RiskCheck

A simple, repeatable security review process

RiskCheck gives you a structured workflow for evaluating third-party security risk, from initial assessment to audit-ready evidence.

Start free trial

Add or import entities

Start by adding your vendors, partners, acquisition targets, or any third party that touches your data or systems. Import from a spreadsheet or add them one by one.

  • Vendors and service providers
  • Partners and customers with data access
  • Acquisition targets (security portion)
  • Internal systems if needed
Entities
Import CSV
Add entity
Acme Payments
Added · awaiting questionnaire
Northwind Logistics
Added · awaiting questionnaire
Beacon Analytics
Added · awaiting questionnaire

Answer internal impact questions

Complete a short internal assessment about each entity. These business-friendly questions help RiskCheck understand the potential security impact.

  • Data sensitivity and types
  • Access level and permissions
  • System criticality
  • Substitutability and dependencies
Internal impact
4 questions
Data sensitivity
Quick internal assessment
High
Access level
Quick internal assessment
Admin
System criticality
Quick internal assessment
Core
Substitutability
Quick internal assessment
Low

Receive a risk score and tier

RiskCheck automatically generates a 0–100 security risk score and assigns a tier: Low, Medium, High, or Critical. Each tier drives the depth of questionnaire. You can reuse this scoring approach for your own internal self-assessment, creating one consistent, framework-aligned view of security risk.

  • Clear 0–100 numeric score
  • Risk tier (Low → Critical)
  • Recommended actions
  • Suggested questionnaire depth
Risk score
Auto-scored
78
/ 100
Low
Medium
High
Critical

Send security questionnaires

Send the right security questionnaire via magic link, no login required for recipients. Questions are right-sized based on the risk tier, so you're not over-asking.

  • Magic-link delivery (no login needed)
  • Opinionated, security-first templates
  • Customizable per organization
  • Automatic reminders
Questionnaires
Magic link
Vendor Security (Short)
~10 mins
Send
Vendor Security (Standard)
~20 mins
Send
Vendor Security (Deep)
~35 mins
Send
Delivery status
auto-reminders
Sent
100%
Opened
68%
Completed
42%

Collect answers and documents

Responses, supporting documents, and your decisions are stored in one centralized, searchable location. No more email ping-pong or scattered spreadsheets.

  • Centralized response storage
  • Document uploads (SOC 2, ISO, BAAs, etc.)
  • Decision tracking and notes
  • Version history and audit trail
Evidence vault
Upload
Recent uploads
searchable
SOC 2 Type II.pdf
Document · linked to entity
v1
Security Questionnaire.xlsx
Response · linked to entity
v2
Data Processing Addendum.pdf
Agreement · linked to entity
v3
Notes & decisions
Track approvals, exceptions, and follow-ups in one place.
Approved w/ monitoring#1
Exception requested#2
Follow-up needed#3

Revisit, export, and show evidence

When customers, auditors, insurers, or boards ask about your third-party security process, you have everything ready to export and share.

  • Export-ready reports
  • Audit-friendly format
  • Periodic review reminders
  • Evidence for compliance requests
Reports
Export PDF
Third-party review summary
audit-ready
Key findings
Score
78 (High)
Questionnaire
Standard
Evidence
3 docs
Share: Board
Share: Insurer
Share: Customer

Ready to simplify your security reviews?

Get started with RiskCheck and build a repeatable third-party security process your team can actually follow.

Start free trialView use cases

Frequently Asked Questions