Platform capabilities
Build a vendor register. Publish a trust page. Answer questionnaires fast.
Six capabilities that replace the manual work your team currently does in spreadsheets, email threads, and shared drives.
Vendor inventory
Import your existing vendor list from a spreadsheet or add vendors manually. VendorTrace discovers vendors from your domain scan automatically. Classify who handles customer data, employee data, and sensitive data. Know your full picture.
- Import from Excel or CSV with column mapping
- Auto-discovery from domain scan
- Classify by data category: customer, employee, sensitive
- Certification tracking with expiry alerts
- Export to CSV or Excel at any time
Trust page
Publish a trust page your prospects can visit before they ask. Shows your subprocessors, data locations, and security posture. Embeds in your website. Updates automatically when you add or remove vendors.
- Public URL, shareable with prospects and customers
- Shows subprocessors, data locations, and security signals
- Embed code for your own website
- Updates automatically when your vendor register changes
- Custom domain on Team plan
- No login required to view
Security profile
Build a library of verified answers from your posture scan and document vault. TLS grade, security headers, email authentication, hosting region: all detected automatically. Upload your pentest summary or ISO certificate as evidence.
- TLS grade, HSTS, CSP, and email authentication detected automatically
- Hosting region and cloud provider identified per domain
- Answer library stores verified responses for reuse
- CAIQ v4.1 profile: 283 questions, 17 domains, domain progress bars
- Upload pentest summary, ISO certificate, or SOC 2 report as evidence
- Evidence linked to individual answers
Answer questionnaires fast
When a customer sends a security questionnaire, paste or upload the questions. VendorTrace maps each question to your evidence library, posture scan findings, and cloud integration data. Review AI-drafted answers, approve, and export as DOCX. CAIQ v4.1 is built in with 283 questions pre-loaded.
- Paste or upload incoming questionnaire questions
- Detects answers from evidence library and posture scan automatically
- CAIQ v4.1 built in: 283 questions across 17 security domains
- Review and approve AI-drafted answers before sending
- Export completed questionnaire as DOCX
- Send questionnaires to your own vendors via Assess
Change detection
Know when a vendor changes their TLS certificate, moves to a new hosting region, or adds a new subdomain. Every infrastructure change is a potential compliance event: your GDPR Article 30 records, your sub-processor list, and your questionnaire answers may all need updating. VendorTrace surfaces the change. Your team decides what to do with it.
- Automatic diff of consecutive scans for every tracked vendor
- Alerts for TLS certificate changes, new subdomains, and region moves
- Severity-ranked change feed
- Acknowledge and review workflow, audit-logged
- Full scan compare view: side-by-side diff of any two scans
- Scheduled scans: daily, weekly, monthly, or annually
Send questionnaires to your vendors
When onboarding a new vendor or conducting annual due diligence, send them a structured questionnaire via Assess. Collect formal answers and compare what they say against what the outside-in scan found. The result is a documented due diligence record for GDPR Article 28 processor obligations and NIS2 Article 21 supply chain security requirements.
- Send CAIQ or custom questionnaires to any vendor
- Vendor completes the questionnaire through a dedicated portal
- Compare vendor responses against scan evidence side by side
- Audit-logged review and sign-off workflow
- Builds a due diligence record per vendor relationship
- Available on Team plan
Start for free today.
The Free plan needs no credit card. Add your vendors and publish your trust page in minutes.