Vanta is a compliance automation platform that helps organizations achieve and maintain security certifications - SOC 2, ISO 27001, HIPAA, GDPR, and others. Vanta ingests evidence from across an organization's stack (HR systems, identity providers, security tooling, training platforms) and continuously monitors that controls are in place, mapping each piece of evidence to the corresponding control in each framework.
What is Vanta?
Vanta is a compliance automation platform that helps organizations achieve and maintain security certifications - SOC 2, ISO 27001, HIPAA, GDPR, and others. Vanta ingests evidence from across an organization's stack (HR systems, identity providers, security tooling, training platforms) and continuously monitors that controls are in place, mapping each piece of evidence to the corresponding control in each framework. GhostEye integrates with Vanta as a training and phishing evidence source so that human-layer security data appears in audits alongside infrastructure controls.
What GhostEye Syncs to Vanta
- Security training completion records - per-employee proof of completed training, tied to the framework controls Vanta audits.
- Phishing simulation results - outcomes of GhostEye-run simulations, including who was tested and who reported or fell for the lure.
- Employee training status - current enrollment and completion state for every employee in scope.
Connecting Vanta from the GhostEye Dashboard
Third-party integrations live in the `Integrations` section. From the overview, find `Integrations` in the left-hand navigation pane, just above `Settings`. In the integrations menu, the Vanta integration is under the `Compliance` tab.
Click `Connect`, authenticate to your Vanta account if you aren't already, then allow GhostEye to access your Vanta account.
In the same view you should now see that you are connected. The `Manage` button replaces `Connect` once the integration is active.
Managing or Disconnecting the Integration
To inspect the connection, click `Manage`. The management view shows the current status, the API permissions GhostEye is using, and the exact data being synced to Vanta. To disconnect, click `Disconnect` and confirm.
Disconnecting pauses training evidence sync to Vanta. Reconnect Vanta to resume compliance reporting - any controls that depended on GhostEye evidence will fall out of date until the integration is restored.
Why It Matters
Compliance frameworks like SOC 2 and ISO 27001 require evidence that employees receive ongoing security training and that the organization tests human-layer controls. Historically this meant exporting CSVs from a training platform and uploading them on a schedule. The Vanta integration removes that manual step: GhostEye's continuous training, phishing simulation, and remediation results become continuous evidence in Vanta, mapped to the controls auditors actually look at. Human risk stops being a side process and starts behaving like every other control in the audit.
Frequently Asked Questions
Which compliance frameworks does the Vanta integration support?
Any framework Vanta tracks that requires evidence of security training or phishing-testing controls - SOC 2, ISO 27001, HIPAA, GDPR, and others. GhostEye writes the evidence; Vanta maps it to the relevant control in each framework.
What data does GhostEye send to Vanta?
Security training completion records, phishing simulation results, and employee training status. The integration uses the connectors.self:write-resource API permission and is scoped to writing GhostEye's own resources into your Vanta account.
What happens if I disconnect Vanta?
Training and phishing evidence sync to Vanta pauses immediately. Any compliance controls that depended on GhostEye evidence will go stale until the integration is reconnected. No data is deleted from Vanta on disconnect.
Where do I connect Vanta from in GhostEye?
From the GhostEye dashboard, go to Integrations in the left navigation pane (just above Settings), select the Compliance tab, and click Connect on the Vanta card.