CyberVadis Evidence-Based Risk Assessment is a third-party cyber risk assessment platform that evaluates vendor cybersecurity posture through a structured, documentation-backed methodology. Vendors are onboarded into the assessment program and required to complete a questionnaire and submit supporting documentation (e.g., policies, risk management reports, access control evidence). CyberVadis experts remotely review the submitted responses and evidence — no on-site audits are conducted. The methodology is aligned with globally recognized frameworks and regulations including ISO 27001, NIST Cybersecurity Framework, GDPR, PCI DSS, DORA, and NIS2. Assessment outputs include: - A detailed vendor scorecard covering ISMS maturity, implemented controls, and aggregated scores - A collaborative improvement plan with prioritized, actionable remediation items tailored to the vendor's profile - An organization-specific risk level derived from each vendor's maturity results, calibrated against the client's relationship with the vendor and their defined risk thresholds Vendors can share their scorecards with clients and partners. Improvement plans can be filtered by regulatory topic (e.g., NIS2 requirements) and tracked over time within the platform. The platform is hosted on Microsoft Azure data centers within the EU and is ISO/IEC 27001 certified and GDPR compliant. Evidence submitted by vendors is used solely for evaluation purposes, with access by third parties requiring explicit vendor approval.