Scrutineer.ai

Features

Continuous Compliance Features, One Platform

Scrutineer is built around one promise: scrutinize any company, including your own. It maps your controls to SOC 2, ISO 27001, HIPAA, GDPR and PCI, collects evidence automatically, monitors controls continuously, flags gaps before audit, automates inbound security questionnaires, and scores the risk of every vendor you trust. Here is every capability, and how it turns annual audit panic into a live, defensible posture.

See the features

SOC 2 · ISO 27001 · HIPAA · GDPR · PCI · readiness and decision-support, not certification · prices in USD

SOC 2 ISO 27001 HIPAA GDPR PCI

Your compliance and your vendor risk

4.9/5 from security teams

Every capability

From control mapping to an audit-ready report, in one place

Most tools cover one side of the house, either your own compliance or your third-party risk. Scrutineer runs the whole loop: it maps controls across every framework, collects and monitors evidence continuously, detects gaps, automates questionnaires, and scores every vendor, so one platform replaces the spreadsheets and the point tools.

Control mapping

Your existing access reviews, change management and monitoring are mapped to SOC 2, ISO 27001, HIPAA, GDPR and PCI requirements, so coverage is visible instead of assumed.

Automated evidence collection

Scrutineer pulls evidence from your cloud, identity and ticketing systems through read-only integrations and attaches each item to the control it proves, then keeps it current.

Continuous control monitoring

Controls are re-checked around the clock rather than once a year, so a drifted policy, an expired log or a disabled control surfaces the moment it happens.

Gap detection

When a control drifts or evidence goes stale, Scrutineer flags the gap, explains it in plain language, and ranks what to fix first by impact on your readiness.

Security questionnaire automation

Inbound security questionnaires are auto-answered from your current evidence, so the questionnaire ping-pong that eats your week becomes a review-and-send.

Vendor risk scoring

Every vendor you trust gets a letter grade and a 0 to 100 risk score across network, app security, patching, DNS, data protection and compliance posture.

Audit-ready reports

Hand your accredited auditor or a prospective customer an organized, current report: readiness per framework, the evidence behind each control, and the open gaps. The audit becomes a review of facts, not a scramble.

Framework crosswalk

Map a control once and Scrutineer shows where it satisfies SOC 2, ISO 27001, HIPAA, GDPR and PCI together, so the work you do for one audit counts toward every other framework you sell into.

Continuous, not once a year

Continuous control monitoring with the evidence behind each control

This is the feature everything else hangs on. Point-in-time audits go stale the day after they finish. Scrutineer watches your controls continuously and keeps the evidence current, so readiness is a live number you can trust on any day.

  • A live readiness view per framework and per control domain
  • Each control linked to the current evidence that proves it
  • Drift and stale evidence flagged the moment they happen
  • Gaps ranked by impact so you fix the right thing first
  • An audit trail your accredited auditor can review
Readiness, today Live

5

Frameworks

214

Controls

100%

Evidence

Access control92
Change management74
Logging & monitoring58
Monitored continuously with evidence
Vendor risk scorecard Grade B
A NorthCloud SOC 2 ✓ · SCORE 91
B+ Acme Payments PCI ✓ · SCORE 84
B DataForge ISO 27001 ✓ · SCORE 77
C+ Relay APIs SOC 2 ✗ · SCORE 63
Vendors scored monitored

The other side of the house

Vendor risk scoring and security questionnaire automation

Scrutiny does not stop at your own walls. Scrutineer scores the risk of every vendor you trust, monitors them continuously, and auto-answers the inbound questionnaires your prospects send you, so two jobs that used to need two tools and two teams run on one platform.

  • A letter grade and 0 to 100 risk score per vendor
  • Category scores for network, app security, patching, DNS and data protection
  • Continuous third-party monitoring that re-scores as a vendor changes
  • Inbound security questionnaires auto-answered from your evidence
  • M&A and diligence reports for the companies you are evaluating

Continuous compliance, on one platform

Map controls to every framework, collect evidence automatically, monitor continuously, and score every vendor. Scrutineer gets you audit-ready and keeps you ready. An accredited auditor still issues your attestation.

Map · collect · monitor · report