Fair TPRM combines FAIR risk methodology with continuous security monitoring to transform vendor risk from guesswork into data-driven financial decisions.
Purpose-built for organizations that need to connect vendor security posture to financial impact.
FAIR methodology converts vendor risk into Annualized Loss Expectancy (ALE) with recommended cyber insurance coverage, giving leadership numbers they can act on.
Continuous external scanning via UpGuard and Shodan provides real-time security visibility across website, network, email, TLS, and vulnerability categories.
From onboarding through procurement, security assessment, continuous scoring, and annual reviews — every phase is tracked and automated.
SAML 2.0 SSO, TOTP two-factor authentication, role-based permissions, and complete audit logging meet the strictest compliance requirements.
Consolidated action items from expiring certificates, overdue rescores, score drops, annual reviews, and unapproved vendors in one prioritized view.
AES-256-CBC encryption at rest, Argon2id password hashing, CSRF protection, security headers, and encrypted file uploads for assessment documents.
A modern PHP 8.3 application backed by MariaDB with Docker-ready deployment.
Fair TPRM is architected with service layers, singleton patterns, and permission-aware queries to support organizations managing hundreds of vendor relationships.
Four built-in groups cover common organizational structures out of the box.
| Group | Access Level | Typical Users |
|---|---|---|
| Administrator | Full System Access | IT Security leadership, system admins |
| Cyber TPRM | All TPRM Operations | Security analysts, risk managers |
| Procurement | Vendor & Analysis Access | Procurement team, vendor managers |
| Stakeholder | Own/Assigned Vendors | Business unit owners, project leads |
Explore the core capabilities that make Fair TPRM the data-driven approach to third-party risk management.