  	You're using an "Internet Explorer" web browser that's no longer supported.

    This website will not function correctly when using when using Internet Explorer,

    so please upgrade to a modern web browser, like Edge, Chrome, or Firefox.

VAST Compliance Package

Strengthening compliance with documentation, processes, and support you can trust.

Respond to Compliance Requests with Ease

If you’re a business leader who regularly fields requests from internal compliance or risk management teams, you know how time-consuming these reviews can be. The VAST Compliance Package was designed to make that process faster and more transparent.

It equips you with the documentation and assurances you need to confidently respond to audits, vendor assessments, and regulatory checks without chasing down reports or waiting on additional information.

With this package, your compliance, risk, and vendor-management team(s) gain trusted evidence of Instantiations’ internal security, resilience, and governance practices, all verified and audit-ready.

Key Benefits

The VAST Compliance Package combines essential deliverables for regulated industries with the proven practices Instantiations follows internally:

Demonstrates security and operational resilience
Provides trusted, auditor-ready documentation
Supports due diligence and regulatory requests
Backed by Instantiations’ own tested practices
Aligns with compliance frameworks like DORA, SOC 2, NIST 800-53, & GDPR

What is included in the Compliance Package?

Whether your organization is preparing for SOC 2, aligning with DORA, or responding to customer due diligence requests,
the VAST Compliance Package helps you meet these expectations directly.

Included in the Compliance Package	How Instantiations Backs It Internally
SOC 2 attestation/report	Annual SOC 2 audits
Security testing summaries	Ongoing internal security testing
Resilience & incident response documentation	Documented and tested resilience & incident response procedures for Instantiations
Vendor due diligence & risk management insights	Continuous review of organizational controls and vendor risk management
Security incident notifications & transparency	Established incident response procedures with regular staff training
Data Processing Agreement (DPA)	Maintains compliance with applicable data-protection regulations
Regulatory compliance support & documentation	Align documentation with global compliance standards to simplify your organization’s regulatory reviews.
Vendor performance reviews & reporting	Regular internal reviews of support services and vendor performance
Proof of insurance coverage	Maintains appropriate insurance coverage
Software Bill of Materials (SBOM)	Up-to-date transparency on software components and dependencies
SIG Lite, SIG Core, Customer-specific TPRM Processes	Documenting and updating our current processes and practices.

Flexible tiers let you select the right level of compliance support for your organization.
Offered as an optional add-on for VAST customers and renewed yearly. Contact compliance@instantiations.com to learn more.

Meeting Global Expectations for Compliance

Regulations like the EU’s Digital Operational Resilience Act (DORA) highlight a global movement toward stronger standards for operational resilience and cybersecurity. Financial institutions, along with their technology partners, are under growing pressure to provide transparent documentation and proof of readiness. Even if your organization is not directly subject to DORA, customers and regulators increasingly expect the same level of evidence from every vendor.

The VAST Compliance Package additionally aligns with widely recognized compliance frameworks such as SOC 2, NIST 800-53, GDPR, and other standards common in government and healthcare environments.

Frequently Asked Questions

What is the VAST Compliance Package?

The VAST Compliance Package is an optional package for VAST customers that provides trusted documentation, reports, and cooperative support to streamline audits, regulatory reviews, and customer due-diligence evaluations of Instantiations and the VAST Platform.

What is included in the Compliance Package?

SOC2 reports; Disaster Recovery (DR) and Business Continuity (BC) plans and related policies; risk and vendor-management support; security incident notifications; Data Processing Agreement (DPA) and regulatory documentation; Certificates of Insurance (COI); and a Software Bill of Materials (SBOM) for VAST.

Who is this package for?

Compliance, risk, and vendor-management teams that need reliable documentation from their technology partners. The package helps organizations using the VAST Platform meet audit and due-diligence requirements efficiently, especially in regulated sectors such as banking, insurance, and government.

Does it help with DORA or other frameworks?

Yes. The package provides documentation and evidence that align with many core expectations in frameworks such as DORA and SOC2—like operational resilience planning, security testing, vendor-risk management, and incident transparency.

How do I purchase this package?

The VAST Compliance Package is available as an optional package for current VAST customers. Contact compliance@instantiations.com to discuss pricing.

What are SIG Lite, SIG Core, and customer-specific TPRM processes?

SIG Lite (~125 items) is a condensed version of the Standardized Information Gathering (SIG) questionnaire used for third-party risk assessments. It includes about 125 key control questions across security, privacy, and compliance areas to provide a high-level view of a vendor’s risk posture.

SIG Core (>1000 items) is the comprehensive version of the SIG questionnaire, with more than 1,000 detailed questions. It evaluates a vendor’s controls in depth across domains such as governance, operations, cybersecurity, privacy, and resilience.

A customer-specific TPRM process is a tailored Third-Party Risk Management approach designed to meet the unique compliance or regulatory needs of a specific customer. This process may include customized assessments aligned with the customer’s risk framework. To ensure timely responses, reasonable resource-allocation limits may apply to TPRM requests.

Learn more about our Compliance Package

VAST Compliance Package

October 13, 2025

Instantiations, Inc.

While many organizations have trusted the VAST Platform for its proven reliability, businesses in highly regulated industries increasingly require more than just dependable software. We’ve seen a clear shift toward the need for comprehensive reports and documentation to demonstrate that both vendors and their software can be trusted. The VAST Compliance Package was developed to […]

The evidence you need to satisfy stakeholders.

Schedule a Call

© Instantiations, Inc. All rights reserved. 'Instantiations' and the 'intersecting circle design' are registered trademarks of Instantiations, Inc. in the United States. All product names, trademarks, and registered trademarks are property of their respective owners. Company, product, and service names not owned by Instantiations are used for identification purposes only. Use of these names, trademarks, and brands does not imply endorsement.