Vendor Portal
Your customers assess you. Make it effortless.
Branded customer-facing portal for inbound security assessments. Prospects and customers submit questionnaires, review your compliance posture, and access NDA-gated documents — all without email back-and-forth. Progress tracking for both sides. Reduces procurement cycles by weeks.
What you get
Branded Portal with Custom Domain
Deploy a customer-facing portal on your own domain (e.g., security.yourcompany.eu) with your branding, logo, and colour scheme. The portal presents a professional, consistent security posture to prospects and customers, replacing ad-hoc email exchanges with a structured assessment experience.
Inbound Questionnaire Submission Workflow
Customers and prospects submit security questionnaires directly through the portal in any format — Excel, PDF, or structured JSON. Submitted questionnaires are automatically parsed, deduplicated against your existing answer library, and routed to the appropriate internal reviewers for response.
Progress Tracking for Submitter and Reviewer
Both sides see real-time progress on assessment completion. Submitters track which sections have been answered, which are pending review, and estimated completion dates. Internal reviewers see their response queue prioritised by customer tier and deadline, with SLA tracking for response times.
NDA-Gated Document Access
Share sensitive compliance documents — penetration test reports, SOC 2 reports, architecture diagrams — behind NDA-gated access controls. Customers click-sign an NDA before accessing restricted documents, with access logged and time-limited. Document watermarking deters unauthorised redistribution.
Compliance Assertion Sharing
Publish your compliance assertions (ISO 27001 certified, SOC 2 Type II attested, NIS2 compliant) with supporting evidence references on the portal. Customers can verify your compliance status without requesting individual certificates, reducing repetitive evidence requests by up to 80%.
Analytics and Response Time Tracking
Track metrics including average response time, assessment completion rates, most frequently asked questions, and customer engagement patterns. Analytics identify bottlenecks in the assessment process and highlight which compliance areas generate the most customer scrutiny, enabling proactive improvement.
How it works
Customer Submits Assessment
Customers and prospects access your branded portal and submit their security questionnaire or select a standard assessment template. The portal captures submitter details, assessment scope, and any deadline requirements for SLA tracking.
Portal Notifies Team
Internal teams receive notifications with the submitted assessment routed to the appropriate reviewers based on question topics and customer tier. Questions are matched against the existing answer library, with pre-populated responses for previously answered items.
Respond with AI Assist
Reviewers complete responses with AI assistance from ASK, which suggests answers from the knowledge base and previous responses. Answers are enriched with evidence references and compliance assertion links before being submitted for quality review.
Customer Reviews
Completed responses are published to the portal for customer review. Customers can ask follow-up questions, request additional evidence, or mark the assessment as complete. Both sides retain a full audit trail of the assessment exchange.
Built for your team
Procurement Cycle Acceleration
The sales team uses the vendor portal to eliminate the security assessment bottleneck that delays enterprise deals by 4-8 weeks. When a prospect's procurement team initiates a security review, the portal provides immediate access to compliance assertions, pre-answered common questions, and NDA-gated audit reports. Deals that previously stalled during security review now close weeks faster because the portal provides answers before questions are asked.
Ongoing Customer Assessment Management
Customer Success manages annual security reassessments from existing customers through the portal, replacing the email chaos of scattered questionnaires and document requests. The portal tracks assessment cadence per customer, surfaces upcoming reassessment windows, and pre-populates responses from the previous cycle. Customers appreciate the professional, structured experience and the transparency of progress tracking.
Inbound Security Request Management
The CISO uses portal analytics to understand the volume and nature of inbound security assessments, identify which compliance areas generate the most customer scrutiny, and track team response times against SLA targets. Analytics reveal that 60% of customer questions overlap, enabling the CISO to invest in pre-publishing common answers on the Trust Center and reducing per-assessment response effort.
Supports your compliance stack
Common questions
What branding and customisation options are available?
The vendor portal supports full white-label customisation including custom domain (CNAME), company logo, brand colours, and custom CSS overrides. You control the portal layout, which compliance assertions are displayed, which document categories are available, and the NDA text customers must accept. Email notifications sent from the portal use your domain and branding. The portal is designed to feel like a native extension of your company's digital presence, not a third-party tool.
What questionnaire formats does the portal accept?
The portal accepts security questionnaires in Excel (XLSX/XLS), CSV, PDF, and structured JSON formats. Excel questionnaires are automatically parsed to extract individual questions, which are matched against your answer library for auto-population. PDF questionnaires are processed with AI-assisted extraction to identify questions and response fields. The portal also supports standard assessment frameworks including SIG, CAIQ, VSA, and custom templates that customers can fill in directly through the web interface.
How does SLA tracking work for assessment responses?
Each inbound assessment is assigned an SLA based on customer tier and assessment type — enterprise customers may have a 5-business-day SLA while standard assessments default to 10 business days. The portal tracks elapsed time from submission, monitors progress against SLA targets, and escalates at-risk assessments to team leads. SLA reports show average response times, on-time completion rates, and bottleneck identification by question category. These metrics help organisations continuously improve their security assessment response process.
What is the customer experience like when using the portal?
Customers access a clean, branded interface where they can submit assessments, track progress in real time, access compliance assertions, and download NDA-gated documents. The experience is designed to be self-service where possible — customers can answer their own questions about your compliance posture from published assertions before needing to submit a formal assessment. Progress indicators show which sections are complete, in review, or pending, with estimated completion dates. Customers receive email notifications at key milestones without needing to repeatedly check the portal.
How does the vendor portal integrate with the Trust Center?
The vendor portal and Trust Center serve complementary functions — the Trust Center is your public-facing compliance marketing page for all visitors, while the vendor portal is an authenticated workspace for customers conducting formal security assessments. Compliance assertions published on the Trust Center are automatically available in the vendor portal with deeper evidence access behind NDA gates. Questions answered through the vendor portal can be promoted to Trust Center FAQ sections to reduce future assessment volume. Both share a unified compliance data model ensuring consistency across public and authenticated contexts.
Related features
See Vendor Portal in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.