Vanta aims to restore trust in internet businesses. Vanta’s automated platform enables companies to prove their security and compliance posture to customers, prospects, and partners. It enables fast-growing companies to get and stay compliant through automated security monitoring for standards such as SOC 2, ISO 27001, GDPR and more.

Vanta currently has a team of over 300 employees and is based in San Francisco.

The challenge

As a leader in compliance, security and data privacy are taken extremely seriously at Vanta. Minimizing risk, protecting customer and vendor data, and building a strong infrastructure are core components of Vanta’s ethos. Having a strong incident response strategy is a critical part of meeting those standards. However, Vanta found that the five-step manual process, which was maintained in a written document, was not sufficiently robust. They faced three key problems with their existing approach:

Steps were often skipped in the heat of the moment creating situations where important stakeholders would be looped in too late.
The lack of explicitly assigned roles would lead to multiple threads of investigation, duplicating efforts at critical moments.
Retrieving all the information about what happened during the incident was a time-consuming, manual process.

What were they looking for in an incident management tool?

A more consistent, robust process which could be easily followed by anyone
Something that would improve clarity on responsibility and roles during an incident
A way to make incidents more transparent and improve visibility across the organisation
A solution that was cost effective and easy to implement, without requiring major changes to their incident creation and review process

The solution

Getting the right people into the room, fast

By reducing the manual processes involved in declaring incidents, incident.io helped Vanta dramatically improve internal communication and incident response. Without tooling to prompt the right behaviours, key stakeholders were not looped in to the incident processes. With incident.io, Vanta is able to alert the right people within minutes.

Time saved on manual processes

incident.io automates many of the manual processes involved in running incidents. Vanta now saves hours as a result of the automations, alerts, and prompts built into incident.io. For example, hours of manual work were required to remind teams to complete post-mortems, and search for timeline information. With incident.io, timelines are generated automatically, giving the Vanta team time back to focus on more important tasks.

Improved communication with Customer Support teams

Vanta’s support teams often need to be included in incidents so they can understand the causes and resolutions of issues. With incident.io, Vanta enjoys cross-team communication in addition to a faster way of notifying customers.

Better incident insights

incident.io’s post-mortem generation features have made it easier for engineers to organize incident data into a centralized document that can be easily reviewed by the larger organization.This has helped them identify incident trends and dig into root causes and action items that will help prevent future issues.

About the interviewee