Enterprise TPRM ERP

Secure Your
Attack Surface.

The Third-Party Risk Management platform engineered for the modern threat landscape. .NET 9 Clean Architecture, Metadata-Driven Sagas, and AI-Powered Risk Intelligence.

360°

Risk Visibility

< 100ms

Fact Table Query

Zero

Contract Drift

100%

Audit Trail Coverage

Domain-Driven Architecture

We don't build monoliths; we build Modular Citadels. The system is partitioned into strict Bounded Contexts to manage the complexity of vendor lifecycles and compliance frameworks.

Lifecycle Core →

The "Golden Record." Onboarding, Offboarding, and Exit Strategy state machines.
Risk & Compliance →

Automated SIG/CAIQ scoring, Finding generation, and Inherent Risk calculation.
Incident Response →

Breach mapping. "Log4j" impact analysis across the entire supply chain.
Contract Governance →

SLA monitoring, Security Addendum verification, and renewal logic.

Vendor (Aggregate Root)

Id GUID (PK)

RiskTier Enum (Critical)

OnboardingState StateMachine

OverallRiskScore ValueObject

FourthParty (Concentration Risk)

ParentVendorId GUID (FK)

SubProcessorName String (AWS)

DataSensitivity Enum (PII)

TableMetadata (Saga Config)

TableName String ('Vendor')

StrategyName String ('VendorStrategy')

RabbitMqRoutingKey String

The Metadata-Driven Saga Engine

We replaced hard-coded workflows with database-driven strategies. Creating a Vendor automatically triggers a configurable orchestration pipeline.

📝

API Request

POST /api/vendors

⚙️

Command Handler

Lookups TableMetadata

🐇

RabbitMQ Publish

Key: VendorSagaInit

🤖

Worker Service

Executes VendorStrategy

📡

SignalR Push

Real-time UI Update

01 // THE FOUNDATION

Enterprise .NET 9 Stack.

Built for resilience and scale. We utilize the REPR Pattern (Request-Endpoint-Response) via FastEndpoints to create highly testable, vertical slices of functionality.

Shared Contracts: The API, Blazor Web, and .NET MAUI mobile apps share the exact same POCO library (`BlazorMauiShared`), guaranteeing zero contract drift.

CreateVendorEndpoint.cs

1public class CreateVendorEndpoint : Endpoint<CreateVendorRequest> 2{ 3 public override async Task HandleAsync(Request r, CancellationToken c) 4 { 5 // 1. Execute Domain Logic 6 var vendor = Vendor.Create(r.Name, r.TaxId); 7 8 // 2. Persist & Trigger Saga (via Metadata) 9 await _mediator.Send(new CreateVendorCommand(vendor)); 10 11 await SendOkAsync(new Response(vendor.Id)); 12 } 13}

Executive Risk Dashboard

[Risk Burn-down Chart Visualization]

CRITICAL: AWS Outage

Concentration Risk Impact: 45 Vendors

HIGH: Expired SOC2

Vendor: Saleforce CRM

02 // INTELLIGENCE

Data Warehouse
Architecture.

TPRM requires historical trend analysis. We don't query raw logs. We implement the **Fact Table Pattern** (`VendorScorecard`) to pre-aggregate metrics.

Concentration Risk: The system models the supply chain graph. We can instantly query: "If AWS us-east-1 goes down, which of my vendors go down with it?"

03 // SECURITY

The Two-User Pattern.

We separate Identity from Domain. Identity User handles AuthN (MFA, Lockout). Domain User handles AuthZ (Department, Risk Level).

Granular Permissions: We support Row-Level Security (RLS) via TenantId injection, ensuring strict isolation between business units or clients.

AuthDbContext.cs

1// Row-Level Security Implementation 2protected override void OnModelCreating(ModelBuilder b) 3{ 4 b.Entity<Vendor>() 5 .HasQueryFilter(v => v.TenantId == _currentTenant.Id); 6 7 // Audit Trail Enforcement 8 b.Entity<AuditLog>().ToTable("AuditLogs", "sec"); 9}

Domain-Driven Architecture

Lifecycle Core →

Risk & Compliance →

Incident Response →

Contract Governance →