Alternatives to Armilla
Compare Armilla alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Armilla in 2026. Compare features, ratings, user reviews, pricing, and more from Armilla competitors and alternatives in order to make an informed decision for your business.
-
1
StandardFusion
StandardFusion
A GRC solution for technology-focused SMB and Enterprise Information Security teams. StandardFusion eliminates spreadsheet pain by using a single system of record. Identify, assess, treat, track and report on risks with confidence. Turn audit-based activities into a standardized process. Conduct audits with certainty and direct access to evidence. Manage compliance to multiple standards; ISO, SOC, NIST, HIPAA, GDPR, PCI-DSS, FedRAMP and more. Manage vendor and 3rd party risk, and security questionnaires easily in one place. StandardFusion is a Cloud-Based SaaS or on-premise GRC platform designed to make InfoSec compliance simple, approachable and scalable. Connect what your organization does, with what your organization needs to do.Starting Price: $1800 per month -
2
Tavant Warranty
Tavant
Tavant Warranty is an industry-leading warranty management solution that brings together OEMs, suppliers, and service channel partners in a real-time collaborative environment. The product enables end-to-end warranty lifecycle management and is the only solution of its kind on the Salesforce platform. The product has evolved with over 20 years of experience working with leading manufacturers globally. Tavant Warranty helps reduce warranty spend, increase supplier recovery, reduce claim processing, and consolidate fragmented warranty data to improve forecasts. Tavant continues to add new components to its warranty management suite. TMAP (Tavant Warranty Analytics Platform) is one such product that uses the latest artificial intelligence techniques to generate actionable insights. Other extended modules like Supplier recovery, Campaign Management, Audit Management, Field service management, etc. cover the entire gamut of aftermarket services for the manufacturers. -
3
Scrut Automation
Scrut Automation
Scrut is an AI-powered GRC (Governance, Risk, and Compliance) platform designed to help organizations manage security and compliance programs more effectively. It provides real-time visibility into risks across cloud infrastructure, applications, employees, and third-party vendors. The platform automates tasks such as control monitoring, evidence collection, and audit preparation to reduce manual effort. Scrut includes pre-built compliance frameworks and templates to simplify implementation and accelerate readiness. Its AI-driven features guide users through remediation, risk assessments, and compliance processes. The system also integrates with existing tools to streamline workflows and improve efficiency. Overall, Scrut enables businesses to build stronger, scalable, and security-first compliance programs. -
4
SigmaRed
SigmaRed
Our platform dynamically assesses and mitigates AI risks in models and datasets concerning bias, proxy bias and fairness. Our Responsible AI technology enables deeper visibility into AI models and makes them explainable and interpretable. Our research-based AI robustness assurance algorithms identify and mitigate risks related to lack of robustness. Our platform reviews AI landscape about various AI and MRM regulations and provides deeper risk analysis, comprehensive reporting, and automated remediation. AI risks across in-house AI systems as well as AI systems provided by third parties need to be assessed and remediated. SigmaRed platform enables comprehensive third-party AI risk management (AI TPRM) and rapidly reduces the cycle time of conducting AI risk assessments while providing deep visibility, control, stakeholder-based reporting, and detailed evidence repository. -
5
Moody's Intelligent Risk Platform
Moody's Corporation
Moody's Intelligent Risk Platform™ (IRP) is a cloud-native solution designed to enhance risk assessment and decision-making for insurers, reinsurers, and brokers. Leveraging over 30 years of risk analytics expertise, the platform integrates industry-leading Moody's RMS™ models to provide deep insights into various perils, including natural and man-made catastrophes. Its modular architecture offers a suite of applications—such as Risk Modeler™, UnderwriteIQ™, TreatyIQ™, and ExposureIQ™—that streamline workflows across the insurance value chain, from underwriting to portfolio management. Built on Amazon Web Services (AWS), the IRP ensures scalability, flexibility, and continuous innovation, with new features released every six weeks. Additionally, the platform supports over 700 third-party and in-house models through its Open Modeling Engine, facilitating unified multi-vendor risk modeling. -
6
Warranty Wizard
Invarosoft
Warranty Wizard is an IT asset and warranty lifecycle management platform tailored for MSPs, delivering in-depth desktop and server warranty reports with just a click. It integrates seamlessly with PSA and RMM tools, enabling auto-synchronization of asset data and producing branded PDF lifecycle and sales-focused reports instantly. It features configurable device rules to flag end-of-life hardware, a centralized dashboard and pipeline view for workstations and servers, and sales insights that help MSPs identify and prioritize devices due for review or refresh. Setup requires under 10 minutes, and clients can easily assess asset health and procurement needs via visual audits and replacement recommendations. Designed to compete with ScalePad Lifecycle Manager, Warranty Wizard simplifies asset oversight, supports vendor integrations, and drives proactive service and revenue opportunities, all within an intuitive, one-click reporting environment.Starting Price: $99 per month -
7
AWS Audit Manager
Amazon
