Frequently Asked Questions

VendorSoluce is a vendor risk and supply-chain assurance workflow platform that helps organizations manage vendor intake, evidence capture, risk decisions, and compliance tracking. It provides tools for vendor risk assessment, SBOM analysis, and NIST SP 800-161 compliance assessments.

Procurement, security, compliance, and vendor management teams that need defensible third-party decisions. Organizations managing supply chain risk, using the Vendor Exposure Radar for vendor intake and analysis, and ensuring compliance with frameworks like NIST SP 800-161, CMMC, and SOC 2.

Most customers can begin using the platform within a day. Our onboarding process includes guidance and the platform is designed for straightforward setup. You can start with a 14-day free trial with full Professional tier access - no credit card required.

Yes! VendorSoluce is fully responsive and works on mobile devices. You can access all core features including vendor management, assessments, SBOM analysis, and reports. Native mobile apps are planned for iOS and Android.

No. VendorSoluce is designed to link claims to evidence and track follow-ups and remediation. You can upload evidence files, conduct framework-based assessments, analyze SBOM files, and generate compliance reports with actionable recommendations.

You can export Vendor Exposure Radar reports, SBOM analysis results, compliance scoring reports, Vendor Risk Platform summaries, and evidence inventories. Export formats include PDF, Excel, CSV, and JSON, depending on your subscription tier. Reports can be customized with your company branding and include executive summaries.

VendorSoluce supports all major SBOM formats including SPDX (JSON, XML, RDF), CycloneDX (JSON, XML), and can also process plain text component lists. You can upload .spdx, .json, .xml, and .yaml files.

A complete supply chain assessment typically takes 15-20 minutes to complete. It includes 24 questions across 6 domains: Governance, Supplier Management, Product Security, Incident Response, Information Sharing, and Continuous Monitoring. Your progress is automatically saved, so you can pause and resume at any time.

SBOM vulnerability results show: Critical vulnerabilities (immediate action needed), High vulnerabilities (address within 30 days), Medium/Low vulnerabilities (address in next update cycle). Results include CVE details, affected components, and remediation recommendations to help you prioritize and address security issues.

Risk scores range from 0-100 with color-coded levels: Green (0-25) = Low Risk, Yellow (26-50) = Medium Risk, Orange (51-75) = High Risk, Red (76-100) = Critical Risk. Scores are calculated based on data access, criticality, security controls, compliance, and system exposure.

VendorSoluce provides assessment templates, controls mapping, and risk scoring that aligns with NIST SP 800-161 requirements, making it easier for organizations to implement and document their supply chain risk management program. The platform helps you track compliance across all required domains and generate audit-ready reports.

NIST SP 800-161 is the Cybersecurity Supply Chain Risk Management (C-SCRM) framework. It provides guidelines for managing cybersecurity risks in supply chains and is required for federal agencies and contractors. It covers governance, supplier management, and continuous monitoring.

VendorSoluce implements security measures designed to support SOC 2 Type II and FedRAMP Moderate requirements. We use industry-standard security practices to protect your data, including encryption at rest and in transit, regular security audits, and access controls.

Yes, VendorSoluce offers API integrations with major GRC platforms including ServiceNow, RSA Archer, MetricStream, and more. Our integration guides provide step-by-step instructions. API access is available on Professional and Enterprise plans.

VendorSoluce supports role-based access control with roles like Admin (full access), Manager (vendor and assessment management), Analyst (view and analyze data), and Viewer (read-only access). Permissions can be customized based on your organization's needs.

To export reports: 1) Navigate to the report section, 2) Select the data you want to include, 3) Choose format (PDF, Excel, CSV, JSON), 4) Click "Export" button. Reports can be customized with your company branding and include executive summaries.

Yes, we offer professional services for customers who need help with implementation, customization, or creating custom assessment templates for specific industries or compliance requirements. Contact our sales team to discuss your needs.

VendorSoluce provides risk scoring and compliance assessment tools that help you identify gaps and make informed decisions. While explicit exception tracking with rationale and expiry is planned for future releases, you can currently document risk acceptance decisions in assessment notes and track remediation through the assessment workflow.

Yes! You can upgrade or downgrade your plan at any time. Changes are prorated, so you only pay the difference for the remaining billing period.

We support NIST SP 800-161, CMMC 2.0, SOC2 Type II, ISO 27001, FedRAMP, and FISMA. Different plans include different frameworks - check the features comparison on the pricing page.

Annual billing offers a 20% discount compared to monthly billing. You'll be charged once per year and can cancel anytime. Changes to your plan are prorated.

Starter plans include email support. Professional plans get priority support. Enterprise and Federal plans include 24/7 dedicated support and account managers. You can contact support through in-app chat, email (support@vendorsoluce.com), support tickets, or phone (for Enterprise customers).

Vendor Risk Assessments and the Due Diligence Portal are part of VendorSoluce at www.portal.vendorsoluce.com. VendorSoluce covers supply chain risk assessment, SBOM analysis, vendor risk monitoring, and the vendor assessment portal under one project and branding. A future standalone product (VendorTal) may be offered later. Contact sales for integration options.