Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This past month, the Vanta team launched new features to help you: ‍

CPS 234 and ISO 27001 are two industry-accepted standards that help protect organisations from cyber attacks—one of the biggest threats and concerns Australian organisations experienced in 2024. The standards can be said to share the same end goal—increasing cyber resilience while helping manage information security more effectively. ‍ Despite this shared goal, CPS 234 and ISO 27001 come with notable differences.

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product. ‍ Managing vendor risk is more important than ever.

As AI capabilities grow, organizations are adopting it for compliance monitoring, risk analysis, and data processing. However, increased use also introduces new risks, making strict regulation essential, especially in sectors where sensitive data is involved—like finance, insurance, and healthcare. Mishandling this information can lead to reputational damage, legal action, or hefty fines.

Security maturity means different things to different organizations, but the one constant is that it needs to be structured. By consistently assessing where you stand and where you need to go against a solid framework, you're able to take what seems like an impossible goal and break it down into achievable and actionable checkpoints that actually move the needle. ‍ The key to making this work isn't just having the right framework but making sure the right stakeholders are involved in the process.

HIPAA violations don’t always come from malicious attacks or headline-making data breaches. More often, they stem from everyday mistakes, like misdirected emails and vendors that aren’t as secure as they seem. Even small slip-ups can expose protected health information (PHI) and invite major consequences. ‍ In today’s complex compliance landscape, those mistakes are alarmingly common.

In 2010, the Australian Signals Directorate (ASD) developed a set of prioritised threat mitigation strategies to provide cybersecurity guidance to government agencies and organisations. Over time, eight of those strategies proved to be the most effective and were formalised into the Essential Eight (E8) framework, officially published in 2017.

Audits are hard enough. Chasing down duplicate evidence across systems shouldn’t be part of the process. We’re excited to announce we’ve joined Fieldguide’s open ecosystem, the industry-leading AI-powered platform built for top global CPA firms and enterprise-focused audit providers. ‍ This integration is designed to reduce friction, eliminate redundant work, and help both companies and auditors complete reviews more efficiently with streamlined communications.