Eric S.

Commented on AI-Only Code Reviews and SOC 2 Change Management:...·Posted inGRC

We are exploring starting with a simple control that states something like the following: The company has configured an agentic AI process to automatically review all code merges for security and quality issues prior to production release. When issues are discovered, the agent does not approve the merge. The second part of that sentence could be further adjusted to specify ...when cybersecurity specific issues are discovered...

Commented on Introducing a Single Toggle to Manage All Vanta No...·Posted inProduct Updates

Eric S.

I definitely +1 this. It's a huge issue when the CEO is getting notifications because they are assigned some BoD control ownership. We would like to be able to manage notification settings on their behalf rather than having to walk them through setting it themselves. The current change is definitely in the right direction though.

Commented on Has Anyone Successfully Replaced GitHub Branch Pro...·Posted inGRC

Eric S.

Hi Rudy M. Our customers enable branch protection on the main branch only. Other dev/staging branches don't have it so they can code/test/deploy to non-prod environments without friction. The friction only happens prior to production release.

About

Trust Center