December 8, 2023

Vanta – Security and compliance provider has launched a Vendor Risk Management offering  organizations streamline third-party vendor security reviews and due diligence.

This new offering will automate vendor discovery, vendor assessment, and remediation workflows to significantly reduce the time and cost associated with third-party vendor risk reviews and management.

Vanta’s VRM will be available to customers at launch as an add-on to its flagship and namesake trust management platform. The vendor risk management segment has picked up with the proliferation of cloud-based applications, which has resulted in third-party applications emerging as a common attack vector for hackers, with a reported contribution of 60% to overall data breaches.


On an average it takes, 280 days to discover a third-party data breach. The global VRM market, which is a smaller segment of the governance, risk management, and compliance (GRC) market, is expected to grow from $4.60 billion in 2020 to $13.98 billion by 2028, at a compound annual growth rate (CAGR) of 14.6% during the forecast period, according to a report by Verified Market Research.

The leading players in the market include IBM, MetricStream, RSA Security, Lockpath, OneTrust, and BiSight Technologies, providing a range of VRM solutions and services such as risk assessment and scoring, third-party due diligence, compliance monitoring, and vendor performance management.

Vanta’s new offering is designed to combine the entire vendor management process within a single, automated workflow with necessary integrations with third-party applications, identity providers, and database systems. This, the company said, reduces review costs by 90% as opposed to siloed point solutions.

Vanta can automatically discover any vendors — cloud providers, identity providers like Auth0, databases, CRM systems, and more — and the employees using them via integrations with the company’s single sign-on, and identity providers (IdP) systems.

It employs a vendor ranking system through a risk rubric that provides better visibility into vendor-based risks. This evaluation combines a score of metrics derived from “business critical” factors that customers can adjust based on their requirements.


This automation will include transforming the traditionally manual process of answering security questionnaires into an automated library of up-to-date, web-based spreadsheets and forms with added features such as auto-complete and one-off questions with a browser extension.

Vanta’s VRM gives insight into redundant applications, enabling organizations to make informed commissioning and de-commissioning of applications efficiently, thereby saving costs, according to Cacioppo.

The automated workflow also streamlines tracking compliance reports and installs periodic reminders to request updated reports.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.