Vanta Launches Improved Security: Automated ISO 27001 Certification and HIPAA Compliance
Vanta, the leading automated security and verified compliance platform, announced today public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns have spotlighted how companies handle their customers’ data, specifically driving the need for SOC 2, HIPAA, and ISO 27001 compliance as a prerequisite for doing business. As the SaaS market is forecasted to rise to more than $122 billion this year, the risks and costs associated with security breaches have similarly expanded. During the first six months of 2020, more than 36 billion records were exposed with each data breach, costing U.S. companies $8.64 million on average.
Following the Equifax breach of 2017, Vanta emerged on a mission to improve security and safeguard personal data. It was clear from the increasing number of high-profile data breaches that online security was only becoming more important. At the same time, Vanta understood how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation.
Vanta started by automating SOC 2, the most commonly-accepted framework for demonstrating security in the United States. But SOC 2 has always been just the beginning. In May, Vanta announced an invite-only Beta for the company’s two other most requested security standards: ISO 27001 and HIPAA.
Today, after several months of product refinement, Vanta is excited to announce public availability for HIPAA compliance and ISO 27001 certification. These standards are now available as standalone services or packaged with their award-winning SOC 2 offering.
With this release, Vanta customers can enhance their security posture and prove compliance—all in one automated security platform.
Companies that create, access, store, or share Protected Health Information (PHI) must comply with HIPAA legal requirements or potentially face steep fines and penalties. However, becoming HIPAA compliant can be a complex and time-consuming process. And because there is no independent audit associated with HIPAA, it can be difficult to even know whether or not you’re compliant at any given time. The impact of weak security standards is costly: the healthcare industry lost an estimated $25 billion to preventable ransomware attacks in 2019.
Vanta’s HIPAA product demystifies the path toward becoming and staying HIPAA compliant. In fact, Vanta automates over 85% of the evidence requirements needed to prove HIPAA compliance, while helping customers manage evidence that is not automated, such as signed Business Associate Agreements.
Additionally, built into Vanta are CPA-vetted policy templates that help companies codify their PHI privacy and security procedures, saving them from drafting these documents from scratch or hiring a security consultant. As Anthony Powles, Head of Security at HeyMarket says, “Vanta’s policy generator really saved our small team a lot of time at the beginning to cover all our bases for SOC2 and HIPAA, especially as we’re not experts in writing policies. It provides a solid foundation with a lot of options and the ability to fully customize them as needed.”
With Vanta’s HIPAA product, companies will spend less time chasing down evidence from employees, systems, and Business Associates and confidently track progress toward compliance in one place.
ISO 27001 is the global benchmark for demonstrating an effective Information Security Management System (ISMS). For businesses selling to customers outside of the U.S., a well-defined ISMS may be required by local law and potential buyers will likely ask to see an ISO 27001 certificate prior to purchasing. According to IDG, 66% of CIOs surveyed said that compliance mandates were driving spending.
However, becoming ISO 27001 certified is a months-long or even year-long process that requires documenting policies and procedures, identifying risks, assigning responsibilities, and training personnel. Further, ISO 27001 certification includes both an internal and external audit to ensure that an organization’s ISMS has been properly implemented.
Fortunately, Vanta’s ISO 27001 product brings clarity to this complexity. Vanta provides customizable policy templates to help define the scope of an ISMS, assign roles and responsibilities, identify risks and mitigation measures, and more. And the Vanta platform leverages read-only integrations with leading cloud providers, task trackers, MDMs, and more to automatically collect evidence and map it to Annex A controls. In fact, Vanta automates over 80% of the ISO 27001 certification requirements — meaning customers spend less time on compliance, and more time growing their business.
As one of Vanta’s ISO 27001 Beta customers has noted:
“Lots of companies claim to automate compliance but Vanta is actually doing it. They really help guide me through the SOC 2 and ISO 27001 experience. This is my first time working with both of these frameworks and I really appreciate having the Vanta team behind me to support.” -Vicky Levay, Director of Compliance at FloQast
Vanta streamlines the path toward compliance with powerful automations, reports on your compliance progress, and clear instructions on how to fix any gaps. And now, Vanta gives customers a single view to easily track progress toward each standard and drill down into the specific controls and pieces of evidence behind each requirement.
“Adding support for additional compliance standards HIPAA and ISO 27001 is a natural extension of our mission,” said Christina Cacioppo, Co-Founder and CEO of Vanta. “Arguably no consumer data is more important to protect than our Protected Health Information. As more and more of our PHI moves to the cloud, there’s a growing need for the companies that process and store that data to prove that they handle it with the utmost integrity — not just on one day, but continuously. Similarly, as more of our business is conducted globally, there is a huge need for companies to speak one common ‘language’ of compliance. ISO 27001 gives businesses that globally accepted framework while demonstrating an extremely rigorous security posture. These two are the first of several additional standards we are adding to our security monitoring platform this year.”