SOC2

Automated Platforms

• **Vanta **

  • Pricing
    • 15k 1-year SOC2 compliance
    • 15k 1-year GDPR & State Privacy Law Compliance
    • 5k 1-year addon for user audit automation (didn’t look turn key enough)
    • 7.5k 1-year Trust Page (self serve compliance portal for customers)
  • Pros
    • Good automation for Okta, Cloud providers, and many common SAAS dev tools
    • Covers SDLC audit
    • Reminders for manual processes
    • Portal for Auditors to gather their own evidence
    • If your auditor supports Vanta many evidence and handoff exercises can be touch-less
    • If you choose one of their auditors there is a steep discount and they are able use the platform to maximum efficiency
  • Cons
    • Their audit partners don’t have much name brand recognition
    • They seem to be facilitating ‘SOC2’ mills. I would be skeptical of a whole certification driven by them.
    • They were super pushy on renewal, this is a very sticky product and they know it. I would suggest going in for a 2 year deal to start with as much discount as you can dig up.
  • Caveat
    • I think if you have your own auditor, they should be able to tell you how they feel about Vanta, Drata, etc. I would ask specific questions about who is pulling the data out of the tool (you or the auditor). And what the approach will be if the tool doesn’t represent the audit data correctly.

• Drata