Provides request/approve flows for vendor access, maps access to BAAs, and enforces time-boxed, least-privilege roles.
Benefits
- Stronger vendor controls
- Better traceability
- Reduced residual risk
Capabilities
- Just-in-time access
- BAA/contract links
- Session logging & revocation
Evaluate and score vendors’ security posture before and during PHI access. Aligns to NIST CSF and HIPAA 164.308 vendor management expectations.
Workflow
- Questionnaire distribution (security, privacy, incident response).
- Evidence upload: SOC 2, HITRUST, ISO, penetration reports.
- Automated scoring with risk banding and mitigation tracking.
Integration
- Link to BAA record; risk score visible in Vendor Governance Portal.
- Renewal reminders and delta comparison from previous year.
Reporting
- Heatmap of vendors by risk category and renewal date.
- Exportable summary for procurement committees.


