VigiliaRes.
Request a demo
PRODUCT

Eight modules.
One structural truth.

VigiliaRes is built around a single object graph: controls, frameworks, risks, evidence, and the assessments that bind them. Every module you'll see below is a different lens on the same underlying structure.

01 / ASSESSMENTS

Maturity wizard

Six-area, weighted, branching

02 / RISK REGISTER

Quantified scoring

Impact × likelihood × velocity

03 / CONTROLS

Cross-mapped library

17 frameworks, one map

04 / EVIDENCE

Continuous capture

Time-stamped, attributed

05 / POLICIES

Versioned authoring

Templates, redlines, sign-off

06 / VENDOR RISK

Third-party reviews

Tiered, on a cadence

07 / AUDIT ROOM

Auditor workspace

Scoped, read-only, time-boxed

08 / REPORTING

Board-grade exports

PDF, CSV, live links

01 /Assessments

Six control areas.
Four answer types.
One score.

Run an assessment the way it's actually conducted — area by area, question by question, with branch logic that hides irrelevant items and an evidence pane that travels with you.

  • A·1
    Yes / No, Multiple Choice, Scaled, Free-text

    Match the question type to the data you actually have. Scaled questions render as 1–5 maturity sliders.

  • A·2
    Auto-save by control area

    No "submit" cliff. Move freely between areas; everything persists on blur.

  • A·3
    Approval workflow

    Optional second-line review before the assessment is locked and contributes to the rolled-up score.

  • A·4
    Industry overlays

    Healthcare, financial services, public sector, SaaS — each ships with its own question set and weighting.

ASSESSMENT
ISO 27001 — 2026 Q2
In review
Identity & Access
12/12
✓ DONE
Asset Management
9/9
✓ DONE
Cryptography
7/14
ACTIVE
Operations Security
0/18
QUEUED
Comms Security
0/11
QUEUED
Supplier Relationships
0/8
QUEUED
02 /Risk register
REGISTER · 47 OPEN
SORT: PRIORITY ↓
R-2401
Third-party data processor change without notification
Critical
9.4
Open
R-2398
Privileged session recording gap on prod jump-host
Critical
8.9
Open
R-2386
Vendor questionnaire overdue · Halberd Health
High
7.6
Active
R-2371
Shadow IT — unsanctioned LLM use in customer support
High
7.2
Active
R-2362
Lapsed background check renewal cycle
Medium
5.3
Mitigating
R-2345
Outdated DR runbook · 14 months
Low
2.1
Mitigating

A risk register your CFO will read.

Quantitative scoring across impact, likelihood, and velocity. Treatment plans attached to owners with deadlines that actually trigger reminders. Roll up to a heatmap; filter to the line item; click to the source.

9.4
CRITICAL · IMPACT
3.7d
VELOCITY · DAYS
62%
LIKELIHOOD
$2.1M
EXPECTED LOSS
03 /Control library

Map a control once.
Satisfy many frameworks.

The single most expensive thing in compliance is duplicate work. We model your controls as a graph and let you draw edges to as many framework clauses as apply. Answer the control once; it counts everywhere.

CONTROL · CRY-04

Encryption at rest is enabled for all production data stores using customer-managed keys.

SATISFIES · 6 CLAUSES
ISO 27001 · A.10.1.1SATISFIED
SOC 2 · CC6.7SATISFIED
NIST CSF · PR.DS-1SATISFIED
PCI DSS · 3.5SATISFIED
HIPAA · §164.312(a)(2)(iv)SATISFIED
FedRAMP · SC-28PARTIAL
04 /Evidence
CONTROL CRY-04 · EVIDENCE
2026·05·06 · 14:22 UTC
aws-kms-rotation-export.json · 12.4 KB
Captured by integration · attributed to m.okafor
2026·04·12 · 09:01 UTC
kms-rotation-policy-v3.pdf · 184 KB
Approved policy · v3 supersedes v2
2026·02·28 · 16:45 UTC
quarterly-key-audit-q1.csv · 8.2 KB
Quarterly review · 0 anomalies
2025·11·18 · 08:30 UTC
initial-kms-config.json · 3.1 KB
First evidence captured

Continuous, not last-minute.

Wire VigiliaRes to AWS, GCP, Azure, Okta, GitHub, and your existing ticketing system. Evidence flows in by itself. Every artifact is attributed, time-stamped, hashed, and linked to the control it satisfies.

SOURCES
42
Native integrations
CADENCE
15min
Polling default
RETENTION
7yr
Default, configurable
INTEGRITY
SHA-256
Per-artifact hash
05 / POLICIES

Versioned authoring with redlines.

A library of starter policies, your own rich-text edits, redline diffs between versions, and approval flows that map to control owners. Sign-off is captured as evidence automatically.

INFORMATION SECURITY POLICY · V4.2
All cryptographic keys SHALL be rotated annually or every 18 months and audited quarterly per CRY-04.
↻ APPROVED · M.OKAFOR · 2026·04·12
06 / VENDOR RISK

Tiered reviews on a cadence.

Rank vendors by data sensitivity. Tier 1 vendors get an annual deep questionnaire; Tier 3 gets a lightweight attestation. Renewals trigger automatically.

AWS · Production
T1
CURRENT
Stripe · Payments
T1
CURRENT
Halberd Health · BAA
T2
DUE 12D
Sentry · Error tracking
T3
+47D
07 / AUDIT ROOM

An auditor workspace.
Scoped, read-only, time-boxed.

Spin up a virtual room with exactly the scope your auditor is engaged for. They ask questions in a queue; your team answers with evidence already attached. When the engagement ends, the room closes. Permanent record of every interaction.

QUERIES OPEN3
QUERIES ANSWERED147
AVG TIME-TO-ANSWER2.4h
08 / REPORTING

Board-grade exports.

PDF for the board pack, CSV for the analyst, live link for the auditor. Every export is footnoted to the underlying evidence.

Board Quarterly
42 PAGES · PDF
2026·Q2
SOC 2 Pre-Audit
186 PAGES · PDF + EVIDENCE
2026·05·06
Risk Register
CSV · LIVE LINK
CONTINUOUS
Next step

Bring your control set. Leave with a structural read.