Map your AWS usage and controls with prebuilt and custom frameworks. Save time with automated evidence collection, and focus on confirming that your controls work properly. Streamline collaboration across teams, and ensure the integrity of your audits with read-only permissions. Use AWS Audit Manager to map your compliance requirements to AWS usage data with prebuilt and custom frameworks and automated evidence collection. The transition from manual to automated evidence collection. Avoid the need to collect, review, and manage evidence with automated evidence collection. Automatically collect evidence, monitor your compliance posture, and proactively reduce risk by fine-tuning your controls. Upload manual evidence for your hybrid environment. AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance. When you define and launch an assessment based on an assessment framework, the Audit Manager will execute resource assessments.Starting Price: $1.25 per assessment -
8
ClearOPS
ClearOPS
ClearOPS helps buyers and sellers manage their vendors and satisfy due diligence requirements. ClearOPS is a full-circle third-party risk platform. With ClearOPS you can track and monitor all of your vendors, send assessments and upload evidence, and respond to their customer's vendor management processes. Vendor security questionnaires are like a hot potato, no one wants to do them. So our A.I. takes the first pass saving massive amounts of time. As a system of record, you never have to watch the information about your own business walk out the door. You won the customer, now what? Well, you have to retain them, and maintaining that healthy trust is what we are all about. ClearOPS manages privacy and security operations information so that it is easily accessible and up to date. Simple third-party risk management software solution. Inspire your colleagues with empowerment and assess your vendors on your schedule.Starting Price: $500 per month -
9
LexFlag
Lexonica Inc.
Automated risk assessment tools that screen vendors, suppliers, customers, and third parties against global risk databases - delivering actionable risk scores in seconds. From vendor risk assessment and supply chain due diligence to compliance screening and enterprise risk management tools - one software for risk management, every risk dimension covered. Use our built-in tools or create your own custom AI-powered tool in minutes. Business risk management software for vendor risk, third-party risk management, supply chain screening, compliance, cybersecurity, and more - each powered by the same AI entity matching engine.Starting Price: $5/month -
10
CreditLens
Moody's Analytics
The Moody’s Analytics CreditLens platform helps financial institutions make better commercial lending decisions, with increased speed and efficiency. Its innovative technology enables consistent spreading, which powers advanced analytics, including the ability to compare and benchmark your portfolio for enhanced risk assessment. Access powerful financial analysis that produces dual risk rating models or use rating models configured to your own internal credit policies and risk rating rules. Enhance your risk assessment using relationship hierarchies created in CreditLens or imported from your CRM database, and conduct multiple risk entity, relationship, and hierarchy modeling. Leverage business rules to minimize errors, increase data accuracy and guide users through the credit risk assessment in accordance with your bank policies. Benefit from data auditability, deal approval frameworks, conditions precedent and covenant adherence for your internal and external policy compliance. -
11
Prevalent
Prevalent
The Prevalent Third-Party Risk Management Platform is a single solution that enables customers to automate the critical tasks required to manage, assess and monitor their third parties across the entire life cycle. The solution combines the following integrated capabilities to ensure third parties are secure and compliant: • Automated onboarding and offboarding • Profiling, tiering and inherent risk scoring • Standardized and custom vendor risk assessments with built-in workflow, task and evidence management • Continuous vendor threat monitoring • A network community of completed standardized assessments and risk intelligence • Compliance and risk reporting • Remediation management The solution is backed by expert professional services to help optimize and mature third-party risk management programs, and managed services to outsource the collection and analysis of vendor assessments. -
12
Secure Forte
Secure Forte
Secure Forte is a cyber supply chain risk management platform built to help organizations proactively manage cybersecurity, data privacy, compliance, and ESG (environmental/social/governance) risks across their entire supply chain, from upstream customers, through their own internal operations, down to third- and even fourth-party suppliers. Its “Forte Vendor Risk Management” module helps you identify, profile, assess, and continuously monitor risks tied to suppliers and partners; you can issue assessment questionnaires (or customize them), collect supplier responses, verify evidence for high-impact vendors, and generate detailed assessment reports, management dashboards, and issue-tracking workflows. It goes beyond one-time audits, offering live monitoring of threat intelligence, exposure on the dark web, credit-score changes, ESG ratings, and other risk indicators, which helps you stay informed about evolving supplier vulnerabilities. -
13
Truzta
Truzta
