Platform / Vendor Risk Management

The Vendor Risk Agent. Every third-party assessed, nothing slipping through.

Most breaches start with a third party. The outbound arm of the Targhee agent gives your team a library of pre-built assessment templates (SIG, CAIQ, NIST, custom) to send, tracks every response as it comes back, and scores each vendor against your risk framework — naming the specific gaps so your team can focus on the risk that matters. Full supply-chain visibility, without a single spreadsheet.

Request a demo See features
VR
Vendor Risk Dashboard
Updated 2 min ago
Live
Total
24
Low risk
14
Medium
7
High risk
3
Vendor
Framework
Score
Risk
AC
Acme Cloud Services
Cloud infrastructure
SIG Lite
84/100
Low
DF
DataFlow Inc.
Data processing
CAIQ v4
71/100
Medium
NP
Nexus Payments
Payment processing
SIG Core
62/100
High
CS
CoreSystems API
API services
NIST CSF
78/100
Low
3 high-risk vendors need review
View all →
10×
Faster than manual
vendor reviews
95%
AI accuracy
on vendor scoring
40+
Supported
frameworks
4min
Avg AI analysis
per vendor
§ 01 — Features

Third-party risk, finally scaleable.

Not a spreadsheet with extra steps. An end-to-end agent that handles the full assessment lifecycle — from first questionnaire sent to audit-ready record archived.

AI
01

AI risk scoring

Every vendor response analyzed control-by-control against your chosen framework. 0–100 score with specific findings, in under 4 minutes.

02

Gap flagging

AI surfaces control gaps with specific framework references — "fails SOC 2 CC9.2" — not generic scoring. Your team gets actionable findings.

03

Automated outreach

Send questionnaires in one click. Built-in reminders, deadline tracking, and vendor status updates — no more chasing over email.

04

40+ frameworks

SIG Lite, SIG Core, CAIQ v4, NIST CSF, HIPAA, and more — included. Or build a custom questionnaire with AI-suggested questions.

05

Continuous monitoring

Schedule annual reassessments. Get alerts when a vendor's risk posture changes mid-cycle — before it becomes a problem.

06

Full audit trail

Every assessment, score, remediation request, and approval timestamped and archived. Ready for SOC 2, ISO 27001, and HIPAA auditors.

§ 02 — Under the hood

Instant scores. Zero guesswork.

When a vendor submits their questionnaire, the AI reads every answer, cross-references supporting documents, and generates a detailed risk breakdown — with specific findings you can act on.

AI risk scoring

Every control scored. Every gap named.

Targhee doesn't just hand you a number — it breaks down the score by control domain, compares it to the vendor's previous assessment, and names the specific gaps with framework references. Your team knows exactly what to follow up on.

  • Control-by-control scoring against your chosen framework
  • Gaps flagged with specific control references (e.g. SOC 2 CC9.2)
  • Trend comparison — score changes from prior assessment
  • Remediation requests sent to vendors with one click
Nexus Payments Ltd.
SIG Core · Assessed Mar 18, 2026
High risk
62
out of 100
Previous
68 ↓6
Access control74%
Data encryption74%
Incident response48%
Third-party risk31%
Business continuity60%
⚠ AI-flagged gaps
No documented subprocessor inventory — fails SOC 2 CC9.2
Incident response plan not tested in past 12 months
MFA not enforced on all privileged accounts
Framework coverage

Every major framework. Out of the box.

Whether you're running a lightweight vendor screen or a deep-dive enterprise assessment, Targhee supports every major framework buyers use — or lets you build your own. Vendor responses are scored control-by-control against the framework you selected.

  • SIG Lite & Core, CAIQ v4, NIST CSF, NIST 800-171, ISO 27001
  • HIPAA, PCI DSS, GDPR, and 30+ others included
  • Custom questionnaire builder with AI-suggested questions
  • Swap frameworks mid-assessment without re-sending
Supported frameworks
40+ total
SIG Lite
128 questions · general
Included
SIG Core
627 questions · deep dive
Included
CAIQ v4
300+ · cloud providers
Included
NIST CSF
Cybersecurity framework
Included
HIPAA
PHI vendor requirements
Included
Custom
Build your own
Flexible
Assessment lifecycle

From first send to audit-ready in ten days.

Your team triggers each send with one click. After that, Targhee handles the lifecycle — automated reminders, receipt tracking, AI scoring the moment a response comes back, and full archival for audit. What used to take 4–6 weeks of manual follow-up now runs in the background.

