Products
PostureIQRiskCommandClioComplianceGuardVigil VRMCompassVigil Platform
Solutions
For CISOs & Security LeadersFor vCISO PracticesFor Cyber Insurance BrokersFor IT & GRC ConsultanciesFor Regulated Industries
Company
PricingResourcesAboutContact
Request a DemoStart Free Trial
Vendor Risk Management

Vigil VRM

Know your vendors' risk before it becomes your risk.

Vigil VRM gives you a structured, NIST 800-161 C-SCRM–aligned vendor registry with tiered risk scoring, automated questionnaire workflows, continuous monitoring, and DORA ICT third-party reporting.

Start Free TrialRequest a Demo
app.vigil.com/vrm
VENDOR RISK REGISTRY — NIST 800-161 C-SCRM
43 vendors tracked · 5 critical suppliers
VendorTierScoreStatus
Salesforce CRMTier 186Compliant
AWS InfrastructureTier 191Compliant
Legacy HR SystemTier 243At Risk
Email Marketing CoTier 367Review Due
Payroll ProcessorTier 178In Review
The Problem

Most vendor risk programs are spreadsheets with stale questionnaire responses. Vigil VRM replaces them with a live, scored vendor registry that automatically detects when a supplier's risk posture changes — before it's a headline.

Capabilities

Everything you need to manage Vigil VRM at scale.

🔗
NIST 800-161 C-SCRM
Build a supply chain risk management program aligned to NIST SP 800-161 with tiered vendor classification and continuous scoring.
📊
Tiered Vendor Risk Scoring
Automatically score vendors as Tier 1 (critical), Tier 2 (important), or Tier 3 (standard) based on access level and data classification.
🇪🇺
DORA ICT Third-Party Register
Maintain the required DORA ICT third-party service provider register and generate regulatory reports in one click.
📋
SIG Lite / CAIQ Questionnaires
Send, track, and score standardized security questionnaires. Receive responses directly in the platform.
📡
Continuous Security Ratings
Integrate with BitSight, SecurityScorecard, or UpGuard for continuous outside-in vendor monitoring.
🗺️
Supply Chain Exposure Map
Visualize your entire supply chain — nth-party suppliers included — as an interactive risk map.
How It Works

Up and running in 30 minutes.

Step 1
Import your vendor list
Upload your vendor list from a spreadsheet or connect to your procurement system. Vendors are auto-tiered.
Step 2
Score and monitor
Send questionnaires, receive outside-in ratings, and track vendor posture changes continuously.
Step 3
Report to the board
Generate DORA ICT register reports, supply chain risk summaries, and vendor risk trending in one click.
Framework Coverage
NIST SP 800-161NIST CSF 2.0 GV.SCDORA ICT Third-Party RiskISO 27036SOC 2 Vendor ManagementFedRAMP Supply Chain
Pricing

Simple, transparent pricing.

Starter
$399/month

Up to 25 vendors, core scoring.

25 vendor profiles
SIG Lite questionnaires
Tiered risk scoring
Email support
Start Free Trial
Professional
$799/month

Unlimited vendors, DORA module.

Unlimited vendors
DORA ICT third-party register
Continuous monitoring integrations
Supply chain exposure map
API access
Start Free Trial
Enterprise
Custom

Complex supply chains, custom workflows.

Nth-party tracking
Procurement system integration
Custom questionnaire templates
Talk to Sales

See Vigil VRM in action.

Book a 30-minute demo. We'll show you exactly how your organization would use Vigil VRM — configured to your industry and frameworks.

Book a DemoStart Free Trial