Is there a per-vendor fee?

No. TPRM includes unlimited vendors with no per-vendor pricing and no vendor cap, so you can onboard your whole supply chain — including the long tail.

Does TPRM handle inbound buyer questionnaires too?

TPRM covers the outbound direction — sending vendor questionnaires (CAIQ, SIG, custom) and tracking responses. For inbound security questionnaires from your buyers, pair it with the Trust module, which ingests and drafts answers from your evidence store.

Which standards does TPRM map to?

SOC 2 vendor management (TSC), ISO 27001 A.5.19–A.5.22, NIST 800-161, HIPAA Business Associate requirements, and DORA third-party risk obligations.

TPRM module

Vendor risk without the spreadsheet purgatory

Unlimited vendors with structured onboarding, outbound questionnaires, subprocessor tracking, and renewal calendars that wake you up before contracts auto-renew. Pair with the Trust module to handle inbound buyer questionnaires.

Start free trial See pricing

What you get

Unlimited vendors

No per-vendor pricing, no vendor cap. Onboard your whole supply chain — including the long tail.

Vendor onboarding workflow

Structured intake for new vendors — risk tier, owner, contract terms, security review checklist, and approvals.

Outbound questionnaires

Send vendor questionnaires (CAIQ, SIG, custom) and track responses without chasing inboxes.

Subprocessor tracking

Maintain your subprocessor list internally; the Trust module publishes it externally with diffs and notifications.

Renewal calendars

Get woken up well before auto-renewals. Track reviews by tier — quarterly for critical, annually for the rest.

Vendor risk scoring

Combine inherent risk, control posture, and questionnaire findings into a single score tied to your risk register.

Agents at work

Agents that read and answer questionnaires

TPRM ships agent skills that handle both directions of the vendor relationship.

Read vendor SOC 2 reports and CAIQ responses critically and flag gaps
Triage vendor risk against your tiering rules
Suggest the right outbound questionnaire based on vendor type and data access
Open renewal reviews when vendor postures change

Learn how agents work

Frameworks supported

SOC 2 (TSC vendor management)ISO 27001 A.5.19–A.5.22NIST 800-161HIPAA Business AssociatesDORA (third-party risk)

Pricing for this module

Third-Party Risk Management

Includes +1M tokens/month

Adds 1M tokens/month to the workspace pool. Unlimited vendors included.

$6,000

/year · $600/mo

See all pricing Start free trial

Third-Party Risk Management — frequently asked questions

More on Third-Party Risk Management

Vendor Risk Management: A Complete Guide for Lean Teams

A practical guide to vendor risk management for lean security teams — covering inventory, risk tiering, assessments, contract clauses, and ongoing monitoring.

End the vendor spreadsheet

Add TPRM and onboard your vendor list in an afternoon.

Start free trial Book a demo