Scrutineer.ai

Scrutineer · Vendor risk

Vendor risk management that scores every vendor on evidence

Vendor risk management breaks down when it is a once-a-year questionnaire that nobody reads and a spreadsheet that goes stale the day after onboarding. The risk a vendor carries changes constantly, and your view of it should too. Scrutineer assesses each vendor, produces a clear risk score, and then keeps watching.

For every vendor you get a risk score backed by evidence: their security posture, the data they touch, their certifications and any monitoring signals that change over time. New vendors are onboarded with a structured assessment instead of a gut feel, and existing vendors are continuously monitored so a downgrade reaches you before an incident does. You decide who to onboard; Scrutineer makes sure the decision is informed.

or try it below ↓

Control-mapped findings · linked evidence · you decide what to remediate

The Scrutiny Desk

Illustrative sample · not an audit attestation

SOC 2 ISO 27001 HIPAA GDPR PCI DSS

Controls in evidence-linked report out

AI scrutinizes you decide

Why it works

What you get with vendor risk

Every vendor scored

Scrutineer turns each vendor assessment into a clear risk score backed by evidence, so onboarding decisions rest on proof rather than a sales call.

Continuous monitoring

Vendor risk does not stop at onboarding. Scrutineer keeps watching posture, certifications and signals, so a deteriorating vendor surfaces before it bites.

Risk you can act on

Scores roll into a prioritized view, so your team spends time on the vendors that actually carry the most risk to your business.

What it handles

Controls in, an evidence-linked report out

Point Scrutineer at a framework or a vendor and it maps every control, pulls the evidence it can find, flags the gaps and scores the risk, returning a report with linked evidence and a prioritized remediation list. Scrutineer is decision support for readiness, an accredited auditor still issues the attestation.

  • Assesses each vendor on security posture and data access
  • Produces an evidence-backed vendor risk score
  • Continuously monitors vendors after onboarding
  • Flags certification lapses and posture changes
  • Prioritizes vendors by the risk they carry
  • Keeps a defensible record of every assessment
VENDOR RISK readiness_report
READINESS · 82%
ACCESS CONTROL 91

evidence · MFA enforced and access reviews evidenced.

CHANGE MGMT 78

evidence · Mostly covered; one approval log left untested.

VENDOR RISK 64

evidence · Two subprocessors missing a current review.

ENCRYPTION 86

evidence · Data encrypted in transit and at rest, evidenced.

Mapped to controls · evidence-linked 3 GAPS

Why Scrutineer

One platform that maps controls and scores risk

Not a static questionnaire, not a pass-fail black box, and not a spreadsheet you maintain by hand. Live control mapping across SOC 2, ISO 27001, HIPAA, GDPR and PCI, automatic evidence and a prioritized gap list, returned as a report you can act on. The AI scrutinizes, you decide.

Mapped to real controls

Every framework is broken down into the controls it actually requires, each scored on a red to amber to green scale, so readiness stays transparent and consistent.

Evidence behind every finding

Each control links to the exact evidence that satisfies it, the policy, the config, the log line, so the finding is auditable and your readiness is defensible.

A prioritized gap list

Open gaps roll up into a ranked remediation list, so the highest-risk findings sit at the top and your team fixes what matters before the audit begins.

Good questions

Questions about vendor risk

Scrutineer combines the vendor assessment, their security posture, the sensitivity of data they access, their certifications and ongoing monitoring signals into a single score, with the evidence behind each factor visible so you can see exactly why a vendor scored where it did.
Yes. That is the point. Scrutineer continuously watches each vendor for posture changes, lapsed certifications and new signals, and re-scores them, so a vendor that degrades after onboarding triggers an alert rather than going unnoticed.

Explore more

More ways to scrutinize compliance and risk with Scrutineer

Stop guessing about readiness. Scrutinize on real evidence.

Point Scrutineer at a framework or a vendor and it maps every control, gathers evidence and scores the risk, returning an evidence-linked report and a prioritized gap list. The AI scrutinizes, you decide.

See pricing

SOC 2, ISO 27001, HIPAA, GDPR & PCI · evidence-linked controls · readiness, not certification