What is the recurring value proposition of Vanta that justifies its SaaS business model?

One point here is that these certifications need to be renewed. Fundamentally, the certification is a PDF, and the auditors are smart. They put dates on them. They'll say, "This report is valid from April 14th, 2021, to April 13th, 2022.” You can send out an old PDF, but no one wants to do that when they’re trying to sell to Okta or Google. It’s not a good look.

The other bit is that while the certification is certainly a helpful part of Vanta, it's the tip of a spear. The long-term value is having insight into the security practices of your organization and knowing, "Hey, I just onboarded 14 people, and 5 of them haven't set up two-factor authentication in their email. Let's go make sure they do that." Similar to compliance certs, we’re seeing economic incentives develop around showing this type of real-time validation. We just launched Trust Reports which allows customers to proactively share a real-time look at their security posture, along with commonly requested documentation. These have already become a wildly popular and useful feature for customers who are used to filling out lengthy security questionnaires or have not yet gotten their SOC 2.