Third-Party Risk Management Platform

Know the risk in
every supplier
relationship

Guardian TPRM gives compliance, procurement, and risk teams a single platform to onboard, assess, monitor, and report on every third-party supplier — with native support for ISO 27001, NDPA 2023, CBN, PCI DSS v4.0, and 9 more frameworks.

Request a demo See the platform
Frameworks ISO 27001 NDPA 2023 CBN PCI DSS v4 ISO 9001
Supplier risk lifecycle — live view
Supplier onboarded
SecureNet Solutions · Critical tier · Score 78
Complete
Risk tiered & classified
ISO 27001 A.5.19 · 5-dimension assessment
Critical tier assigned
📋
Questionnaire dispatched
Full onboarding suite · 34 questions · Sent via portal
Awaiting response
Gap analysis & CAP
3 gaps identified · PDF generated · Actions raised
Pending response
📄
Evidence uploaded
ISO 27001 cert · SOC 2 report · DPA signed
Pending response
📊
Continuous monitoring
SLA tracking · Cert expiry alerts · 6-month review
Scheduled
13
Compliance frameworks
360°
Supplier visibility
4 tiers
Risk classification
100%
Data isolation per client
Audit trail retention
Platform features

Everything your team needs
to manage third-party risk

From initial supplier onboarding to ongoing monitoring and regulatory reporting — Guardian TPRM covers the full lifecycle.

🎯
Intelligent risk tiering
Automatically classify every supplier as Critical, High, Medium, or Low risk across five weighted dimensions — data exposure, operational criticality, financial impact, supply chain depth, and geopolitical risk.
ISO 31000 ISO 27001 A.5.19 CBN RCSF
📋
Tier-adaptive questionnaires
Eight questionnaire types that automatically scale in depth based on supplier risk tier. Critical suppliers receive a 34-question full suite; Low-risk suppliers get a lightweight 10-question lite form.
ISO 27001 NDPA 2023 PCI DSS 12.8
🔗
Supplier self-service portal
Suppliers receive a unique, token-based link to complete questionnaires and upload compliance evidence — ISO certificates, SOC 2 reports, DPAs, pen test summaries — without creating an account.
ISO 27001 A.5.20 GDPR Art.28
Gap analysis & CAP generation
Automatically analyse supplier responses against framework requirements. Generate a board-ready Corrective Action Plan as a PDF with specific control references, priorities, and target dates — in one click.
ISO 9001 Cl.10.2 ISO 27001 NDPA 2023
📄
Contract & SLA management
Centralise all supplier contracts with key clause tracking, expiry alerts, and renewal workflows. Monitor SLA performance in real time and issue formal breach notices directly from the platform.
ISO 9001 Cl.8.4 CBN Outsourcing
📊
Supplier risk register
Generate configurable board-ready reports covering the full supplier register, certification status, SLA performance, open actions, and regulatory framework mapping — as PDF or Excel.
ISO 31000 Cl.6.4 CBN RCSF PCI DSS 12.8.1
🔒
Evidence vault
Secure, centralised storage for all supplier compliance documents. Each certificate is tracked with expiry dates and scope assessments — automatically flagging when a cert no longer covers the engagement.
ISO 27001 A.5.20 PCI DSS Req.12.8.4
👥
Role-based access control
Three role levels — Administrator, CISO/Procurement, and Analyst — with granular permission control. Analysts see only their assigned suppliers. All actions logged to an immutable audit trail.
ISO 27001 A.9.2 NDPA 2023 CBN
✉️
Automated notifications
Branded email alerts for questionnaire dispatch, overdue responses, certificate expiry, contract renewal, and corrective action assignments — keeping your team and suppliers aligned without manual chasing.
ISO 9001 Cl.7.4 ISO 27001 A.5.24
How it works

From onboarding to board report
in six steps

Guardian TPRM structures the entire third-party risk lifecycle — so nothing falls through the gaps and every decision is audit-ready.

