Vendor Risk Management

Third-party security assessments that are not a 200-question form.

Pricing: Starting at $3,500
Timeline: 2 to 3 weeks

What you get

Deliverables

Vendor risk program setup: vendor inventory, tiering, assessment methodology, and continuous monitoring approach. Plus a standing service to review net-new vendors as your team onboards them.

Vendor inventory with data-flow classification
Risk tiering methodology (critical, high, moderate, low)
Tier-appropriate assessment templates
SaaS-native continuous monitoring setup
Escalation path for failed assessments

Fit

Who this is for

Companies with more than 20 third-party vendors touching production systems or customer data.

Related advisorys

Incident Response Planning

Runbooks, tabletops, and actual preparedness.

Starting at $4,500

Security Policy Authoring

Policies you will actually follow, not template dumps.

Starting at $2,500

Risk Management Program

A risk register that informs decisions, not just checks boxes.

Starting at $4,500

Not ready to talk? Score your SOC 2 readiness.

Twenty questions, a scored PDF in your inbox, a realistic timeline to audit. Free.

Start the scorecard

Ready when you are

Your next move starts with a 30 minute call.

If vCISO is not a fit, we will say so on the call and point you toward someone who is. If we are, we will scope a Sprint, the 90-Day Foundation, or a retainer right then.

Book a discovery call See engagement options