Vendor Reviews & Questionnaires

Turn vendor questionnaires into evidence-backed answers. Arx generates documentation that satisfies SOC 2, ISO 27001, and custom security assessments.

The problem

When your customers (or their vendors) ask security questions about your agents, you need answers. Typical vendor questionnaires include:

  • "Is access logged and auditable?"
  • "How are high-risk changes approved?"
  • "Can you prove least privilege?"
  • "What compliance frameworks do you follow?"
  • "How do you handle incident response?"

Without Arx, answering these means explaining your agent's code. With Arx, you explain the platform that governs the agent.

How Arx answers questionnaires

Instead of relying on agent code documentation, Arx provides platform-level evidence:

  • "Is access logged?" — Arx audit trail shows every action, approval, and change. Exportable on-demand.
  • "How are high-risk changes approved?" — Approval gates documented in policy. Audit shows approver, time, reason.
  • "What's your blast radius?" — Registry entry declares exactly which connectors agent can call.
  • "Can you prove compliance?" — SOC 2, NIST AI RMF, ISO 42001, EU AI Act mappings built-in.

Common questions answered

Q: Who can approve high-risk actions?
A: Defined in agent's policy. Approval routed to owner or designated approver. Audit shows who approved and when.

Q: How is least privilege enforced?
A: Policy declares blast radius. Agent can only call approved connectors. Runtime enforcement prevents violations.

Q: How do you handle incidents?
A: Complete audit trail enables root cause analysis. Agents can be suspended or rate-limited instantly via policy.

Q: What happens if credentials are compromised?
A: Arx stores credentials encrypted. Rotation available on-demand via connectors menu. Audit shows what accessed what.

Questionnaire templates

Arx pre-fills answers for common questionnaires:

  • Standardized Questionnaire (Google)
  • Shared Assessments CAIQ
  • Unified Audit Questionnaire (AWS, Azure)
  • Custom enterprise questionnaires

Templates reduce your answering time from hours to minutes. Your compliance team reviews, then sends answers to customers.

Audit readiness

Arx helps your agents pass third-party audits:

  • Export audit trails for auditor review
  • Generate control mapping reports
  • Provide evidence of human oversight
  • Demonstrate compliance with frameworks

Auditors can request read-only access to Arx directly rather than relying on your screenshots.