Product Use Cases
Vendor Onboarding Questionnaire Automation Risk Scoring
Integrations Pricing Blog About
Sign In Request Access

Workflow Detail

From inbox to approved vendor — step by step

Five stages. The first three are automated. The last two require your analyst. That's the design — Clarito handles what doesn't require judgment so your team can spend time on what does.

01

Questionnaire arrives

A vendor sends their security questionnaire — by email, by shared drive link, or through a direct upload portal you give them. Clarito accepts CSV, XLSX, PDF, Word, and several proprietary portal formats.

Forward questionnaire emails directly to your Clarito intake address
Bulk import via API for high-volume programs
12 format parsers handle the widest variety of vendor questionnaire styles
02

Controls taxonomy parsing

Clarito's taxonomy engine reads each questionnaire item and maps it to a canonical control — drawing from NIST CSF, ISO 27001, SOC 2, and CIS Controls. Ambiguous items are flagged for human review rather than guessed at.

Canonical mapping across 4 major frameworks
Low-confidence items surfaced for analyst review
Custom framework extensions supported at Enterprise tier
03

Risk scoring against your posture

Each mapped control is compared against your defined accepted posture for that vendor's tier. Controls that meet your standard are marked as passing. Gaps are flagged with severity scores — high, medium, or low — based on the criticality of the control domain.

Posture templates per vendor tier (critical, standard, low-risk)
Composite score (0–100) with per-domain breakdown
Auto-approve low-risk vendors below your threshold instantly
04

Response drafts generated

When a vendor questionnaire requires you to provide evidence or written responses, Clarito drafts them from your evidence library. Your library is a store of pre-approved answers mapped to specific controls — encryption policy, access control doc, IR plan. The draft is pre-populated; your analyst reviews and edits as needed.

Evidence library stores your standard control answers
Human review step is mandatory before any response is sent
Export in vendor's original format (CSV, PDF, portal)
05

Decision + audit trail

Your analyst approves, conditionally approves, or rejects the vendor. Every decision is timestamped, attributed, and logged to a permanent audit trail. If a regulator or auditor later asks why vendor X was approved, you have a complete record: what was assessed, who reviewed it, what the risk score was, and when the decision was made.

Immutable audit log: every review decision recorded with timestamps
One-click regulator-ready export (PDF or CSV)
Push approval status to ServiceNow, Jira, or Slack

Get Started

Walk through your first questionnaire with us

Request access and a member of our team will run your first import alongside you in a direct session — help you define your posture templates, load your initial evidence library documents, and complete your first end-to-end review. No recorded tutorial. No ticketing system.

Request Access

Common questions

Clarito includes 12 built-in parsers covering CSV, XLSX, PDF (structured), Word, and common security questionnaire portal exports (SIG Lite, CAIQ-style). If your vendor uses a format we don't support, contact us — we typically add new parsers within a few weeks.
When Clarito can't map a questionnaire item to a canonical control with sufficient confidence, it surfaces it to your analyst rather than guessing. You review the item, confirm or override the mapping, and the system learns from your decision for future similar items.
Yes — at Professional tier and above, you have 5 user seats and can assign review tasks to specific analysts. Each person's review actions are separately logged in the audit trail. Approval typically requires a specific decision-maker to sign off.
Every ingestion, scoring run, draft generation, analyst action, and final decision is logged with a UTC timestamp and the user who performed it. The audit trail is immutable — no editing after the fact. You can export it as a PDF or CSV for regulator or internal audit purposes.
For a standard vendor with a 40-50 item questionnaire and a clean posture match: the automated scoring and draft generation takes a few minutes. Analyst review of the draft and final decision typically takes 20-60 minutes — compared to the manual baseline of 10-40 hours depending on complexity.

Ready to compress your vendor review cycle?

Request access and start your first questionnaire import — with a member of the Clarito team on the call.

Request Access