What is Vanta's strategy for expanding beyond SOC 2 to support other certification types?

One of the original hypotheses of the company was that when you looked at startups, they got none of these certifications. 

If you looked at big tech companies like Slack or Okta, they had lots of these badges on their website, but it seemed pretty clear that you get one first, and then you wait as long as possible because these things are terrible to get and can be distracting.

What technology fundamentally does here is just make it all happen faster. We went to market with just SOC 2 because we had to start somewhere focused and do that one thing well. The plan was always that people would want more of these, and the core technology is very similar. The core of the product is just taking configuration information, taking company practices, testing them, seeing what's in place and what's not, and comparing it to a given compliance standard—that's pretty easy. 

There is a lot of overlap in the actual security work required to obtain each standard, but they all look different structurally. Vanta helps startups obtain more standards, with less effort, by doing this mapping in the background. We spent the first half of 2021 taking our SOC 2 MVP and making it a more general platform where you're, "You want to SOC 2? Cool. You want a GDPR? Cool. You want to XYZ? We can do that."