Every assessment combines quantitative data sources with AI-enhanced analysis to produce a single, trustworthy risk evaluation backed by verifiable sources.
When you run a third party assessment, six things happen automatically — in under a minute.
We verify the third party's existence and registration through government corporate registries (OpenCorporates) and SEC filings. This confirms the entity is legitimate and currently active.
AI-enhanced screening covers 13 different categories of information — from news and financial data to security incidents, compliance certifications, legal proceedings, and customer reviews. Up to 30 sources are gathered, each with citations you can verify.
Every third party is screened against global sanctions databases including OFAC, UN, EU sanctions lists, Politically Exposed Persons (PEP) databases, and crime/fraud records.
All research, sanctions results, quantitative data, and third party information are analyzed using AI-enhanced screening to evaluate risk across six dimensions. This layer understands context and identifies patterns across sources that manual review would miss.
A formula-based scoring engine independently evaluates the third party using structured data — jurisdiction risk, business legitimacy, financial stability, compliance certifications, and adverse media. Recent findings are weighted more heavily than older ones.
The AI analysis and quantitative score are combined equally to produce a single unified score. This balanced approach ensures the assessment is both contextually intelligent and data-grounded.
Every third party is scored across six risk categories, giving you a complete picture of their risk posture.
Revenue stability, funding status, credit indicators, company age, insurance coverage, and financial health trends
Business continuity capabilities, service reliability, incident response maturity, and infrastructure resilience
Public perception, media coverage sentiment, customer satisfaction, executive stability, and brand trust
Regulatory adherence, security certifications, audit history, violations, and enforcement actions
Cybersecurity posture, breach history, encryption practices, access control maturity, and vulnerability management
GDPR/CCPA compliance, data handling practices, privacy policies, and cross-border data transfer safeguards
Every assessed third party receives a clear risk score with a color-coded traffic light rating, plus a data confidence score showing assessment completeness. Missing data does not inflate the risk score — it lowers the confidence score instead, keeping your risk picture accurate.
We use verified, real-time data — never fabricated or estimated. Every finding links back to its source.
13 query types across news, financial reports, security disclosures, and compliance databases with cited sources
OFAC, UN, EU sanctions lists, PEP databases, crime records, and fraud watchlists via OpenSanctions
Government corporate registries worldwide — verifies company registration, status, and officers
US Securities and Exchange Commission filings for public companies — 10-K, 10-Q, 8-K, and proxy statements
Jurisdiction risk scoring based on data privacy laws, regulatory enforcement strength, and political stability
Self-reported responses from third party questionnaires, uploaded certifications, and contract documentation
Every assessment automatically maps to major compliance frameworks — no extra work required.
Security, availability, confidentiality
10 controlsInformation security management
10 controlsProtected health information
10 controlsEU data protection
10 controlsCybersecurity framework
10 controlsFinancial reporting controls
10 controlsEach control shows pass/warning/fail status with specific explanations and actionable recommendations.
We don't rely solely on AI opinions. Every assessment combines AI research with formula-based quantitative scoring weighted equally. The AI provides depth; the quantitative engine provides consistency.
Our assessments are built on verifiable data — government registries, SEC filings, sanctions databases, and cited news sources. Every finding links back to its source. No black boxes.
A data breach from last month matters more than one from three years ago. Our scoring automatically weights recent findings more heavily, so your risk picture reflects today's reality.
Our scoring philosophy favors flagging potential risks over missing them. It's better for your analyst to review each flagged finding — accept it as valid risk or dismiss it with a documented reason — than to never see a real threat.
Risk doesn't stop after the initial assessment. Enable continuous monitoring to automatically detect changes in your third party's risk profile.
Run a free third party risk report and see exactly how our assessments work — no account required.
Free forever. No credit card required.