TrustCollector

TrustCollector fetches and analyses publicly available security information for each vendor in your registry: trust centre pages, security posture statements, certification listings, and subprocessor disclosures. Each scan produces a structured snapshot covering completeness score, certification count, and subprocessors found.

• Scans vendor trust centres and public security pages
• Extracts certifications, subprocessors, and posture signals
• Calculates a completeness score per vendor profile

Between scans, TrustCollector compares the latest vendor profile against the previous snapshot. Any meaningful change, such as a certification dropped or added, a new subprocessor appearing, or a significant shift in stated posture, generates a drift alert that your team can review and acknowledge.

• Compares every new scan to the previous snapshot
• Generates alerts for certification changes and new subprocessors
• Acknowledge alerts to confirm review and clear the flag

For every vendor, TrustCollector tracks the list of disclosed subprocessors, which are the third parties your vendors rely on to deliver their service. When a subprocessor is added or removed, a drift event is raised. This gives your team a clear picture of the fourth-party risk landscape without manual monitoring.

• Tracks subprocessors per vendor with names and purposes
• Alerts when subprocessors are added or removed
• Supports GDPR and supply chain risk documentation

An interactive network diagram visualises your organisation's vendor relationships, including subprocessors, and shows risk tiers at a glance. When the scanned data needs a correction or supplementary note, manual overrides let your team record their own assessment alongside the automated scan result.

• Visual diagram of org → vendors → subprocessors with risk tiers
• Manual overrides for field corrections and additional notes
• Override history preserved alongside automated scan data