SCOUT / FEATURES

Every feature, in detail.

Scout is the TPRM platform that does the work alongside your team. Here's exactly how each part fits.

▲ THE ANALYST

Archer.

A built-in AI analyst that understands security. Document intelligence, thirty-plus specialized tools, and approval gates on every write action. Archer proposes; your team approves; the audit trail records everything.

SOC 2, ISO 27001, and pen-test reports parsed automatically. Controls extracted, exceptions flagged, findings mapped.

Vendor investigation, finding creation, risk scoring, policy analysis, and security alert triage: all in one analyst.

Discovery first, action second. Every state-changing operation requires explicit human approval.

▲ ONBOARD

Add a vendor in 60 seconds.

Enter a website URL. The Trust Network fills in what it knows. Three steps to a tracked vendor.

Domain auto-discovery: known certifications, public security signals, and Trust Network profile data populate automatically.

Three-step flow: vendor identity, technical connection metadata, criticality classification.

Sub-processor relationships extracted from existing documents and inherited from the network.

▲ ASSESS

Every assessment, AI-analyzed.

When a vendor returns an assessment, Archer reviews it. Strengths surfaced, gaps flagged, next steps recommended. Upload a SOC 2 and the controls extract automatically.

Standard frameworks supported: SIG, CAIQ, SOC 2 mappings, ISO 27001, NIST CSF, custom questionnaires.

Document upload extracts controls, identifies missing or expired certifications, summarizes scope.

Findings auto-routed to severity-tagged remediation queues with assignees and due dates.

▲ ANALYZE

See the risk beneath the risk.

Sub-processor dependencies mapped. Concentration risk visible before it bites. Cascade impact modeled when a critical fourth or fifth party goes down.

Multi-tier vendor graph: customers see fourth and fifth-party exposure, not just direct vendors.

Concentration scoring: identifies overdependence on single providers, regions, or technology stacks.

Cascade modeling: simulate downstream impact of a vendor outage or compromise.

▲ CONNECT

Map every vendor touchpoint.

Visualize how vendors connect to your environment. API integrations, SSO, agent-level access, direct database connections. The real attack surface, finally visible.

Connection types tracked: API, SSO/IdP federation, network tunnels, on-host agents, direct database.

Data sensitivity classified per connection: customer PII, internal financial, source code, all at-a-glance.

Approved vs unapproved: shadow-IT detection surfaces vendors with environment access that procurement never approved.

▲ MONITOR

Continuous external posture tracking.

SSL configurations, exposed ports, dark-web mentions, CVEs, breach history. Tracked across fifteen security signals with alerts when scores change.

External attack surface: certificates, headers, DNS, exposed services, technology fingerprinting.

Threat indicators: dark-web exposure, breach databases, leaked credentials, mention monitoring.

Score change alerts: not just point-in-time, but real-time notifications when posture degrades.

▲ REPORT

Board-ready in one click.

Executive summaries, vendor detail, posture scores, finding resolution, compliance status. Everything the board, the auditor, and the GP need in one view.

Pre-built reports: portfolio risk dashboard, executive summary, vendor deep-dive, compliance posture.

Custom reports: filter by criticality, region, business unit, or any custom dimension.

Audit-ready trail: every assessment, finding, decision, and approval recorded with timestamps.

▲ THE TRUST NETWORK

Vendors fill it in once. Every customer benefits.

A shared layer of vendor intelligence that gets richer with every interaction. Vendors maintain their security profile in Scout's Trust Network. Customers get up to 70 to 85% of new assessments pre-filled from that shared profile. The questionnaire cycle ends.

▲ INTEGRATIONS

Built for the tools your team already runs.

Sign in with the identity provider you already trust. Get alerts where your team already talks. Push remediation work into the ticketing system that already owns it. Scout fits the stack, not the other way around.