Truzta is an AI-powered security and compliance automation platform that helps organizations achieve, maintain, and scale compliance with major frameworks such as ISO 27001, SOC 2, HIPAA, and GDPR by automating gap assessments, controls implementation, policy generation, evidence collection, continuous monitoring, and audit readiness in one unified dashboard. It accelerates compliance readiness with automated evidence collection that integrates with hundreds of tools, real-time alerts on failing controls, and continuous penetration testing and risk assessment to detect vulnerabilities proactively. Truzta includes secure code review, cloud security posture management, API security, automated access reviews, incident management, third-party risk management, and customizable policy templates, reducing manual work and errors while keeping documentation audit-ready. It simplifies workflows with seamless integrations, structured change management, and centralized reporting. -
14
Auditive
Auditive
Auditive is a Third-Party Risk Management (TPRM) platform with continuous monitoring, empowering buyers and sellers to confidently engage with each other, like never before. Auditive's unique network approach eliminates 80% of the risk review work for businesses and their vendors. Buyers can complete third-party risk reviews four times faster, continuously monitor risk across their entire vendor portfolio, and gain near-instant visibility into third-party risk, resulting in a 35% increase in vendor response rates. Sellers benefit by avoiding repetitive questionnaires, focusing on high-value initiatives, marketing their security posture on the Auditive network, and building trust with customers. The platform supports evaluation against industry-specific frameworks, ensuring accurate risk assessment. Auditive integrates seamlessly with procurement and productivity workflows, enabling rapid onboarding and continuous monitoring of all vendors in one place.Starting Price: $800 per month -
15
Neverfail Auditmation
Neverfail
The Neverfail audit automation (Auditmation™) platform delivers an unbiased, machine-based assessment tool that enables auditors and vendor managers to perform immutable assessments of real-time compliance, risk, and security postures through automated evidence collection, control testing, and remediation. As an external, machine-driven process, Auditmation™ does not relay on people, tools, questionnaires, or scans. Instead, it relies solely on machine-validated truth as the path to actual risk assurance. Companies rely on a complex and ever-changing IT environment to underpin nearly all aspects of business operations. The increasing reliance of business on applications makes downtime and data loss unacceptable. Only the Neverfail Continuity Engine delivers continuous availability that businesses, their users, and their customers demand for their most important business services. -
16
Proof&Trust
Proof&Believe LLC
We’ve dedicated 6 years to crafting the perfect algorithm for vendor risk assessment. This algorithm has been meticulously refined and enhanced with cutting-edge AI technologies, ensuring unparalleled accuracy and efficiency. Vendors provide evidence and answer 32 straightforward questions covering various aspects of their operations, compliance, and security measures. With our user-friendly interface, 95% of vendors complete the assessment in under 30 minutes, minimizing disruption to their operations. Our algorithm thoroughly analyzes vendor-provided evidence and responses, leveraging AI to identify risks, vulnerabilities, and compliance issues. Businesses receive a comprehensive report with actionable insights and recommendations, enabling informed decision-making and proactive risk management. -
17
Perimeter
Perimeter
Our Mission Is Simple: Deliver painless, real-time vendor risk management through one integrated platform - from onboarding to assessment to continuous monitoring. We give teams the tools they need to automate assessments, validate vendor responses, monitor risk continuously, and respond to issues before they escalate - all without adding headcount, complexity, or overhead. We were founded to fix the inefficiencies and blind spots plaguing traditional VRM programs - programs that are too slow to scale, too manual to trust, and too fragmented to protect against real-world threats. -
18
FundMore.ai
FundMore.ai
FundMore.ai is an automated underwriting system that uses machine learning to streamline the pre-funding process for loans. Our platform lets you leverage customizable automation, enhance the borrower experience through analytics, reduce risk using AI, and improve your cycle times for new accounts. Your company spends a lot of time underwriting loans, and these files don’t always pan out. That’s many wasted hours that you could save with an automated system. FundMore.ai helps you eliminate outdated spreadsheets, reduce your reliance on individual talent, and create an optimized underwriting process that is scalable and risk-sensitive. Expedite and deliver a fully transparent and automated underwriting process that’s ideal for both lenders and borrowers. Improve your company’s risk management using predictive modeling and pattern recognition to assess risk and provide real-time reasoning. -
19
Whistic
Whistic
The best way to assess, publish, and share vendor security information. Automate vendor assessments, share security documentation, and create trusted connections—all from the Whistic Vendor Security Network. Once companies start using Whistic, they can’t imagine how they managed vendor security assessments or responded to questionnaire requests before. Avoid the black box security reviews of the past by openly sharing vendor security requirements and publishing profiles. Focus on establishing trust rather than chasing down spreadsheets. Initiate assessments, assign inherent risk, engage vendors, calculate risk scores and trigger reassessments—automatically. In the fast-paced business environment we’re living in, no one has time for the slow, outdated security review processes of the past. Access the security posture of thousands of businesses immediately with Whistic. -
20
Scale Evaluation
Scale
