Third-party risk management

Know your vendors. Prove it to the regulator.

VendorGuard tracks every third-party vendor, runs risk assessments against DORA, NIS2, and ISO 27001:2022, and keeps a register of information, incidents, contracts, and follow-up tasks in one place.

Everything a third-party risk programme needs

Three assessment templates, ready to send

VendorGuard ships with the DORA ICT Third-Party Provider Assessment, the NIS2 Supplier Security Assessment, and the ISO 27001:2022 Supplier Set. Each question cites the article or control it is grounded in where that reference is certain, so an assessor can trace every answer back to the source regulation. Answers score 0 to 100 per question; VendorGuard rolls that up into a weighted score per domain and an overall score for the assessment.

A working register of information

Article 28(3) of DORA requires financial entities to maintain a register of information on contractual arrangements with ICT third-party providers. VendorGuard's register view pulls provider identity, criticality, and contract terms into that shape and exports it as CSV. It covers the fields most commonly requested — it is not a substitute for the full RTS templates required for submission to a competent authority.

Bring your vendor risk programme into one system

VendorGuard is part of the Spot Suite. Sign in with your Spot Suite identity once it is provisioned for your organisation.