Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



How Riot integrates with Vanta to increase cybersecurity awareness

Many data breaches start with a compromised account from one of a company’s employees. Jérôme Berloty and Benjamin Netter decided to build a product based on that fact and launched Riot in 2020. ‍ Based in Paris, France, Riot combines learning modules and phishing simulations to raise cyber awareness and solve compliance needs. The courses are chat-based, five minutes long, and immersive and interactive, making learning more entertaining. ‍

ciso global

What We Can Learn from Penn State's Compliance Conundrum

Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. Government, Penn State is required to implement a minimum set of security controls around Controlled Unclassified Information (CUI) it collects, creates, or handles as part of its partnership with the government.

vista infosec

Rights of a Data Principal Under the DPDP Act

With the advent of the Digital Personal Data Protection Act (DPDP Act) in 2023, India has taken a significant step towards safeguarding the rights of individuals, termed as ‘Data Principals’, over their personal data. This blog post aims to shed light on the rights and protections offered to Data Principals under the DPDP Act, a landmark legislation that is reshaping the landscape of data privacy in India.

vista infosec

How to Comply With the Principles of the DPDP?

Businesses with Indian customers or those accessible to Indian citizens, take note! The Digital Personal Data Protection Act (DPDP) has been passed in India. This new law, approved by the president on August 11, 2023, dictates how organizations handle personal data. The DPDP Act is not yet enforceable as the Data Protection Board of India is still being established.


Introducing expanded Role-Based Access Control

Today we’re thrilled to announce that Vanta’s Role-Based Access Control (RBAC) functionality has gotten even stronger with new capabilities, including: ‍ ‍ These expanded RBAC capabilities are now generally available and demonstrate Vanta’s continued commitment to supporting the needs of larger, more advanced organizations through additional customization and flexibility across our platform. ‍


TrustCloud Product Updates: September 2023

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month. NEW: Prove the ROI of your security and privacy investments with TrustCloud Business Intelligence (BI) TrustCloud Business Intelligence is here! Now, you can see and share key results from across your compliance, risk management, and sales acceleration programs to showcase ROI, prove value, plan your resources, and easily align with stakeholders.

TrustCloud Business Intelligence Dashboards Empower CISOs to Present Financial Impact of Risk, Security, and Compliance Program to Board of Directors

TrustCloud Business Intelligence helps GRC and Security professionals track and share how their trust program adds efficiency, reduces financial liability and risk, improves security, and drives revenue growth-proving to business leaders that GRC is a profit center.

How we operationalize security risk assessments at Vanta

This post is part of an ongoing series where you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta—and most importantly, our customers—secure. In today’s post, you’ll hear from Rob Picard, who leads Vanta’s Security team, and Matt Cooper, who leads Vanta’s Privacy, Risk, & Compliance team. ‍