Scale Evaluation offers a comprehensive evaluation platform tailored for developers of large language models. This platform addresses current challenges in AI model assessment, such as the scarcity of high-quality, trustworthy evaluation datasets and the lack of consistent model comparisons. By providing proprietary evaluation sets across various domains and capabilities, Scale ensures accurate model assessments without overfitting. The platform features a user-friendly interface for analyzing and reporting model performance, enabling standardized evaluations for true apples-to-apples comparisons. Additionally, Scale's network of expert human raters delivers reliable evaluations, supported by transparent metrics and quality assurance mechanisms. The platform also offers targeted evaluations with custom sets focusing on specific model concerns, facilitating precise improvements through new training data. -
21
Kroll Compliance
Kroll
Third parties, customers, and partners present legal, reputational, and compliance risks to your organization. The Kroll Compliance Portal arms you with the capabilities to control those risks at scale. Relative risk can dictate the need for a closer look. Emailing back and forth with analysts and downloading and saving files can slow you down, create a gap in the audit trail, and leave you vulnerable to information security risks. Take the due diligence process out of emails and file folders and bring order with the Kroll Compliance Portal. Many compliance programs become time and resource intensive because of manual processes or inflexible software. Put an end to that with the Kroll Compliance Portal’s Workflow Automation. Your business demands efficient third party onboarding. You need an accurate risk assessment. The Kroll Compliance Portal Questionnaire accelerates the onboarding process through automation, tracking and scoring in line with your risk model. -
22
Riskonnect
Riskonnect
Riskonnect is a trustworthy and reliable Integrated Risk Management system that offers a developing suite of solutions on a world-class cloud computing model, which empowers customers to promote their projects for the administration of all risks across the enterprise. Riskonnect enables organizations to comprehensively grasp, oversee and control dangers, positively affecting shareholder value. Riskonnect's exceedingly configurable technology is perfect for groundbreaking associations confronting increased examination and accountability for corporate governance, strategy, and strategic risk. The incorporated arrangements encourage the capacity to get ready for and respond intelligently to all risks that could potentially hurt an organization and its' competitive position, harm the corporate reputation and limit key development. Once completely incorporated, Riskonnect's features include Auditing, Business Process Control, Corrective Actions (CAPA), Risk Assessment, and Compliance. -
23
Intapp Intake
Intapp
Quickly capture critical risk-related information about your new and recurring business with Intapp Intake. Conduct thorough due diligence with speed and accuracy, using modern business processes, including dynamic risk-based questionnaires, workflows, and scoring models that integrate with your other systems and trusted third-party data sources. Collect information and assess risk with greater speed and accuracy. Align your onboarding decisions with your firm’s strategy. Centralize the critical information and processes that protect your firm. Design better processes with dynamic workflows, forms, and approval routing. Enforce firm policies through the automated creation and collection of engagement letters. Streamline the collection of external information for internal risk assessment processes, such as lateral hires or AML. Align onboarding decisions with your firm’s risk appetite using defined risk-scoring metrics. -
24
VivoSecurity
VivoSecurity
Regulators and management need 3rd party assessment that are accurate and not based upon opinions or assumptions. VivoSecuiry enables our customers to satisfy regulators by assessing true 3rd party risk, which is the probability that one of their vendors will have a data breach, obsoleting the use of questionnaires, maturity scores and SOC2 reports. The risk from 3rd parties is from breaches caused by the sheer number of vendors. VivoSecurity quantifies this risk twice per year, with an aggregate forecast. We help senior management set risk appetite goals with a testable forecast of data breach frequency. We help cybersecurity teams identify the few vendors that represent most of the risk, we then quantify the value of mitigation. Finally, we satisfy regulators with an accurate and documented process for vendor assessment using an empirical and transparent regression model for probability of data breach. -
25
ioModel
Twin Tech Labs
ioModel is designed to provide existing analytics teams access to powerful machine learning models without having to write code, significantly reducing development and maintenance costs. Furthermore, analysts can then validate and understand the efficacy of models developed on the platform using well understood and proven statistical validation techniques. The ioModel Research Platform will do for machine learning what the spreadsheet did for general computing. The ioModel Research Platform is developed entirely using open source technology and is itself available (without support or warranty) under the GPL License on GitHub. We invite our community to collaborate with us on the roadmap, development, and governance of the Platform. We’re committed to working openly and transparently to drive forward analytics, modeling, and innovation.. -
26
FairNow
FairNow