1
Onboard supplier
Capture service description, system access, PII determination, and certifications through a structured 7-step wizard.
2
Classify risk tier
Score across five ISO-mapped dimensions. Six automatic upgrade triggers apply — sole source, prior breach, high spend, and more.
3
Dispatch questionnaire
The right questionnaire for the tier is sent automatically. Suppliers complete it via a secure portal — no account required.
4
Analyse responses
Review actual supplier answers. Gaps are automatically identified against framework controls and a CAP is generated in one click.
5
Monitor & track
SLA performance, certificate expiry, contract renewals, and corrective actions are tracked continuously with automated alerts.
6
Report to board
Generate a configurable supplier risk register — PDF for the board, Excel for operational teams — on demand, any period.
Compliance coverage

Built for your regulatory
environment

Guardian TPRM maps every questionnaire, risk criterion, and corrective action to the specific clause or control that requires it — so your evidence is always audit-ready.

ISO 27001:2022
International
ISO 9001:2015
International
ISO 31000:2018
International
ISO 28000:2022
International
PCI DSS v4.0
Global — Payment card
SOC 2 Type II
US / Global
NDPA 2023
Nigeria
CBN RCSF
Nigeria — Financial sector
CBN Open Banking
Nigeria — Fintech
UK GDPR
United Kingdom
EU GDPR
European Union
POPIA
South Africa
DPA Kenya
Kenya
Case studies

Results our clients achieve

How organisations use Guardian TPRM to reduce third-party risk exposure and satisfy regulatory obligations.

Financial services · Nigeria
"We went from spreadsheets to a fully auditable TPRM programme in under 30 days. The CBN and NDPA mapping alone saved us weeks of manual work."
87%
Reduction in manual effort
120
Suppliers onboarded
100%
CBN audit readiness
Head of Third-Party Risk
Tier 2 Commercial Bank · Lagos
Professional services · UK
"The tier-adaptive questionnaires mean our Critical suppliers get rigorous assessment while Low-risk vendors get a proportionate process. It's exactly how ISO 27001 intends it."
34
Days to ISO 27001 audit
0
Major nonconformities
4.2×
Faster supplier review
CISO
Management Consultancy · London
Fintech · Pan-African
"The supplier portal changed everything. Our vendors now submit evidence directly into the platform. No more chasing emails, no more version control nightmares."
65%
Faster questionnaire turnaround
48h
Average supplier response time
100%
Evidence centralised
Chief Risk Officer
Pan-African Payments Platform
About Guardian TPRM

Built by compliance professionals, for compliance professionals

Guardian TPRM was built by ISO consultants who spent years running third-party risk programmes manually — in spreadsheets, email threads, and disconnected tools. We built what we wished existed.

Every questionnaire, every risk criterion, every corrective action template maps to a real framework clause. Not generic compliance theatre — precise, auditable, defensible.

🎯
Framework-first design
Every feature is grounded in a specific regulatory requirement. We do not add complexity for its own sake.
🌍
Built for Africa and beyond
Native support for NDPA 2023, CBN, POPIA, and DPA Kenya — alongside the global standards your enterprise clients require.
🔒
Data isolation guaranteed
Every client's data is isolated at the database level using row-level security. No shared tables, no data leakage — ever.
Guardian GRC family
Part of the Guardian compliance platform suite
Guardian TPRM
Third-party & supplier risk management
Guardian GRC
AI-powered GRC for Africa's regulatory landscape
13
Frameworks
8
Questionnaire types
4
Risk tiers
100%
Audit ready
Get started
See Guardian TPRM in action
Request a personalised demo with your frameworks, your supplier scenarios, and your team's questions.
No credit card required · 30-minute demo · Same-week availability
Contact us

Request a demo

Tell us about your organisation and we will arrange a personalised walkthrough of Guardian TPRM — tailored to your regulatory context and supplier portfolio.

✉️
Email
hello@guardian-tprm.com
🌍
Coverage
UK · Nigeria · South Africa · Kenya · Global
Response time
Within 1 business day
Demo request sent — we will be in touch within 1 business day