Every vendor. Classified. Audit-ready.
Every supplier in one portfolio. Risk before and after measures, approval and subcontractor on the record - not 14 email threads and a March spreadsheet.
One click in the portfolio. Every field the auditor asks for.
Risk class before and after measures, subcontractor classification, security requirements, compliance evidence - all on the same record, mapped to ISO® 27001 and TISAX®.
- Risk before and after measures, both kept on the record
- Subcontractor risk as a separate classification
- Security requirements documented per vendor
- AuditMagic pill on the record itself, findings by severity
The real detail panel - here with AWS, risk reduced from Very High to High via documented measures.
Vendors in Valiido - one portfolio, no second tool.
Inventory, contracts, approval, risk, reassessment - all on one record, mapped to ISO® 27001 A.5.19-A.5.23 and TISAX®. No €20k GRC licence, no second system to reconcile.
One portfolio, every vendor
Hosting, cloud, consulting, hardware, telecom - all in one inventory. Filter by type, status, or risk class.
Definition of Scope
Risk management procedure
Risk assessment
Training concept
Audit program
Contracts and compliance evidence
DPA, SOC 2 reports, ISO certificates on the vendor itself. Compliance description and audit summary, same view.
Risk before and after measures
Normal, high, very high - once before, once after measures. The reduction is on the record, not just the residual.
Approval, contracts, audit - one record
Approval status, security requirements, compliance description, audit references - all on the same vendor. Open, scroll once, evidence found.
Understand the Standards
Assessment and Planning
Documentation and Implementation
Ongoing Compliance
Reassessment cycle on autopilot
Annual review windows per vendor. Anything older than 12 months flips to Assessment overdue on the record itself.

1,200 projects completed700+ satisfied clients
Subcontractor classification
Each vendor carries its own subcontractor risk class - visible on the record, not on a separate list.
Every Monday AuditMagic reads every vendor again.
Each vendor record is checked against three layers: Valiido best practices, ISO® 27001 A.5.19-A.5.23, and the TISAX® supplier controls. On Monday you see what the auditor will ask in November - sorted wrong-first, good-last.
See AuditMagic- Valiido best practices: risk class before & after kept, assessment within 12 months, subcontractor documented.
- ISO® 27001 A.5.19-A.5.23: requirements, sourcing, monitoring, cloud services, agreements.
- TISAX® controls (5.2): Information Security in Supplier Relationships.
Start with Valiido today.
Four steps. The same four the auditor checks.
Inventory, assess, contract, monitor - what your team owns is what the auditor sees. No second tool, no parallel sheet, no translation in between.
Inventory
Add every supplier you depend on. Hosting, cloud, contractors, hardware - one record per vendor, classified by type.
Assess
Classify risk before and after measures. Document subcontractor risk and security requirements. Auditors see the reduction, not just the residual.
Contract
Approve, attach compliance evidence and reference documents. Approval status, DPA and ISO clause references all sit on the same record.
Monitor
Annual review windows are tracked per vendor. Anything older than 12 months flips to Assessment overdue on the record itself - no reminder spreadsheet on the side.
Common questions about the vendor module
How Valiido tracks third-party risk, how the assessment cycle runs, and what reaches the audit.
What an ISMS usually costs.
You can pay consultants, buy template packs, or start from zero. Or you can use Valiido.
Consulting project
€15,000 - 25,000
per project, plus your time
Template pack
€800 - 2,000
plus rewrite work, no updates
Valiido
from €149/month
flat rate, 50 employees included (€124/month billed annually)
Every supplier on the portfolio. Risk before and after.
Hosting, cloud, consulting, hardware, telecom - every supplier on one portfolio, classified before and after measures, with the subcontractor classification on the record. AuditMagic re-checks each record every Monday against Valiido best practices, ISO® 27001 A.5.19-A.5.23 and TISAX®.
Pick a plan, bring your existing vendor list - no setup call, no €20k GRC tool, no reconciliation in the rear-view.
- Vendor module in every plan
- ISO® 27001 A.5.19-A.5.23 + TISAX® references
- AuditMagic re-checks vendors weekly