Vendor inventory
One unified record per third-party. Tiered by data sensitivity × business criticality × access type. Attestation cycles enforced per tier; breach feed sweeps daily against CISA KEV.
Vendors tracked
15
15 active · 0 other
Tier 1 (annual)
8
SOC 2 + cyber questionnaire
Tier 2 (biennial)
4
Review every 24 months
Open breach hits
0
Unacknowledged feed matches
All vendors
Sorted by risk score (highest first)
15 rows
| Vendor | Tier | Status | Score | Breaches |
|---|---|---|---|---|
Okta Single sign-on + MFA for all employee apps. | T1 | active | 90 | — |
Amazon Web Services Production cloud hosting (EC2, S3, RDS). | T1 | active | 90 | — |
1Password Shared secret vault. | T1 | active | 73 | — |
Stripe Card payment processing. | T1 | active | 72 | — |
Brex Corporate cards + expense management. | T1 | active | 62 | — |
Google Workspace Email, calendar, docs. | T1 | active | 62 | — |
GitHub Source code hosting + CI. | T1 | active | 62 | — |
QuickBooks Online Accounting + AP/AR. | T1 | active | 62 | — |
Vanta SOC 2 / ISO automated evidence collection. | T2 | active | 52 | — |
Resend Transactional email API. | T2 | active | 52 | — |
Slack Internal team chat. | T2 | active | 52 | — |
Linear Issue tracking. | T2 | active | 35 | — |
ZoomInfo Sales prospecting data. | T3 | active | 28 | — |
Figma Design tooling. | T3 | active | 28 | — |
Notion Internal wiki. | T3 | active | 28 | — |