Manage third-party risk with control
Your vendors are part of your attack surface. Securapilot's vendor management gives systematic third-party risk management — from criticality assessment and security assessments to evidence, risks and an external vendor portal.
Third-party risk under control
A supply chain is only as secure as its weakest link. Securapilot's vendor management gathers all the work — vendor register, assessments, documents and risks — in one place, with AI support and a complete audit log.
The result: vendor work that is systematic, risk-based and traceable.
All vendor work in one module
The vendor management module covers the entire third-party risk management process in six connected areas.
Vendor register
A record of the organization's third-party vendors, with company details, contracts and status.
Criticality assessment
Establishes how critical a vendor is and governs how often it must be assessed.
Vendor assessments
Security and risk assessments built on adaptive questionnaires, internally or via the portal.
Documents and evidence
Certificates and reports — SOC 2, ISO 27001, DPAs — with AI analysis and smart matching.
Vendor risks
Risks identified around a vendor, with scoring and a treatment strategy.
The vendor portal
An external self-service portal where the vendor answers and uploads documents themselves.
How the module supports your vendor work
Concrete support in every part of third-party risk management — from registration to follow-up.
Criticality assessment
A score of 0–12 based on business impact, data sensitivity, substitutability and regulatory requirements governs the assessment frequency.
Adaptive questionnaires
Ready-made templates such as SIG-Lite, CAIQ, NIS2 and DORA — questions branch on previous answers and the vendor's criticality.
AI-driven document analysis
Uploaded security documents are analyzed automatically — key information, findings and risks are extracted.
Smart evidence matching
AI matches documents against the questionnaire's questions; verified evidence gives an evidence bonus to the answer.
Composite risk score
A risk score of 0–100 is calculated from four weighted components, both as inherent and residual risk.
Vendor risks with treatment
Eight risk types with likelihood, consequence and a treatment strategy — with kanban follow-up.
External vendor portal
The vendor answers questionnaires and uploads documents via a magic link — with no user account.
Contract & assessment monitoring
The module warns about assessments coming due and contracts expiring within 90 days.
The assessment journey — from created to approved
Every vendor assessment follows a clear workflow.
Creation
The assessment is created with a choice of questionnaire template and assessment type.
Start
The assessment is started internally or sent to the vendor for a self-assessment.
Completion
The questionnaire is answered — internally or by the vendor in the portal.
Review
The assessment is submitted and reviewed; individual answers can be flagged for follow-up.
Closure
The assessment is completed and approved with an overall score and risk rating.
Frequently asked questions about vendor management
Which questionnaires can be used in the assessments?
The module ships with ready-made, centrally maintained templates such as SIG-Lite, CAIQ, NIS2 and DORA. The questionnaires are adaptive — questions branch based on previous answers, and the selection adapts to the vendor's criticality.
Can the vendor fill in an assessment themselves?
Yes. Through the vendor portal a vendor contact can answer questionnaires and upload documents themselves. The contact receives a magic link via email and needs no user account or password.
How is the vendor's risk score calculated?
A composite risk score of 0–100 is calculated from four weighted components: assessment score (40%), open risks (25%), external score (20%) and compliance indicators (15%). The score is calculated both as inherent risk and residual risk.
How does AI help with documents and evidence?
AI analyzes uploaded security documents, identifies the document type, suggests which questions a document supports and verifies that the evidence backs the answer. Verified evidence gives an evidence bonus that raises the answer's score.
Get control of the entire supply chain
Book a demo and we'll show you how the vendor management module makes your third-party risk management systematic and traceable.
Related modules
Build a complete management system by combining modules that work together.