Case Study: Duolingo achieves ISO 27001 compliance and saves 12+ hours per week with Vanta

How Duolingo achieved ISO 27001 while saving 12+ hours per week on their security program

Duolingo, the language learning company behind the Duolingo English Test, needed to achieve ISO 27001 certification to help win more deals and reassure universities and government programs handling test-taker data. However, its security and compliance information was spread across spreadsheets and documents, making it difficult to maintain a single source of truth or clearly explain its posture to auditors. Duolingo used Vanta, including its ISO 27001 and SOC 2 support, to simplify the process.

With Vanta, Duolingo centralized its security and compliance program, mapped controls into clear automated and manual tests, and streamlined vendor risk reviews with Vanta’s Vendor Risk Management and AI features. The result was ISO 27001 certification in 2024, continued SOC 2 Type I compliance, and a more efficient program that saved Mandy Matthew up to 12 hours per week. Duolingo also avoided spending hundreds of thousands of dollars on professional services or hiring additional staff, while improving visibility and confidence across its security program with Vanta.

Duolingo

Mandy Matthew

Lead Security Risk Program Manager