The Vendor Assessment Auto-Grader is a web-based tool that accepts uploaded vendor security questionnaires and evaluates them against established cybersecurity frameworks to produce risk grades. **Supported File Formats:** Users can upload questionnaires in TXT, CSV, PDF, or XLSX formats. The tool processes the uploaded content in real-time and returns results immediately without storing any data on its servers. **Framework Coverage:** The tool evaluates submissions across three major security frameworks: - CIS Controls v8 — covering 18 critical security controls across Basic, Foundational, and Organizational implementation groups - ISO 27001:2022 — assessing 93 Annex A controls across Organizational, People, Physical, and Technological categories - NIST Cybersecurity Framework — evaluating 5 core functions (Identify, Protect, Detect, Respond, Recover) with 23 categories **Privacy and Data Handling:** Questionnaire data is analyzed in real-time and not retained on RiskImmune's servers. The tool uses OpenAI with a zero data retention configuration, meaning submitted data is not saved and not used for AI model training. Results are discarded at the end of each session. **Output:** The tool returns an AI-generated risk grade based on the content of the submitted questionnaire, reflecting how well a vendor's security posture aligns with the analyzed frameworks.