SYSTEM STATUS: SECURE

The Attack Surface
Is Everywhere

A production-grade Third-Party Risk Management (TPRM) platform. Built on .NET 9, Clean Architecture, and Metadata-Driven Sagas to secure your supply chain.

SCANNING VENDOR ECOSYSTEM...

Domain Architecture

Sophisticated Domain-Driven Design with strict Bounded Contexts.

Lifecycle Management

  • Vendor Profile: The "Golden Record."
  • Fourth Party: Tracks sub-processors (Concentration Risk).
  • Exit Strategy: Mandatory data return protocols.
🛡️

Assessment & Compliance

  • Dynamic Forms: SIG, CAIQ, ISO questionnaires.
  • Scoring Engine: Calculates Inherent Risk automatically.
  • Evidence: Document storage via MongoDB GridFS.
🚨

Incident Response

  • Breach Mapping: Map "Log4j" to all affected vendors.
  • Remediation: Trackable task workflows.
  • SignalR: Real-time alerts to the CISO dashboard.
⚖️

Contract Governance

  • SLA Monitoring: Performance tracking.
  • Security Addendum: Mandatory clause validation.
  • Oracle Vector: Semantic search of legal text.

Metadata-Driven Strategy Engine

We don't hard-code workflows. The database drives the process.

01

API Trigger

Vendor created. Command Handler reads TableMetadata to find strategy.

FastEndpoints
02

Message Bus

Publishes event to RabbitMQ using routing key VendorSagaInit.

RabbitMQ
03

Saga Worker

Background service initiates the configured Saga (Due Diligence checks).

Masstransit / MediatR
04

Real-Time UI

Saga pushes progress to Blazor client via SignalR hub method defined in DB.

SignalR

360° Risk Intelligence

High-performance analytics powered by Fact Tables and Time-Series data.

12
Critical Incidents
⚠️
98%
SLA Compliance
📈
450
Active Vendors
🏢
RISK BURN-DOWN CHART (Real-Time)

The "Two-User" Pattern

Enterprise security requires separating Identity from Domain logic.

  • Identity User: Managed by Auth Context. Handles MFA, Lockout, and Multi-tenancy.
  • Domain User: The "Risk Analyst." Managed by Domain Context. Handles assignments and workflow.
  • Row-Level Security: TenantId injection ensures strict data isolation.
public class RiskAnalyst : IAggregateRoot
{
  public Guid Id { get; private set; }
  public Guid ApplicationUserId { get; private set; }
  public TenantId TenantId { get; private set; }

  public void AssignVendor(Vendor v)
  {
    // Domain Logic Enforced Here
    if (v.RiskLevel > Risk.High && !IsSenior)
      throw new DomainException("Auth Failure");
  }
}