Scrutineer.ai

Scrutineer · Vendor risk

Vendor security assessment that returns a scored verdict

A vendor security assessment is supposed to answer one question: is this vendor safe enough to trust with our data and systems? Too often it produces a 200-row questionnaire that no one fully reads and a yes that nobody can defend. Scrutineer turns the assessment into a scored, evidence-backed verdict you can actually stand behind.

Scrutineer evaluates the vendor security posture against a clear standard, weighs their certifications and the sensitivity of the data they touch, and returns a risk score with the evidence behind each factor. You see exactly where a vendor is strong, where it is weak and what would need to change to approve it. The decision stays yours; the assessment gives you the proof to make it well.

or try it below ↓

Control-mapped findings · linked evidence · you decide what to remediate

The Scrutiny Desk

Illustrative sample · not an audit attestation

SOC 2 ISO 27001 HIPAA GDPR PCI DSS

Controls in evidence-linked report out

AI scrutinizes you decide

Why it works

What you get with security assessment

Posture against a standard

Scrutineer assesses each vendor security posture against a clear, consistent standard, so a strong-looking vendor and a weak one are measured the same way.

A scored, evidence-backed verdict

The assessment returns a risk score with evidence behind every factor, so approval rests on proof rather than a questionnaire skim.

Clear remediation path

You see exactly which weaknesses pushed the score down and what would need to change, so a borderline vendor has a concrete path to approval.

What it handles

Controls in, an evidence-linked report out

Point Scrutineer at a framework or a vendor and it maps every control, pulls the evidence it can find, flags the gaps and scores the risk, returning a report with linked evidence and a prioritized remediation list. Scrutineer is decision support for readiness, an accredited auditor still issues the attestation.

  • Assesses vendor security posture against a standard
  • Weighs certifications and data sensitivity
  • Returns an evidence-backed risk score
  • Shows where a vendor is strong and weak
  • Spells out what would change the verdict
  • Keeps a defensible record of the assessment
SECURITY ASSESSMENT readiness_report
READINESS · 82%
ACCESS CONTROL 91

evidence · MFA enforced and access reviews evidenced.

CHANGE MGMT 78

evidence · Mostly covered; one approval log left untested.

VENDOR RISK 64

evidence · Two subprocessors missing a current review.

ENCRYPTION 86

evidence · Data encrypted in transit and at rest, evidenced.

Mapped to controls · evidence-linked 3 GAPS

Why Scrutineer

One platform that maps controls and scores risk

Not a static questionnaire, not a pass-fail black box, and not a spreadsheet you maintain by hand. Live control mapping across SOC 2, ISO 27001, HIPAA, GDPR and PCI, automatic evidence and a prioritized gap list, returned as a report you can act on. The AI scrutinizes, you decide.

Mapped to real controls

Every framework is broken down into the controls it actually requires, each scored on a red to amber to green scale, so readiness stays transparent and consistent.

Evidence behind every finding

Each control links to the exact evidence that satisfies it, the policy, the config, the log line, so the finding is auditable and your readiness is defensible.

A prioritized gap list

Open gaps roll up into a ranked remediation list, so the highest-risk findings sit at the top and your team fixes what matters before the audit begins.

Good questions

Questions about security assessment

It makes the questionnaire useful. Scrutineer can collect and evaluate vendor responses, weigh them against evidence and certifications, and turn the result into a scored verdict, so you get a defensible answer instead of a stack of unread answers.
The risk score shows exactly which factors pulled it down, each backed by evidence. That gives you a clear, defensible basis to reject, or a concrete list of what the vendor would need to fix to be approved.

Explore more

More ways to scrutinize compliance and risk with Scrutineer

Stop guessing about readiness. Scrutinize on real evidence.

Point Scrutineer at a framework or a vendor and it maps every control, gathers evidence and scores the risk, returning an evidence-linked report and a prioritized gap list. The AI scrutinizes, you decide.

See pricing

SOC 2, ISO 27001, HIPAA, GDPR & PCI · evidence-linked controls · readiness, not certification