Overview
RansomLeak's Vanta integration is a one-directional, OAuth-based sync that posts security-training completion to Vanta as control evidence. You connect once, and the awareness-training control on each of your frameworks stays current on its own, with no spreadsheet export before an audit.
It keeps two things in step with Vanta, on every completion and an hourly sync:
- Training completion as control evidence
- The workforce roster to match people
- Six frameworks, mapped automatically
- Current within about a minute
The connection is read-only toward your Vanta account: RansomLeak posts its own evidence and never reads or changes anything else. Employees take the training on the RansomLeak platform, and completion flows to Vanta as evidence.
What it evidences
A completed training path is sent to Vanta tagged with the frameworks it covers, so it lands on the right control without manual mapping. Each framework's security-awareness-training requirement is the one it satisfies.
| Framework | Awareness-training control |
|---|---|
| SOC 2 | CC1.4 (workforce competence and security awareness) |
| ISO 27001 | A.7.2.2 (information security awareness, education, and training) |
| HIPAA | § 164.308(a)(5) (security awareness and training) |
| PCI DSS | Requirement 12.6 (security awareness program) |
| GDPR | Article 32 (security of processing) |
| CCPA | Reasonable security procedures and practices |
Only people enrolled in a training path produce a record, so Vanta does not fill with empty rows for employees the program does not cover. Curate the paths and their framework tags in RansomLeak, and the right evidence follows.
Connect Vanta
You connect from RansomLeak as an admin. Authorizing grants RansomLeak permission to write and read its own connector resources in Vanta, and nothing more.
-
In RansomLeak, go to Admin → Integrations → Vanta and select Connect to Vanta.
-
You are redirected to Vanta. Sign in and approve the requested read and write resource permission for the RansomLeak connector.
-
Vanta returns you to RansomLeak with the connection established. An initial sync runs on its own and posts your current evidence.
You need the Manage Integrations permission in RansomLeak and admin rights in Vanta to authorize the connector. For help during setup, email support@ransomleak.com.
How the sync works
RansomLeak posts a full picture of evidence on each sync, so Vanta always reflects current status rather than a stream of deltas you have to reconcile. People are matched by work email.
| What RansomLeak posts | Why |
|---|---|
| Training-completion status per person | The evidence itself: which path, which frameworks, completed or not, and when. |
| The workforce roster | So Vanta can attribute each completion to the right employee. |
- On every completion, within about a minute
- An hourly sync as a safety net
- A manual sync whenever you want
Permissions and data handling
The connection uses OAuth scoped to RansomLeak's own connector in Vanta. It is one-directional and posts only what the evidence needs.
- Directory fields only, never passwords or secrets
- Tokens encrypted at rest
- Disconnect revokes the connection in Vanta
RansomLeak never reads your other Vanta evidence and never writes outside its own connector resources. For how RansomLeak handles data, see the privacy policy and the security and compliance page.
Frequently asked questions
Does RansomLeak integrate with Vanta?
Yes, and it is live. You connect Vanta over OAuth, and security-training completion posts to Vanta automatically as control evidence for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA. The sync runs on every completion and on an hourly schedule, so your awareness-training controls are current whenever an auditor asks.
What evidence does RansomLeak send to Vanta?
For each person enrolled in a training path, RansomLeak sends a training-completion record (the path, the frameworks it covers, status, and the completion date) plus the user-account roster it needs to match people. It is one-directional: RansomLeak posts to Vanta and never pulls data back or reads your other Vanta evidence.
Which compliance frameworks does it cover?
SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA. The completion record satisfies the security-awareness-training control on each framework, such as SOC 2 CC1.4, ISO 27001 A.7.2.2, HIPAA Security Awareness and Training, and PCI DSS Requirement 12.6.
How current is the evidence?
It updates on every completion, usually within about a minute, and an hourly sync reconciles everything as a safety net. You can also trigger a sync by hand. So the People and Tests views in Vanta reflect training status without a manual export.
What does the connection access, and is it read-only?
The OAuth scope is limited to writing and reading RansomLeak's own connector resources in Vanta, nothing else in your Vanta account. RansomLeak never sends passwords, MFA secrets, or training content, the stored tokens are encrypted at rest, and disconnecting revokes the connection in Vanta.
Where do employees take the training?
On the RansomLeak platform. Employees complete the interactive exercises in RansomLeak, and the completion posts to Vanta as evidence. You do not need to export SCORM packages into a separate LMS for the evidence to flow.
Need a hand?
Email support@ransomleak.com and we will help you connect Vanta to your tenant.