VendorProof

VendorProof is a web app (with optional Slack/Teams integration) that automates third‑party risk evidence collection for SOC 2, ISO 27001, and customer security questionnaires. Instead of spreadsheets and endless follow-ups, you create a vendor list, pick required artifacts (SOC 2 report, ISO cert, pen test summary, insurance, DPAs, subprocessor lists), and set renewal cadences. The system sends branded requests, tracks status, stores evidence with expiry dates, and generates an audit-ready “vendor evidence pack” per vendor and per control. It also provides a lightweight questionnaire portal for vendors and a change-log of what was provided when. An AI layer can classify uploaded docs, extract key fields (report period, auditor, exceptions), and flag missing/expired items, but the core value works without AI. This is not a full GRC suite; it’s a focused evidence-chasing machine.