Most TPRM programs scatter the vendor lifecycle across onboarding forms, questionnaire tools, scanning consoles, and calendar reminders. Fair TPRM handles every phase in one system — from intake to annual review, tracked, automated, and audited.
Six phases, one platform. No context switching between tools, no manual hand-offs, no vendors slipping through the cracks.
Structured intake form captures vendor metadata, data security questions, and FAIR analysis inputs. Autosave via AJAX prevents data loss. Stakeholders are assigned as owners, reviewers, or observers.
Template-driven questionnaires are sent to vendors via secure UUID links — no account required. ISO 27001 and Tier 2 templates included out of the box. All file uploads are encrypted at rest.
Risk analysts run the built-in calculator, implementing the FAIR™ risk taxonomy developed by the FAIR Institute, to produce ALE figures. Assessment submission auto-creates a draft FAIR analysis, pre-populating data from the vendor's security responses.
Once approved, vendors enter tier-based SRS monitoring via built-in API integrations with UpGuard and Shodan. Scores are tracked over time. Score drops and overdue rescores surface in the Cyber Todo dashboard.
Reviews are scheduled one year from vendor approval. Email reminders fire at 30 days, on due date, and every 7 days when overdue. Stakeholders complete a structured review form.
The Cyber Todo dashboard aggregates action items: expiring certificates, overdue rescores, score drops, unapproved vendors, and custom tasks into one prioritized view.
No separate intake tool required. The onboarding form is the entry point for every vendor relationship, and data entered here flows directly into FAIR analysis, SRS monitoring, and assessment workflows — because it's all one system.
No third-party questionnaire tool needed. Vendors complete security assessments through built-in public-facing forms accessed via unique UUID links. Submissions auto-create draft FAIR analyses and trigger SRS scoring — all within the same platform.
No calendar reminders or separate ticketing system needed. Fair TPRM schedules reviews automatically one year from vendor approval, with a built-in three-tier email reminder system that prevents anything from falling through the cracks.
Every feature is built with security-first design principles, protecting data with the strongest encryption available today.
Enterprise IdP support for Okta, Microsoft Entra ID, and other SAML providers. Group mapping syncs IdP groups to local ACL roles automatically on login.
RFC 6238 time-based one-time passwords compatible with Google Authenticator and Authy. QR code enrollment makes setup simple for end users.
Every action is logged with user ID, action type, affected record, old/new values, IP address, and user agent. Full accountability for compliance audits.
Super admins can "View As" another user for troubleshooting. Original session is preserved, amber banner is displayed, and all actions are audit logged.
Fair TPRM applies the highest level of encryption at every layer. Sensitive data is encrypted at rest using AES-256-CBC, while all data in transit is secured with TLS 1.3 supporting post-quantum resistant key exchange and the latest cipher suites and algorithms. Your vendor risk data is protected against both today's threats and tomorrow's quantum computing capabilities.
Host Fair TPRM on-premises in your own data center for full control, or let us host and manage the platform for you.
Deploy Fair TPRM in your own data center or private cloud. Your data never leaves your infrastructure, giving you complete control over security, compliance, and network policies. Ships with Docker Compose for instant deployment or installs on any Apache + PHP 8.3 server.
Let Fair TPRM handle the infrastructure. We host, maintain, and update the platform so your team can focus on managing vendor risk instead of managing servers. Includes monitoring, backups, and guaranteed uptime.
For organizations that require data sovereignty or have strict compliance requirements, Fair TPRM deploys entirely within your own infrastructure. No external dependencies, no data leaving your network — just a self-contained platform under your full control.
Not every organization wants to manage infrastructure. With managed hosting, Fair TPRM runs the platform for you — deployed, monitored, backed up, and updated — so your team stays focused on vendor risk, not server administration.
Deploy on-premises for full data sovereignty or let us host it for you. Either way, you get the same unified platform with zero compromises.