4.9 from 29 reviews
Vendor module in every plan

Every vendor. Classified. Audit-ready.

Every supplier in one portfolio. Risk before and after measures, approval and subcontractor on the record - not 14 email threads and a March spreadsheet.

Risk before & after measures - On the same record
Record view

One click in the portfolio. Every field the auditor asks for.

Risk class before and after measures, subcontractor classification, security requirements, compliance evidence - all on the same record, mapped to ISO® 27001 and TISAX®.

  • Risk before and after measures, both kept on the record
  • Subcontractor risk as a separate classification
  • Security requirements documented per vendor
  • AuditMagic pill on the record itself, findings by severity
valiido.app/isms/vendors/aws

The real detail panel - here with AWS, risk reduced from Very High to High via documented measures.

Vendors in Valiido - one portfolio, no second tool.

Inventory, contracts, approval, risk, reassessment - all on one record, mapped to ISO® 27001 A.5.19-A.5.23 and TISAX®. No €20k GRC licence, no second system to reconcile.

One portfolio, every vendor

Hosting, cloud, consulting, hardware, telecom - all in one inventory. Filter by type, status, or risk class.

Management
  • Definition of Scope
  • Risk management procedure
  • Risk assessment
  • Training concept
  • Audit program

Contracts and compliance evidence

DPA, SOC 2 reports, ISO certificates on the vendor itself. Compliance description and audit summary, same view.

Risk before and after measures

Normal, high, very high - once before, once after measures. The reduction is on the record, not just the residual.

Approval, contracts, audit - one record

Approval status, security requirements, compliance description, audit references - all on the same vendor. Open, scroll once, evidence found.

  • Understand the Standards
  • Assessment and Planning
  • Documentation and Implementation
  • Ongoing Compliance

Reassessment cycle on autopilot

Annual review windows per vendor. Anything older than 12 months flips to Assessment overdue on the record itself.

Valiido
Christopher Eller
Christopher Eller
Founder and Consultant at Valiido

1,200 projects completed700+ satisfied clients

Subcontractor classification

Each vendor carries its own subcontractor risk class - visible on the record, not on a separate list.

AuditMagic checks them too

Every Monday AuditMagic reads every vendor again.

Each vendor record is checked against three layers: Valiido best practices, ISO® 27001 A.5.19-A.5.23, and the TISAX® supplier controls. On Monday you see what the auditor will ask in November - sorted wrong-first, good-last.

See AuditMagic
  • Valiido best practices: risk class before & after kept, assessment within 12 months, subcontractor documented.
  • ISO® 27001 A.5.19-A.5.23: requirements, sourcing, monitoring, cloud services, agreements.
  • TISAX® controls (5.2): Information Security in Supplier Relationships.

Start with Valiido today.

Four steps. The same four the auditor checks.

Inventory, assess, contract, monitor - what your team owns is what the auditor sees. No second tool, no parallel sheet, no translation in between.

Step 1

Inventory

Add every supplier you depend on. Hosting, cloud, contractors, hardware - one record per vendor, classified by type.

Step 2

Assess

Classify risk before and after measures. Document subcontractor risk and security requirements. Auditors see the reduction, not just the residual.

Step 3

Contract

Approve, attach compliance evidence and reference documents. Approval status, DPA and ISO clause references all sit on the same record.

Step 4

Monitor

Annual review windows are tracked per vendor. Anything older than 12 months flips to Assessment overdue on the record itself - no reminder spreadsheet on the side.

Common questions about the vendor module

How Valiido tracks third-party risk, how the assessment cycle runs, and what reaches the audit.

The alternatives

What an ISMS usually costs.

You can pay consultants, buy template packs, or start from zero. Or you can use Valiido.

Consulting project

€15,000 - 25,000

per project, plus your time

Template pack

€800 - 2,000

plus rewrite work, no updates

Valiido

from €149/month

flat rate, 50 employees included (€124/month billed annually)

Every supplier on the portfolio. Risk before and after.

Hosting, cloud, consulting, hardware, telecom - every supplier on one portfolio, classified before and after measures, with the subcontractor classification on the record. AuditMagic re-checks each record every Monday against Valiido best practices, ISO® 27001 A.5.19-A.5.23 and TISAX®.

Pick a plan, bring your existing vendor list - no setup call, no €20k GRC tool, no reconciliation in the rear-view.

  • Vendor module in every plan
  • ISO® 27001 A.5.19-A.5.23 + TISAX® references
  • AuditMagic re-checks vendors weekly
Christopher Eller, founder of Valiido Christopher, Founder Questions? Message me.