FairNow equips organizations with all the AI governance tools they need to ensure global compliance and manage AI risk. Loved by CPOs, CAIOs, risk management, and legal professionals, FairNow's features are simplified, centralized, and empowering for the entire team. FairNow’s platform continuously monitors AI models to ensure that every model is fair, compliant, and audit-ready. Top features include: - Intelligent AI Risk Assessments: Conduct real-time assessments of AI models, using their deployment locations to highlight possible reputational, financial, and operational risks. - Hallucination Detection: Proactively detect errors and unexpected answers. - Automated Bias Evaluations: Automate bias evaluations and mitigate algorithmic bias as it happens. Plus: - AI Inventory - Centralized Policy Center - Roles and Controls FairNow’s AI governance platform helps organizations build, buy, and deploy AI with complete confidence. -
27
TreatyIQ
Moody's Corporation
Moody's TreatyIQ delivers advanced financial modeling and extensive treaty and portfolio analytics for reinsurers. Its robust financial model can capture complex treaty structures, enabling underwriters to monitor risk positions, assess pricing performance, and build well-balanced portfolios. The platform unifies treaty underwriting and portfolio management within a single ecosystem, allowing users to create and analyze complex treaty and portfolio structures without manual workarounds or calculations. TreatyIQ empowers underwriters to maximize treaty reinsurance profits, paving the way for business growth and investment opportunities. A major global reinsurer enhanced portfolio management with Moody's RMS TreatyIQ, achieving 90x faster treaty roll-ups and 14% fewer blind spots. By modernizing treaty risk analytics, TreatyIQ enables insurers to assess the true marginal impact of each treaty on the portfolio and the real-time marginal impact of the program. -
28
SmartAssessor
SmartAssessor
SmartAssessor is an AI-powered digital platform designed to streamline compliance, inspection, certification, and audit processes by capturing, structuring, and reviewing evidence in a centralized system. It enables organizations to upload and manage documents, photos, videos, reports, and checklists from both field and office environments, ensuring that all compliance evidence is organized, accessible, and audit-ready at all times. It maps collected evidence directly to regulatory standards, inspection criteria, or frameworks, creating structured assessments that improve consistency and clarity across reviews while reducing manual effort. Using advanced multi-model AI, SmartAssessor can automatically evaluate evidence against standards, delivering fast, objective, and data-driven assessments while still allowing human oversight and control over the process. It supports automated review of documents, images, audio, and video, significantly reducing assessment time. -
29
Vendor360
CENTRL
Vendor360, CENTRL’s Vendor Risk Management Software, streamlines the entire process of managing the 3rd party risk lifecycle. Through centralized, easy-to-use workflows, and powerful internal and external collaboration capabilities, Vendor360 provides you with the tools and content needed to identify, manage, assess and mitigate third party risks across all stages of your organization’s vendor life-cycle. Advanced and flexible third party risk management platform for aggregating your vendor data, automating your assessments and getting control over your vendor risk management process. -
30
ByteChek
ByteChek
Simplify compliance with ByteChek’s advanced and easy-to-use compliance platform. Build your cybersecurity program, automate evidence collection, and earn your SOC 2 report so you can build trust faster, all from a single platform. Self-service readiness assessment and reporting without auditors. The only compliance software that includes the report. Complete risk assessments, vendor reviews, access reviews, and much more. Build, manage, and assess your cybersecurity program to build trust with your customers and unlock sales. Establish your security program, automate your readiness assessment, and complete your SOC 2 audit faster, all from a single platform. HIPAA compliance software to help you prove your company is securing protected health information (PHI) and building trust with healthcare companies. Information security management system (ISMS) software to help you build your ISO-compliant cybersecurity program and earn your ISO 27001 certification.Starting Price: $9,000 per year -
31
Halo Ai
Halo Ai
Use Halo Ai to reduce costs, increase quality, and support business growth. It’s a full-body scan for your vendors. We continuously integrate millions of data points from countless sources covering 430M private and public companies globally. We eliminate time-consuming questionnaire completion work and deliver compliance control assessments in minutes. Our trained AI models connect, correlate, and contextualize 1,000s of data points to bring you the full risk story. We give you a 360 view of your vendors to create better situational and informed awareness of areas of concern. We identify vendors highly susceptible to attack with specific actions to mitigate risks. See real-time changes automatically so you always have an accurate comprehensive risk picture at your fingertips. Leverage automation to focus your best people on the most impactful areas. Unlock growth in your business and proactively reduce risks to protect your organization. -
32
VeriRFP
VeriRFP
VeriRFP is a full-lifecycle platform for RFPs, security questionnaires, DDQs, and vendor risk assessments — built for B2B revenue and security teams. Evidence-backed AI drafting cites specific passages from your approved evidence library (SOC 2 reports, policies, pen tests) and flags for human review when evidence is insufficient. A full buyer-delivery surface includes trust centers, procurement portals, deal rooms, and compliance-pack exports. CSA Agentic Trust Framework-aligned AI agent governance with signed audit records and anomaly monitoring. Native integrations with Salesforce, HubSpot, and Jira. Three deployment paths: cloud SaaS, Bring-Your-Own-Key (BYOK), and on-device Private Edition for Mac. Headquartered in Columbus, Ohio. -
