Tutorial

Four steps to get value: run your first assessment, explore the Radar, manage vendors and evidence, then grab templates and resources.

1
Step 1 ~5 min

Run a supply chain assessment

Answer NIST-aligned questions, get automated scoring, and see remediation suggestions. Your responses save as you go.

  • Open the Supply Chain Assessment on the platform.
  • Complete the guided questionnaire.
  • Review risk score and attach evidence where required.
Start assessment How it works
2
Step 2 ~5 min

Use the Vendor Threat Radar

Build your vendor risk portfolio, map dependencies, and generate a NIST-aligned report — all from a single page. No account required to get started.

Baseline mode

Choose a service category (e.g. "IAM / SSO") and the Radar auto-fills likely risk data, regulations, and dependencies. Good for getting started quickly without vendor names.

Real-data mode

Enter your actual vendor names with manually provided dependency data. Risk scores are calculated from what you enter. Best for accurate reporting.

Hybrid mode

Mix placeholder categories with confirmed vendors. Use placeholders while you gather real data, then edit in-place to replace with actual names.

What you can do:

  • Add vendors — click "Add Vendor", select a mode and category, fill in the form. Inferred fields auto-populate in baseline mode.
  • Import a CSV — use the Import CSV button. Supports legacy format (7 columns), extended format (adds Service Type and Population Impacted), or the full dependency format (23 columns). Column headers are optional.
  • Dependency intelligence — fill in Upstream Providers and Dependent Systems when adding a vendor. The Radar detects shared upstream providers across vendors (concentration hotspots) and shows cascade impact per vendor.
  • Cascade preview — select any vendor from the dropdown in the Dependency Intelligence section to see which systems, functions, and regulations may be affected if that vendor is disrupted. Language is intentionally non-deterministic: "may be affected".
  • Generate a report — scroll to "Vendor Inherent Risk Report", optionally enter your organisation name, then click "Download HTML". The report includes a cover page, risk register, sector analysis, and a Dependency & Cascade View section. Use "Open for PDF" to print to PDF.
  • Filter and manage — use the risk-level filter to focus on Critical or High vendors. Edit any vendor in-place; delete to remove it. All data persists in your browser via localStorage.
About inferred data: Baseline mode auto-fills fields from a service-type taxonomy. These values are estimates — refine them with your actual vendor data when available. The Radar labels inferred entries as "Baseline (estimated)" in reports.
Open Vendor Threat Radar
3
Step 3 ~5 min

Manage vendors and evidence

One place for vendors, evidence, and decision records—so every approval is defensible for audit and procurement.

  • Use the Vendor Dashboard to list and filter vendors.
  • Attach questionnaires, attestations, and certificates to assessments.
  • Track exceptions and remediation.
Open Vendor Dashboard Trust & evidence
4
Step 4 ~2 min

Templates and resources

Grab assessment templates, best-practice guides, and FAQs so you can scale your process.

  • Download — templates and collateral.
  • Best Practices — NIST alignment, tiers, SBOM, evidence.
  • FAQ — assessments, evidence, compliance.
Go to Download Best Practices
How It Works Best Practices Pricing