  • One-click questionnaire delivery to vendor contacts
  • Automated reminders on configurable schedule
  • AI scoring triggered instantly on vendor submission
  • Approval workflow with full timestamped audit trail
Acme Cloud Services
SIG Lite · Total: 10 days
Complete
Questionnaire sent
Mar 1
SIG Lite delivered to vendor contact · 14-day deadline.
Automated
Reminder sent
Mar 4
Auto follow-up after 3 days. Vendor acknowledged in 2 hours.
Automated
Response received
Mar 9
All 128 questions answered · 3 supporting docs uploaded.
8 days
AI analysis complete
Mar 9
Score: 84/100 (Low) · 1 minor gap flagged.
4 min
Approved & archived
Mar 11
Next reassessment: March 2027.
Audit-ready
Total: 10 days · Manual review: 4 min Previously 4–6 weeks
§ 03 — Workflow

One workflow. Zero spreadsheets.

The full lifecycle — build, send, score, archive — handled by one agent. No email threads, no manual scoring, no "did we ever follow up on that?"

STEP 01
+

Build questionnaire

Pick from 40+ built-in framework templates or build your own. Customize any template to your vendor tier or risk appetite.

STEP 02

Send in one click

Deliver to vendor contacts with deadline tracking and automated reminders. Vendors answer in Targhee — no extra login required.

STEP 03
AI

AI scores responses

The moment a vendor submits, AI reads every answer and generates a risk score with specific gap findings in under 4 minutes.

STEP 04

Act & archive

Approve, request remediation, or reject. Every action is timestamped, archived, and exportable for your next audit.

§ 04 — Built for

Teams managing regulated supply chains.

Whether you're assessing 10 vendors or 10,000, Targhee scales with your third-party ecosystem — and keeps you compliant while it's doing it.

FS
Financial services

Manage supplier risk at enterprise scale

Banks, insurance, and fintech teams routinely assess hundreds of vendors annually — the kind of volume that breaks spreadsheets and demands real tooling. Targhee is built for exactly that scale, automating the tracking and scoring that previously took whole GRC teams full quarters.

HC
Healthcare & MedTech

Protect patient data across your vendor chain

Assess PHI-handling vendors against HIPAA-aligned questionnaires. AI flags data handling gaps before they become breach disclosures.

SW
SaaS & technology

Vet every vendor before onboarding

Fast-growing SaaS teams need to screen every vendor before integration — to protect customer data and keep SOC 2 clean. Targhee makes that a repeatable one-click workflow instead of a spreadsheet-and-email scramble.

§ 05 — The full platform

Vendor Risk is one side of the table.

You send questionnaires to your vendors. Your customers send questionnaires to you. Targhee handles both directions — one agent, one knowledge base, one audit trail.

QA
Inbound side

Questionnaire Automation

Your customers send you security questionnaires. Targhee's AI drafts every answer with citations and confidence scores. 95%+ first-pass accuracy.

Explore Questionnaire Automation →
TC
Before questionnaires arrive

Trust Center

Give buyers NDA-gated self-serve access to your compliance docs. Deflects 75% of inbound questionnaires before they ever reach your team.

Explore Trust Center →
§ 06 — Questions

What GRC teams ask us.

Common vendor risk questions.

Specific to your industry or vendor tier structure? Drop it in a demo and we'll walk through setup live against your real vendor list.

Book a demo →
When a vendor submits, the AI reads every answer, cross-references any supporting documents they uploaded, and maps responses to your chosen framework's controls. Each control gets a 0–100 score based on completeness of answer, evidence provided, and alignment with the control intent. The composite score is weighted by control criticality.
Yes. Default weights are based on industry convention (e.g. access control and encryption weigh heavily), but you can adjust weights per control domain or per vendor tier. A critical data processor can be held to stricter standards than a marketing tool.
No. Vendors receive a secure link and answer the questionnaire in a browser with no account required. For repeat vendors, they can optionally create an account to reuse prior responses across assessments — saving them significant time on reassessments.
You can schedule annual reassessments automatically. In between, continuous monitoring flags changes based on vendor self-reported updates, publicly disclosed incidents, and subprocessor changes. You get alerts via email or Slack when a vendor's score could meaningfully shift.
Yes. Upload your vendor list (CSV or direct integration with procurement tools), choose a framework per tier, and send hundreds of questionnaires in one batch. Automated reminders and AI scoring handle the rest. Your team only reviews the flagged ones.
Every vendor assessment is audit-ready for your SOC 2, ISO 27001, or HIPAA audits. Export records with full timestamps, scores, gap findings, remediation history, and approval signatures — matching exactly what auditors look for in third-party risk evidence.

Stop guessing about vendor risk.

See how fast you can get your entire vendor ecosystem assessed, scored, and audit-ready. Bring your vendor list to the demo and we'll walk through your first assessment live.

Request a demo See pricing
Included in every plan · Unlimited vendors · 20-minute demo