33
Coverbase
Coverbase
Coverbase is an AI-native procurement and third-party risk management platform designed to automate and orchestrate the entire supplier lifecycle, from initial intake and vendor sourcing to due diligence, contract management, and continuous monitoring. It enables organizations to request suppliers, assess inherent risk, and gather required documentation through autonomous AI agents that collect data from emails, portals, and internal systems without manual intervention, eliminating repetitive back-and-forth communication. It includes workflow automation that synchronizes approvals, tasks, and data across systems, along with a unified supplier data fabric that consolidates information from multiple tools into a single, consistent record to power workflows, reporting, and AI-driven decisions. Coverbase embeds security, compliance, and risk evaluation directly into procurement processes, allowing teams to validate controls, detect gaps, and maintain audit-ready records. -
34
Complyance
Complyance
Complyance is an AI-powered GRC platform designed for enterprise teams to centralize, automate, and manage their compliance, risk, vendor, and policy workloads. Its modular system includes out-of-the-box and fully customizable controls, a vendor management suite, risk registers, and a policy center. With hundreds of integrations into existing enterprise tools, Complyance automatically collects and maps evidence, continuously monitors controls and vendor risk, and keeps your compliance posture audit-ready. Built-in AI features (and optional specialized AI Agents) auto-draft policy documents, cross-map evidence to controls, score vendor risk, generate client questionnaire responses, and surface compliance gaps, cutting manual work by up to 70–90%. The AI operates in a privacy-first way; each client has an isolated instance, and no data is used to train shared models. -
35
Vendorapp
Vendorapp
Vendorapp is a powerful, fully automated vendor and supplier risk management platform that unifies vendor discovery, continuous risk assessment, contract lifecycle management, compliance onboarding, and strategic reporting into a single, intuitive interface. With one-click vendor assessments, Vendorapp Intelligence conducts real-time checks for sanctions, blacklists, ESG criteria, security posture, exposure risks, contract access, and more, powered by the largest global screening lists and a 22 million-vendor asset repository. Users can instantly search by name or URL, add preferred vendors, and receive smart alerts for upcoming expiries, cancellations, or breaches through a dynamic contract calendar. Automated smart assessments balance risk mitigation with operational efficiency, while smart contract management extracts key terms, type, value, renewal, and cancellation deadlines from uploaded agreements.Starting Price: $149 per month -
36
MinervaAI
MinervaAI
Grow fearlessly and make AML compliance work better and cost less. Enhanced due diligence in a single search. PEP, sanctions, and watchlist screening. Identifying ownership, networks, and predicted relationships. Adverse media with quantified risk analysis and fewer false positives. Complete audit trail and data lineage. Evolve with the regulations, no upgrades are required. Realize productivity and efficacy gains on day one. Accurate, current, and relevant data is pulled in real-time, every time. Smooth client onboarding and quick resolution of curious transactions. A data catalog to support every risk decision. MinervaAI’s financial crime risk assessment platform enables you to stop doing manual AML investigations and risk-assess in real-time instead. Use MinervaAI’s cloud-based risk assessment platform to build the modern financial crime program you need through audit and regulator proof documentation. -
37
CDCAT®
APMG International
Irrespective of an organization's size or cyber security maturity - CDCAT is the definitive means of measuring operational risk to establish effective cyber risk management and drive an organization's cyber transformation. The tool itself was developed by the Ministry of Defence's (MOD) Defence Science and Technology Laboratory (Dstl), made commercially available through APMG. The CDCAT service utilises this tool together with a plethora of frameworks, models, standards and sciences to run a full assessment of an organization's current cyber defenses and controls - highlighting any capability vulnerabilities. The assessment is crucial in creating an actionable plan to establish world-class cyber risk management, based on comprehensive and contemporary evidence. For public sector clients, CDCAT’s services are available on the Crown Commercial Service’s (CCS) supplier framework, Digital Outcomes and Specialists (DOS). -
38
Cybersecurity risks are present due to hackers, wayward or careless employees, bad configuration settings, and even failing hardware. Misdiagnosing these risks often results in an expensive loss of data, so it's important to take stock of what's happening across your environment. Here's how Powertech Risk Assessor for IBM i helps to assess and mitigate cybersecurity risks. Powertech Risk Assessor for IBM i gathers detailed security data and compares your system settings to best practices in minutes. The simple, automated process saves system administrators from spending days preparing reports and makes the audit process more efficient. Government and industry security mandates, including PCI DSS and HIPAA, require annual assessments of security risks. Powertech Risk Assessor for IBM i is an independent, third-party assessment that enables you to meet these requirements.
