Features
Continuous Compliance Features, One Platform
Scrutineer is built around one promise: scrutinize any company, including your own. It maps your controls to SOC 2, ISO 27001, HIPAA, GDPR and PCI, collects evidence automatically, monitors controls continuously, flags gaps before audit, automates inbound security questionnaires, and scores the risk of every vendor you trust. Here is every capability, and how it turns annual audit panic into a live, defensible posture.
SOC 2 · ISO 27001 · HIPAA · GDPR · PCI · readiness and decision-support, not certification · prices in USD
Your compliance and your vendor risk
4.9/5 from security teams
Every capability
From control mapping to an audit-ready report, in one place
Most tools cover one side of the house, either your own compliance or your third-party risk. Scrutineer runs the whole loop: it maps controls across every framework, collects and monitors evidence continuously, detects gaps, automates questionnaires, and scores every vendor, so one platform replaces the spreadsheets and the point tools.
Control mapping
Your existing access reviews, change management and monitoring are mapped to SOC 2, ISO 27001, HIPAA, GDPR and PCI requirements, so coverage is visible instead of assumed.
Automated evidence collection
Scrutineer pulls evidence from your cloud, identity and ticketing systems through read-only integrations and attaches each item to the control it proves, then keeps it current.
Continuous control monitoring
Controls are re-checked around the clock rather than once a year, so a drifted policy, an expired log or a disabled control surfaces the moment it happens.
Gap detection
When a control drifts or evidence goes stale, Scrutineer flags the gap, explains it in plain language, and ranks what to fix first by impact on your readiness.
Security questionnaire automation
Inbound security questionnaires are auto-answered from your current evidence, so the questionnaire ping-pong that eats your week becomes a review-and-send.
Vendor risk scoring
Every vendor you trust gets a letter grade and a 0 to 100 risk score across network, app security, patching, DNS, data protection and compliance posture.
Audit-ready reports
Hand your accredited auditor or a prospective customer an organized, current report: readiness per framework, the evidence behind each control, and the open gaps. The audit becomes a review of facts, not a scramble.
Framework crosswalk
Map a control once and Scrutineer shows where it satisfies SOC 2, ISO 27001, HIPAA, GDPR and PCI together, so the work you do for one audit counts toward every other framework you sell into.
Continuous, not once a year
Continuous control monitoring with the evidence behind each control
This is the feature everything else hangs on. Point-in-time audits go stale the day after they finish. Scrutineer watches your controls continuously and keeps the evidence current, so readiness is a live number you can trust on any day.
- A live readiness view per framework and per control domain
- Each control linked to the current evidence that proves it
- Drift and stale evidence flagged the moment they happen
- Gaps ranked by impact so you fix the right thing first
- An audit trail your accredited auditor can review
5
Frameworks
214
Controls
100%
Evidence
The other side of the house
Vendor risk scoring and security questionnaire automation
Scrutiny does not stop at your own walls. Scrutineer scores the risk of every vendor you trust, monitors them continuously, and auto-answers the inbound questionnaires your prospects send you, so two jobs that used to need two tools and two teams run on one platform.
- A letter grade and 0 to 100 risk score per vendor
- Category scores for network, app security, patching, DNS and data protection
- Continuous third-party monitoring that re-scores as a vendor changes
- Inbound security questionnaires auto-answered from your evidence
- M&A and diligence reports for the companies you are evaluating
Keep exploring
Put continuous compliance to work
SOC 2 compliance
Map controls to the Trust Services Criteria, collect evidence and close gaps before audit.
Learn moreISO 27001 compliance
Build and prove your ISMS with mapped controls and continuous evidence.
Learn moreVendor risk management
Score and continuously monitor the risk of every vendor you trust.
Learn moreThird-party risk management
A continuous TPRM program, not a once-a-year spreadsheet review.
Learn moreSecurity questionnaire automation
Auto-answer inbound questionnaires from your current evidence.
Learn morePricing
Essentials, Growth, Risk+ and Enterprise plans. Every plan is paid, prices in USD.
Learn moreContinuous compliance, on one platform
Map controls to every framework, collect evidence automatically, monitor continuously, and score every vendor. Scrutineer gets you audit-ready and keeps you ready. An accredited auditor still issues your attestation.
Map · collect · monitor · report