RiskXchange
Platform · Smart assessments

Assessments that pre-populate themselves.

ARIA reads the vendor's evidence — SOC 2, ISO 27001, trust centre, policies — and pre-fills 70%+ of the questionnaire from what's already there. Your team reviews structured output instead of chasing answers.

The reality

The numbers your team already knows.

Vendor assessments are the single biggest time-sink in TPRM, and the answers — when you finally get them — are usually re-keyed from documents the vendor already had.

4-6 weeks
Average time to complete a vendor security questionnaire
Industry average
~62%
Of analyst time spent on questionnaire chasing and review
Industry estimate
157
Universal Controls every vendor is mapped against
The agents that drive this

ARIA pre-fills. NOVA chases. REX cross-checks.

Smart Assessments is the combined-signal model — document intelligence from ARIA, the vendor relationship from NOVA, and external scan evidence from REX, all on the same questionnaire.

ARIA avatar
ARIA
Assessment & Risk Intelligence

The questionnaire is mostly written before the vendor sees it. ARIA reads SOC 2 reports, ISO certs, trust centres and policies — then pre-fills 70%+ of every questionnaire against the 157 Universal Controls.

What you get
  • Questionnaire Pre-Populator — auto-fills from existing evidence
  • Document Classifier — routes uploads to the right control
  • Trust Centre Parser — vendor portals mapped to the RX framework
NOVA avatar
NOVA
Vendor Relationship Manager

The chase is automated, on three channels. NOVA owns vendor outreach across email, WhatsApp and in-app chat — chasing outstanding answers, redirecting when contacts leave, escalating when they're late.

What you get
  • Vendor Chaser — automated nudges across three channels
  • Detects contact churn and re-routes onboarding
  • Customer can join any conversation — multi-party model
REX avatar
REX
Risk & Breach Intelligence

What the vendor says, checked against what we can see. REX cross-validates self-attested answers against external scan data and public records — so vendor contradictions surface before you sign.

What you get
  • Outside-in scan evidence joined to questionnaire answers
  • Vendor Business Risk Analyst — Companies House, sanctions, court records
  • Combined-signal analysis with ARIA on every assessment
What changes

From questionnaire chase to evidence review.

The work shifts from collection to interpretation. Your analysts review structured output and judge edge cases — they stop being mail-merge.

Pre-fill before the vendor types

ARIA pre-populates from documents the vendor has already shared. The vendor confirms or amends, instead of starting from blank.

NOVA owns the follow-up

Your team stops writing chase emails. NOVA tracks who replied, who went silent, and who left the company — and acts accordingly.

Contradictions surface automatically

When a vendor's answer disagrees with their SOC 2 or with REX's external scan, ARIA's Response Validator flags it before you read the response.

Audit-ready evidence by default

Every answer links to its source — the document, the scan, the trust centre. When auditors arrive, the trail is composed.

We retired our questionnaire-chasing analyst function entirely. ARIA pre-fills, NOVA chases, REX cross-checks. The team is finally judging risk instead of formatting it.

SC
Director of TPRM
Top-10 European insurer

See it on your vendors.

Book a 30-minute call and we'll have NOVA, ARIA and REX produce a complete posture report on one of your live vendors inside 24 hours.