-
39
Vendifi
Vendifi
Vendifi is a cutting-edge third-party risk management (TPRM) platform built for regulated industries like healthcare, finance, and government. Designed to simplify vendor compliance, Vendifi automates the entire due diligence process—from creating regulatory-compliant questionnaires to distributing them, chasing third parties for documentation, and validating responses. Alongside automated due diligence, Vendifi provides advanced cybersecurity monitoring, including real-time threat detection, vulnerability assessments, and ransomware alerts. Built on Microsoft SharePoint and Azure, Vendifi integrates seamlessly with your existing ecosystem, ensuring data security and compliance within your Office 365 environment. Whether you're managing 10 vendors or 10,000, Vendifi scales with your needs, offering a centralized solution for third-party risk management, compliance tracking, and vendor lifecycle management.Starting Price: $11499/annual -
40
Fairly
Fairly
AI and non-AI models need risk management and oversight. Fairly provides a continuous monitoring system for advanced model governance and oversight. With Fairly, risk and compliance teams can collaborate with data science and cyber security teams easily to ensure models are reliable and secure. Fairly makes it easy to stay up-to-date with policies and regulations for procurement, validation and audit of non-AI, predictive AI and generative AI models. Fairly simplifies the model validation and auditing process with direct access to the ground truth in a controlled environment for in-house and third-party models, without adding overhead to development and IT teams. Fairly's platform ensures compliant, secure, and ethical models. Fairly helps teams identify, assess, monitor, report and mitigate compliance, operational and model risks according to internal policies and external regulations. -
41
Raptor Maps
Raptor Maps
The most robust digital twin of your solar assets in the industry. Create a comprehensive data model based on your as-builts and other sources of information, including an interactive site map. Insights powered by our industry-leading data model that get better over time with machine learning. Strengthening everything from commissioning to warranty claims to financial due diligence. A centralized and secure platform to store inspection reports, data, documents, CAD files, technical specifications, performance models, warranty documentation, shipping receipts, photographs and field notes. Preserved and made accessible with living geospatial equipment profiles, regardless of staff turnover or ownership changes. Get unlimited inspection reports and analytics from the market leader in aerial thermography. Raptor inspections are input agnostic — drones, planes, satellites or sensors — yours or ours. Access industry-leading training to ensure your data collection meets specifications. -
42
CUR8 Earth
CUR8 Earth
CUR8 is a carbon removal intelligence platform designed to help organizations assess, procure, and manage carbon removal credits with scientific rigor and market insight. It uses deep scientific models and data-driven analysis to evaluate the global carbon removal market, identify high-quality projects that meet strict due diligence thresholds, and curate a network of top-tier suppliers so buyers can invest with confidence while optimizing cost and impact. It offers tools to quantify financial, delivery, and brand risk, build risk-optimized portfolios spanning nature-based, hybrid, and engineered removal methods, and track and report on carbon assets over time. CUR8 also includes AI-powered strategy tools that simplify the complexity of carbon removal planning by enabling teams to simulate portfolios, assess risk, and align with recognized frameworks without needing expensive external consultants. -
43
ModelRisk
Vose Software
ModelRisk is a Monte Carlo simulation Excel add-in that allows the user to include uncertainty in their spreadsheet models. ModelRisk has been the innovation leader in the marketplace since 2009, being the first to introduce many technical Monte Carlo method features that make risk models easier to build, easier to audit and test, and more precisely match the problems you face. A ModelRisk user replaces uncertain values within their Excel model with special ModelRisk quantitative probability distribution functions that describe the uncertainty about those values. ModelRisk then uses Monte Carlo simulation to automatically generate thousands of possible scenarios. In the same way that Excel is used for many different types of analysis, ModelRisk is used to assess the uncertainty in the numbers produced by the Excel model. Users have performed risks analyses with ModelRisk in a vast range of fields. -
44
KCM GRC Platform
KnowBe4
You have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem. The KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable. Reduce the time you need to satisfy requirements to meet compliance goals with pre-built requirements templates for the most widely used regulations. Save time when you manage distribution of policies and track attestation through campaigns. Simplify risk initiatives with an easy-to-use wizard with risk workflow based on the well-recognized NIST 800-30. Easily prequalify, assess, and conduct remediation to continually monitor and keep track of your vendors’ risk requirements. KCM effectively reduces the time you need to satisfy all of the requirements necessary to meet risk and compliance goals. Spend significantly less time and money when dealing with your compliance and audit initiatives. -
