Skip to main content
VendexLabs turns a scattered vendor program into a single, always-current system of record. This page explains the main building blocks and how they connect, so the rest of the documentation makes sense.

The model in one picture

1

You maintain a list of vendors

Everything starts with your vendor list — the third parties your organization depends on. You add vendors from a shared catalog or import them from a spreadsheet. See Vendors & products.
2

VendexLabs enriches and scores each vendor

For every vendor, VendexLabs gathers public evidence and produces a risk posture: an aggregate score across five trust domains, plus a recommendation. See Risk scoring.
3

You add context with a dependency tier

You tell VendexLabs how critical each vendor is with a dependency tier. Tiers weight how much each vendor moves your overall portfolio posture. See Dependency tiers.
4

You record a decision in an assessment

An assessment captures your review: business context, data collected, compliance notes, evidence, and an approval status. See Assessments.
5

VendexLabs keeps watch

Once a vendor is tracked, VendexLabs monitors public sources for incidents and surfaces them in Recent Events, and it snapshots your posture over time so you can see trends.

Key terms

Vendor
global entity
A third-party company (e.g. 1Password, AWS). Vendors are shared across VendexLabs; your account references them through your vendor list.
Vendor profile
enriched data
The researched dossier for a vendor: company details, security and privacy posture, breach history, and scores. Generated automatically and refreshed over time.
Product
optional
A specific offering from a vendor (e.g. “Autonomous Endpoint Management” from Automox). Vendors can have one or more products, each tracked separately on a list.
Vendor list
per organization
Your organization’s set of tracked vendors. The default list is called master-list. Membership on a list carries the vendor’s dependency tier and alert settings.
Dependency tier
Core | Standard | Minimal
How critical a vendor is to your operations. Tiers weight each vendor’s contribution to your portfolio posture.
Assessment
your decision
The record of your review of a vendor: context, data handling, compliance status, evidence, and approval decision — with a full audit log.
Portfolio posture
tier-weighted score
The tier-weighted average of your vendors’ latest scores — a single number for the health of your whole program.

How the pieces relate

  • A vendor can appear on many organizations’ lists, but each organization keeps its own dependency tier, assessment, and alert settings for that vendor.
  • The risk score comes from public evidence about the vendor and is the same underlying research everywhere; the recommendation is sharpened by your integration depth.
  • Your portfolio posture is derived from the latest scores of the vendors on your list, weighted by tier.

Ready to try it

Follow the Quickstart to add a vendor, review its posture, and record a decision.