Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a startup, your early success and growth depend on earning buyer trust. But when you have limited levers to pull, like brand recognition, customer logos, and investor backing, proving trust often comes down to demonstrating a strong security posture. ‍ However, the bar for trust is rising—especially if you’re building with AI. Today’s discerning buyers expect more than a SOC 2 report.

In late March 2025, the General Services Administration (GSA) announced the first major overhaul to FedRAMP in over a decade, soft-launching a new, fast-track authorization path called FedRAMP 20x. ‍ In May 2025, we submitted our initial package for the pilot, quickly followed by a resubmission of our final package. We’re now excited to share that Vanta has officially achieved FedRAMP 20x Low Authorization and a listing on the FedRAMP Marketplace.

Healthcare organizations operate under an extension of regulations, HIPAA being amongst the top, leaving little room to prioritize voluntary frameworks like SOC 2. ‍ However, overlooking SOC 2 is a missed strategic opportunity as it offers structured, actionable security guidance that not only strengthens security and privacy posture but also facilitates HIPAA compliance. ‍ In this guide, you’ll learn why that’s the case and discover: ‍

Staying compliant has never been more complex or more critical. With evolving regulations, expanding tech stacks, and increasing third-party exposure, today’s security and compliance teams are under constant pressure to reduce risk while upholding trust. Understanding the latest trends is key to staying ahead. ‍ This roundup of security and compliance statistics brings together the most up-to-date data on regulatory readiness, breach impact, automation, vendor risk, and more.

ISO 27001 is a widely used standard for protecting the security of organizations across sectors and their data through comprehensive controls. While it’s beneficial for virtually any industry, organizations in the healthcare sector often find it especially valuable. ‍ This is because they’re often subject to extensive but vaguely defined regulations, and ISO 27001 provides the structured approach to compliance they need.

Vanta has raised a $150M Series D and is now valued at $4.15 billion. ‍ Financing mile markers are exciting validation of what we’re building and also serve as a rare moment to reflect on the company and hone in more sharply on our mission. ‍ Vanta’s mission is to help businesses earn and prove trust. ‍ We believe trust is the critical ingredient to growth.

The regulatory landscape is constantly evolving to address new technologies and risks. As a result, organizations must navigate an increasing number of frameworks to protect their systems and data. ‍ Manually managing complex compliance workflows, such as control effectiveness monitoring, can lead to inconsistent documentation, human error, and costly audit failures.

In 2024, Vanta’s State of Trust Report found that cybersecurity threats were the number one concern for Australian organisations. To mitigate such threats, the Australian Prudential Regulatory Authority (APRA) developed CPS 234—a robust security framework that all APRA-regulated entities must implement. ‍ CPS 234 addresses virtually all aspects of an entity’s security infrastructure, so implementation can be challenging without guidance.