- CadenceAnnual + on-event
- QuestionnaireFull SIG, controls evidence, SOC 2/ISO certs
- Typical examplesIaaS providers, payment processors, identity provider
Third-party risk management
Vendor risk that moves at procurement speed.
Auto-tiered assessments, mapped to your control library, with continuous monitoring across the portfolio — not a separate stack of spreadsheets.
Portfolio overviewLive
284vendors
23critical
11findings open
By tier
- Critical 23
- High 41
- Mod 96
- Low 124
Risk-based tiering
Right-sized assessments per tier
Stop sending the same 230-question SIG to every vendor. Match the assessment to the actual exposure.
- CadenceAnnual
- QuestionnaireStandard SIG-Lite, current attestation
- Typical examplesPII processors, customer-facing analytics
- CadenceBi-annual
- QuestionnaireReduced 35-question set
- Typical examplesInternal tooling, limited data scope
- CadenceProcurement attest
- QuestionnaireSelf-attestation
- Typical examplesNo regulated data, no system access
Lifecycle
Six stages, one queue
From intake to renewal, every vendor follows the same instrumented path.
Intake
Procurement triggers a workflow with data classification, system access, and contract metadata.
Tier
Auto-tier by data sensitivity, geographic exposure, and infrastructure footprint.
Assess
Route the right questionnaire, request evidence, capture attestations.
Approve
Risk owner signs off, conditions are recorded against contract clauses.
Monitor
Continuous monitoring on certs, posture, breach intel, and SLA telemetry.
Renew
Re-trigger assessment ahead of renewal — never let a contract auto-renew unaware.
Portfolio heatmap
See concentration risk before renewal season
Every cell is a control domain × vendor. Drill from a red cell to the underlying questionnaire.
| Identity | Logging | Encryption | BCP | Privacy | Pen test | |
|---|---|---|---|---|---|---|
| Cloud IaaS | ||||||
| Payment processor | ||||||
| Analytics SaaS | ||||||
| Email vendor | ||||||
| Helpdesk | ||||||
| Marketing CRM |
- Evidence current
- Stale or partial
- Missing or fail
Findings tracker
Remediation that lives in the same task queue as your engineers
Findings carry severity, owner, and SLA. They link back to the control they break and the contract clause they trigger.
Open vendor findings4 active
- highAnalytics SaaSBCPOpen12dRisk Lead
- highHelpdeskPrivacyIn remediation4dProcurement
- mediumMarketing CRMIdentityOpen21dIT
- mediumEmail vendorPrivacyAwaiting evidence6dVendor
62%Faster intake to approval
3.4xVendors per FTE
100%Renewals re-assessed
0Spreadsheets in scope
Show your board the portfolio, not the inbox
See vendor tiering, evidence collection, and concentration analytics in your environment.