45
LSEG Due Diligence Centre
LSEG Data & Analytics
An integrated, effective and practical platform that helps you manage the key areas of your compliance program and make better decisions. Manage your third parties across their entire lifecycle, including compliance risk assessments, due diligence, screening and monitoring, auditing and reporting, and offboarding. Our platform is designed by former compliance officers and has been built from the ground up with one sole purpose in mind: to meet the needs of compliance managers. The scale of our technology offerings suits enterprises with minimal requirements through to global Fortune 500 companies that regularly deal with hundreds of thousands of third parties across every continent. Configurable and personalized workflows align to your organization and third-party processes. Solution architecture that allows you to integrate with hundreds of systems – including SAP, SalesForce, Oracle and HRMS systems – using a standard API model. -
46
Klaay
Klaay
Klaay is an AI-powered compliance and risk management platform designed to automate and streamline security, governance, and audit processes for modern organizations. Built as an all-in-one compliance infrastructure, it replaces traditional checklist-driven workflows with intelligent automation that continuously monitors systems, maps controls, and surfaces risks in real time. It uses AI agents to handle tasks such as evidence collection, change tracking, configuration monitoring, and vendor risk analysis, reducing manual effort and helping teams stay audit-ready without constant intervention. It supports frameworks like SOC 2 and extends into AI governance, enabling organizations to manage emerging risks related to artificial intelligence systems, including data integrity, model behavior, and vendor dependencies. Klaay integrates with over 100 tools across development, communication, and cloud environments, allowing it to automatically gather data and maintain compliance.Starting Price: $149 per month -
47
hoggo
hoggo
hoggo helps businesses to assess and mitigate privacy risks effectively. hoggo's Trust Hub includes hundreds of automated vendor risk profiles and Trust Grades, based on an assessment conducted on public policies and answers to questionnaires. Using hoggo, businesses can cut down vendor approval time by at least 37% and eliminate manual and resource-intensive assessments, both for the company conducting the assessment and the one being assessed. Our mission is to transform privacy from a burden into a business opportunity and to promote trust and transparency around data privacy practices.Starting Price: 0 -
48
JBA Risk Management
JBA Risk
JBA Risk Management, known as "The Flood People," specializes in advanced flood modeling services, offering comprehensive flood maps, catastrophe models, and analytics that cover 99.98% of the world's landmass. Their solutions are utilized by leading insurers, reinsurers, financial institutions, property companies, and governments to assess and manage flood risk effectively. JBA's global flood data enables clients to understand flood risk at specific properties or locations, facilitating informed decision-making in insurance underwriting, pricing, portfolio management, asset investment, and disaster risk reduction. Their offerings include high-resolution flood mapping, probabilistic flood modeling, and climate change analytics, providing insights into future flood scenarios under various climate conditions. Additionally, JBA collaborates with platforms like Nasdaq's ModEx to enhance accessibility and integration of their models. -
49
TCT Portal
Total Compliance Tracking
Overwhelmed by the storm of multiple compliance assessments year after year? TCT Portal lights the path to audit efficiency to reduce thrashing, organizational risk, and resources caught up in the maelstrom. Total Compliance Tracking helps organizations and auditors take control of their audit and assessment information, in even the most complex compliance environments. Managing multiple compliance standards? The more compliance assessments and audits you have, the more time and effort you will save. Choose from dozens of ready-built compliance audit and assessment templates for common audit standards - such as GLBA, HIPAA, ISO, NAID, NIST, PCI, and SOC 2 - to start managing compliance out of the box. And, yes, if you have a requirement that maps to multiple audits, you can map your evidence across multiple audit requirements. Or, you can completely customize your compliance requirements.Starting Price: $249 per month -
50
Strategy Overview
Strategy Overview
Strategy Overview is a vCIO/QBR automation platform built by MSPs to streamline client strategic planning and digital transformation. It automates quarterly business reviews, including assessments, executive summaries, dashboards, roadmaps, budgets, and Office 365 and asset lifecycle reporting, via a modular template engine powered by the Arya AI agent. The system integrates with PSA/RMM tools (ConnectWise, Autotask, Kaseya BMS, Syncro, Halo PSA) and Office 365 to sync company data, assets, user lists, tickets, warranties, and licensing. Clients gain access to a fully white-labeled portal showcasing their strategy, health scores, asset and user data, tickets, budgets, and roadmaps. It updates warranty and asset information automatically, enabling MSPs to reduce QBR prep time from hours to minutes, standardize processes, surface security/compliance insights, drive proactive recommendations, and convert assessments into strategic revenue guidance.Starting Price: $60 per month
