RiskLedger

RiskLedger is a web app (AI + traditional) that continuously scores third-party/vendor risk using real evidence instead of annual spreadsheet questionnaires. It ingests SOC 2/ISO reports, security policies, pen test summaries, incident disclosures, uptime pages, and public signals (breach news, domain/security posture) and maps them to common control frameworks. The app produces a defensible risk score, highlights missing/weak controls, and generates an audit-ready evidence pack with citations back to source documents. It also tracks changes over time so procurement and security can see when a vendor’s risk posture worsens between renewals. The MVP focuses on a narrow set of high-frequency vendor types (SaaS tools handling customer data) and a small number of frameworks (SOC 2 Trust Services + basic privacy). Expect heavy compliance scrutiny: the product must be transparent, explainable, and exportable.