Skip to product information
Third-Party Risk Manager — Self-Hosted TPRM Platform (SSO / API Connectors)
$499.00
Sale price
$499.00
Regular price
▶ Try it first: Open the live interactive demo — add a vendor, score it on the 5×5 matrix, and watch it flow into the dashboard.
Vet every vendor, end to end. A complete third-party risk program in one self-hosted app — connect it to your risk feeds, tailor it to your org, and run vendor due diligence without a per-seat SaaS subscription.
A fully functional, self-hosted TPRM platform. Backend-agnostic, fully editable, and rebrandable — one portal your team controls end to end.
Modules included
- Dashboard & KPIs — vendor counts, critical-tier exposure, open findings, reviews due, and average residual risk.
- Vendor Register — tier, region, data processed, business owner, status, and review cadence.
- Risk Assessments — inherent and residual scoring on a configurable 5×5 matrix with automatic ratings and a live heatmap.
- Findings & Remediation, Evidence & Documents — track issues to closure and SOC 2 / ISO / DPA artifacts to expiry.
- Continuous Monitoring — external security scores aggregated against your register.
Connect to any API
- Native connector adapters for UpGuard, SecurityScorecard, BitSight, and Whistic, plus a Generic REST adapter driven by a JSONPath field map — add any provider by cloning it.
- One integration contract, server-side proxy in the deployment kit so API keys never touch the browser.
Enterprise access
- SSO / MFA via Okta, Microsoft Entra ID, or any SAML 2.0 / OIDC provider, with SCIM/JIT provisioning and IdP group→role mapping (RBAC).
- Secrets held in your vault (Key Vault / AWS Secrets Manager). Deploy as a single file or to SharePoint / Azure / Google Apps Script via the included deployment kit.
100% tailorable
- Rebrand instantly (name, logo, colors). Edit fields, tiers, and the risk matrix. Export/import the whole program as JSON.
Program-management aid, not legal advice. A security review is included; enforce authentication, authorization, and secret storage server-side in deployment.