about Vanta VRM? Join us on March 26 for a special webinar showcasing Vanta’s latest VRM enhancements—featuring stories and first-hand experience from Vanta VRM users: Doug Innocenti, CISO at MoonPay and Stasi C., Director of Global Risk & Regulatory Compliance at MoonPay. Register here: https://lnkd.in/g7UnUuS5