CYBERRANK
Assessments → Scoring → Monitoring · all in one place

Create an assessment. Score every vendor from AAA to D.

CyberRank turns a 4-question framework, non-invasive scans, and leaked-credential intelligence into a clear security rating, a likelihood-by-impact heat map, and a compliance status you can act on — in hours, not weeks.

Create your first assessmentSee the live dashboard

AAA–D

Rating scale

4

Core questions

Hours

Not weeks

20

Credits / assessment

Acme Cloud Services

Active

Cloud infrastructure · US-East · 3rd-party

Security rating

Improved from A

AA

Strong

Heat-map position

Significant × Likely
SevereSignif.Moder.Minimal
V.unl.Unl.Poss.Lik.V.lik.

Risk profile · 4-question framework

Q1

Data access

Yes

Q2

System access

Yes

Q3

Core operations

No

Q4

Non-core ops

No

Compliance status

Compliant

All required evidence on file

Monitored · continuous

Next reassessment in 3 months

Evidence

ISO 27001Detected
SOC 2 Type IIUploaded
DORAPending review

Live signals

Credential leaks

None detected

Last scan

2 hours ago

Assessed Apr 12 · 18 questions answered · 35% impact weight

Reassessment scheduled · auto

Four questions classify every vendor.

Each vendor’s answers map to two independent dimensions — Access Risk and Business Impact — that drive monitoring, reassessment, and where they land on the heat map.

Q1

Data access

Does the vendor process or store your data — or your customers’ data?

Access Risk

Severe impact when YES

Q2

System access

Does the vendor have access to any of your systems?

Access Risk

Significant impact when YES

Q3

Core operations

Does the vendor influence or affect core business processes?

Business Impact

Moderate impact when YES

Q4

Non-core operations

Does the vendor influence or affect non-core business processes?

Business Impact

Minimal impact when YES

Access Risk · Q1 + Q2

Managed by Monitoring

If a vendor touches your data or systems, continuous monitoring keeps their posture and leaked-credential exposure up to date — so the next breach isn’t a surprise.

Business Impact · Q3 + Q4

Managed by Reassessment

If a vendor affects your operations, periodic reassessment is scheduled, and overdue reviews surface as Action Required in the dashboard.

Build your own

Start from a template, or build from scratch.

Drag in sections, set impact weights, add conditional logic — the canvas writes the questionnaire for you. ISO 27001, SOC 2, and DORA baselines ship in the box.

Open the builderBrowse templates →

Assessment builder

Draft

Question 1 · Yes / No

Does the vendor process or store any of your data?

Q1
If YES → unlock Q1a (data types)
Q2 · System access?
+ Add question

A rating, a position, a status — for every vendor.

Non-invasive scans plus questionnaire signals produce three views security teams actually use: a security rating, a position on the risk heat map, and a compliance status that says exactly what to do next.

Security rating scale

Best to worst
AAA
AA
A
BBB
BB
B
CCC
CC
C
D
ExceptionalWatchlistCritical

Compliant

Risk is being managed — monitoring active or assessment fresh.

Action required

Unmonitored access or overdue reassessment — surfaced as a follow-up.

Not submitted

Vendor has not completed the assessment yet.

Risk heat map

Likelihood × Impact across your vendor portfolio

SevereSignificantModerateMinimal
V. unlikelyUnlikelyPossibleLikelyV. likely
LowMediumHighCritical

Built around what makes vendor risk hard.

Beyond questionnaires, CyberRank brings darknet leak intelligence, certificate detection, and AI-assisted review into the same workspace as your dashboard.

Non-invasive scanning

Deep posture insights without intrusive access — vendors don’t need to install agents or open networks.

Leak detection

Continuously watch the darknet for leaked credentials and PII tied to vendor identities, and trigger rotation when exposure occurs.

Certificate detection

Auto-detect publicly available certificates and accept vendor uploads for ISO 27001, SOC 2, DORA, and NIST evidence.

AI questionnaire automation

Distribute, analyse, and grade vendor responses with AI assistance — turning weeks of review into hours.

Real-time monitoring

Maintain a live view of vendor security posture, with instant notifications when a vendor is breached or drops below baseline.

Alternative vendor suggestions

Benchmark vendors against peers and surface safer alternatives when posture or pricing falls short.

From intake to reassessment — without losing the audit trail.

Hours, not weeks.
01

Create an assessment

Pick a template or build from scratch. Add sections, conditional logic, and tune the impact percentage in the visual questionnaire builder.

02

Collect vendor responses

Send to vendors, track in-flight / completed / expired statuses, and accept secure uploads of ISO, SOC, DORA, and NIST evidence.

03

Score & classify

The 4-question framework classifies each vendor on Access Risk and Business Impact axes, while non-invasive scans drive the AAA–D rating.

04

Act from one dashboard

Monitor compliance status, residency footprint, certification expiry, and follow-up queues — all wired to the same vendor record.

Built for the teams security risk actually touches.

Government, insurance, financial institutions, healthcare, procurement, and SMEs — wherever a third party can introduce risk, CyberRank fits the workflow.

Third-party risk management
Procurement risk assessment
Cyber insurance underwriting
Incident response automation
Regulatory compliance (ISO, PCI, DORA)
Enterprise risk management

Pricing

Flexible, transparent, credit-based.

1 USD = 1 credit. Pay only for what you assess and monitor — no seat licences, no surprise renewals. Minimum first purchase 100 credits, expires after 12 months.

Company Assessment

20credits / company

Security and privacy review, data leak checks, and compliance analysis.

  • Full questionnaire-driven assessment
  • Security rating AAA → D
  • Certificate detection
  • PII & credential leak check
Start an assessment
Most popular

Vendor Monitoring

30credits / month

Continuous updates on vulnerabilities, leaks, and compliance changes.

  • Real-time posture monitoring
  • Instant breach notifications
  • Baseline alerts
  • Rating history tracking
Start an assessment

Enterprise API

500credits / month

Integrate CyberRank into ServiceNow, JIRA, SIEM, and procurement workflows.

  • Unlimited credential leak queries
  • GRC + SIEM + ITSM integrations
  • Procurement workflow hooks
  • Custom baselines & policies
Start an assessment

Individual monitoring also available at 30 credits / year per person · payment via PayPal, Stripe, or bank transfer.

CyberRank.ai

Your first assessment is twenty credits away.

Spin up an assessment, send it to a vendor, and watch the rating, heat-map position, and compliance status appear in your dashboard — automatically.

Create assessmentOpen the dashboard