Assess a Vendor Instantly

Calyssa Nowviskie Updated by Calyssa Nowviskie

With Instant Assessment, VISO TRUST gives you immediate visibility into a vendor’s security posture — the moment you create a relationship.

Whether you add a vendor relationship manually, import in bulk, or discover them through Vendor Discovery, VISO TRUST automatically analyzes the vendor using publicly available data to generate risk insights within seconds.

There’s no waiting, no outreach, and no questionnaires required to begin evaluating risk.

What Instant Assessment Includes

As soon as you create a new relationship, VISO TRUST gathers and analyzes open-source data to build a vendor risk profile that includes:

Predicted Inherent and Residual Risk Scores

VISO TRUST calculates predicted risk scores based on a combination of known data, OSINT sources, and insights from our broader knowledge graph. This gives you an immediate understanding of how risky the vendor may be — even before collecting any documentation.

You can further refine this by adding a business case, which describes how your organization will work with the vendor. Once added, predicted risk is automatically updated based on the context of the relationship (e.g., data sensitivity, usage, business criticality).

Predicted Control Coverage

Instant Assessment estimates which security controls the vendor is likely to have in place based on discovered public evidence (like a SOC 2 Type II or ISO 27001 certification). This gives your team a high-level view of how mature the vendor’s security program may be — before requesting documents.

Public Artifacts and Compliance Certifications

VISO TRUST automatically discovers and collects publicly available security and compliance documentation, including:

  • SOC 2, ISO 27001, and other certifications
  • Security and privacy pages
  • Audit reports
  • Public trust centers
  • Breach disclosures or incident reports

This eliminates the need for your team to manually research vendor websites or request standard documents unnecessarily.

Understanding Public Artifacts and Compliance Certifications in Risk Analysis
In the Risk Analysis tab, you’ll see results derived from public artifacts and compliance attestations we were able to find:

When we are able to retrieve a publicly available artifact, we detect security language and map it to controls.

If a vendor claims compliance (e.g., displays a SOC 2 badge on their website), we give them partial credit for that certification’s control coverage.

To reduce uncertainty and fully validate a vendor’s security posture, we recommend requesting the official artifact (e.g., the full SOC 2 report) directly from the vendor.

Company Details

We gather firmographic and operational details such as:

  • Company size and industry
  • Domains and associated websites
  • Headquarters location

This information helps contextualize the risk and supports automatic population of vendor profiles.

Where to Find Instant Assessment Results

Once a relationship is created, Instant Assessment results are aggregated in the Assessment tab on the relationship. To go deeper, details are available across several tabs in the vendor’s profile:

Assessment Tab

Summarizes predicted inherent and residual risk scores, control coverage, and key findings from publicly sourced information.

Risk Analysis Tab

Details predicted control coverage based on discovered evidence and identifies any detections related to vendor risk indicators.

Monitoring Tab

Surfaces risk advisories and events discovered from public web monitoring. This includes security incident disclosures, breach reports, or other publicly posted risks associated with the vendor.

Artifacts Tab

Displays the list of public artifacts found during our OSINT scan.

Details Tab

Includes company metadata, domains, firmographics, and other foundational vendor details.

What Happens Next

Once you’ve reviewed the Instant Assessment, you can take action immediately:

  1. Export a Branded PDF Summary

    Generate a professionally formatted PDF of the assessment summary to share with stakeholders or attach to internal workflows.
  2. Update the assessment with more information

    If additional evidence is needed (e.g., non-public documentation or responses), upload artifacts or trigger a collection request. VISO TRUST will reach out to the vendor and guide them through a streamlined document-sharing process.

Frequently asked questions

How do I get an Instant Assessment?
You get an Instant Assessment automatically whenever you create a relationship in VISO TRUST. This works whether you add a vendor individually, import in bulk, or discover them through Vendor Discovery.
What information goes into an Instant Assessment?
Instant Assessment is built from a combination of:

Publicly available artifacts (e.g. privacy policies)

Compliance certifications (e.g. SOC 2, ISO 27001)

Open-source intelligence signals (security pages, disclosures, trust centers)

Company firmographic details (size, industry, domains, HQ location)

Historical insights from the VISO TRUST knowledge graph
Does the vendor need to provide anything for an Instant Assessment?
No. Instant Assessment uses public data only. You don’t need to contact the vendor or send a questionnaire to receive predicted scores and coverage.

Summary

Instant Assessment helps your team move faster without compromising trust. By analyzing vendors the moment a relationship is created, VISO TRUST:

  • Eliminates the need for manual research
  • Surfaces risk insights without waiting on questionnaires
  • Prioritizes vendors based on predicted risk and coverage
  • Supports continuous monitoring from day one

All you need is a vendor’s website. We take care of the rest.

How did we do?

Updating a Vendor Assessment

Contact