Vendor Risk Management Platform

Certify vendors, reduce risk, and earn rewards — at no cost to your company.

You set the requirements. Vendors pay a certification fee to get approved. CompliScan collects, reads, grades, tracks, and renews every relevant document — and credits your organization rewards on every certification.

Calculate Rewards How Vendors Get Certified

Rewards calculator

How many vendors does your company work with?

vendors

Maximum annual rewards

$296,375

250 vendors × up to $1,185.50 per certified vendor, every year.

Maximum estimate: full-scope certification across all 14 requirement categories at top-of-range pricing, renewed annually. Rewards accrue as points (1 pt = $1) the moment a vendor pays — 10% of the base fee, 10% of each requirement's floor price, and 50% of everything you price above the floor.

Get your company-specific number

Actual rewards depend on the requirements you choose and how you price them. Tell us about your vendor program and we'll model it precisely.

How it works

Compliance that funds itself — and then some.

You set the requirements

Insurance, licensing, tax forms, safety policies, cybersecurity documents, custom forms — packaged into certifications with required and optional evidence per vendor type.

Vendors pay to certify

Vendors onboard from your invite link, upload documents, complete your forms, and pay the certification fee. Your company pays nothing.

The platform does the work

Every document is read and converted to structured data, your rules grade it automatically, and collection, review, tracking, and renewal run continuously.

Your company earns rewards

Every certification credits your organization's ledger — turning vendor compliance from an administrative burden into a net benefit.

Inside the platform

Not a checklist app. A compliance engine.

Every account ships with a complete compliance program — a criteria catalog, an automated document-data pipeline, a programmable grading engine, and a live verification layer.

Visual rules engine

Program pass/fail logic. No code.

Build grading rules one clause at a time: check coverage minimums, validate expiration dates, compare text — and set per-vendor values that fill in automatically when each document is graded. The same engine runs live in the reviewer's browser and authoritatively on save, and one click applies its findings to the whole submission.

30+ type-aware operators · all/any/none logic · fail / flag / pass outcomes

Conditional requirement · Certificate of Insurance

If ALLANYNONE of the following are true

              Each-occurrence limit
              is at least
              $1,000,000
            

              Policy expiration date
              is
              not expired
            

              Certificate holder
              contains
              {vendor.profile.company_name}
            

then PASS the requirement otherwise FAIL

"If the each-occurrence limit is below $1,000,000, the policy is expired, or the certificate holder doesn't name your company — this item fails automatically."

Document review · ACORD-25_Northwind.pdf

CERTIFICATE OF LIABILITY INSURANCE

Data capture complete

Named insuredNorthwind Facilities Group

Each occurrence$2,000,000

General aggregate$4,000,000

Policy expiration2027-03-12

Certificate holderAcme Corp

Reviewer edits always win — automated values never overwrite a human-confirmed one.

Document intelligence

Every upload becomes structured data.

Each document type carries its own extraction schema, custom built based on your specific criteria — one typed, constrained field per data point you care about. COIs, W-9s, SOC 2 reports, licenses, and policies arrive as graded data, not PDFs to re-read.

Start with: 126 document types · 377 extraction fields · Add/Remove as needed

Review & grading workspace

We do the work. You keep control.

CompliScan reviews every submission — new documents, missing info, waiver requests — so your team doesn't have to. But nothing is a black box: open any vendor to see the rule-by-rule verdict behind every grade, and take over any decision manually whenever you choose. Every action, ours or yours, lands in a permanent audit log.

Review queue · Assigned to me

Northwind Facilities Group NEW SUBMISSION HIGH RISK

Certificate of InsurancePASS · 3/3 RULES

IRS Form W-9PASS · 2/2 RULES

!Cybersecurity assessmentFLAG · MANUAL REVIEW

Meridian Software Ltd. WAIVER REQUEST MEDIUM

Carter Logistics Inc. MISSING INFO LOW

CERTIFICATE OF COMPLIANCE VERIFIED LIVE

Northwind Facilities Group

High-Risk Vendor Certification

Issued2026-03-12

Expires2027-03-12

Issuing organizationAcme Corp

Status checked against the database at view time — never a stale PDF.

Public certificates

Verification that can't go stale.

Every issued certification gets a shareable certificate with a QR code and a verification URL. Verdicts are computed live at view time: an expired certification shows expired instantly, and anything within 30 days of expiry shows amber — no login required to check.

Enterprise depth

Everything underneath, already built.

PRICING

Client-set pricing

Per-requirement fee sliders with a live console showing the certification price — and the rewards you'll earn on it.

REWARDS

Double-entry ledger

Idempotent credits the moment a vendor pays, redeemable for gift cards or cash at 1 point = $1.

REPORTS

Reports engine

Six standard reports with CSV, native XLSX, and paginated PDF export — scheduled and emailed on cadence.

AUDIT

Append-only audit log

Every decision, document, payment, and credit — actor, action, object, timestamp. Tamper-evident and exportable.

ACCESS

Roles & permissions

Seven system roles plus custom roles, a permission matrix, and per-page access control.

WAIVERS

Waiver workflow

Vendor-requested or client-granted, time-boxed, synced to both portals and the review queue.

LOCATIONS

Location authorization

Model your facilities, authorize vendors per site, and report compliance by location.

API

API & webhooks

Live/test API keys and HMAC-signed webhooks for certification, document, waiver, and reward events.

For your vendors

A credential worth paying for.

Vendors get a guided, self-service portal — a clear checklist of exactly what you require, not paperwork dumped in an inbox.

01 · INVITE

Personal invites, bulk CSV import, or one reusable onboarding link per certification.

02 · SUBMIT

Vendors upload documents and complete your forms against a live checklist of your exact requirements.

03 · PAY

The certification fee is paid by card before review begins — this is what funds your rewards.

04 · REVIEW

CompliScan grades every submission against your rules; you can review or override any verdict.

05 · CERTIFIED

A live, QR-verifiable certificate — with renewals tracked and reminded automatically.

FAQ

Questions clients ask us.

Does my company really pay nothing?

Correct. Vendors pay a certification fee to complete the approval process — that fee funds the platform, the review work, and your rewards. No software fees, no seats, no setup cost.

How exactly are rewards calculated?

When a vendor pays, your ledger is credited 10% of the base fee, plus — per requirement — 10% of that requirement's floor price and 50% of everything you priced above the floor. Points are worth $1 each and redeem for gift cards from leading brands. A full-scope certification at top-of-range pricing earns up to $1,185.50 per vendor per year.

What can we require from vendors?

Anything your risk program calls for: insurance certificates, licenses, W-9s, safety policies, cybersecurity assessments, SOC 2 reports, background checks, sanctions screening, financials, references, attestations — plus your own structured forms. You control what's required per certification and how each item is graded.

Will vendors actually pay for this?

Vendors pay because certification is the gate to working with you — and what they get is a real credential: a guided portal, one place for every client's requirements, and a shareable, live-verified certificate they can present to other clients.

How do we trust a vendor's certificate?

Every certificate carries a QR code and a verification URL. Status, issue and expiry dates, and approved locations are checked against the platform live at view time — an expired certification shows expired, instantly.