Additional Info

Company size (employees)10 to 49
Type of solutionCloud/SaaS


Ostendio MyVCM™ is an innovative, industry-leading Integrated Risk Management Platform that makes it easier to build, operate, and showcase an organization’s security program. Businesses of any size or industry that need to demonstrate compliance to security standards internally and externally can benefit from Ostendio MyVCM. The platform provides a single solution that incorporates users and requirements from across the enterprise. It gives access to over 150 standards, regulations, and frameworks including SOC 2, FedRAMP, HITRUST, and HIPAA.

Ostendio MyVCM helps companies:
Identify and quantify enterprise risk;
Quickly build and deploy security assessments;
Manage and respond to security incidents and breaches;
Align vendors and suppliers to security and compliance standards.

In addition, using MyVCM Auditor Connect, Ostendio customers who intend to work with an auditor can enter audit requirements and request information from auditors with the MyVCM Auditor Connect marketplace. Auditors can contract directly with Ostendio customers within the platform, providing a more transparent and efficient process. This offers customers and auditors significant time and cost savings when completing a complex audit.

MyVCM Vendor Connect addresses vendor security by allowing customers to invite vendors to create and maintain online records of their security and compliance readiness via assessments. Responses link to supporting documentation that is easily accessed and kept up to date. MyVCM customers can designate assessments to vendors based on specific regulations, or tailor them to their specific requirements.

The Ostendio MyVCM platform currently handles over 100,000 user activities every month, and over the past 12 months has supported more than 1,250 security assessments.

Ostendio customers join the MyVCM Trust Network which connects organizations with their vendors to help them safely share security information. Ostendio aims to make the MyVCM Trust Network the default security and risk management community in North America.

How we are different

The Ostendio MyVCM integrated risk management platform deserves recognition and stands out from the competition because:
1. It has a deeper reach - the platform is rolled out to and used by every employee, contractor, and support personnel, not just the security team. When everyone is involved in cybersecurity it is more meaningful to the organization.

2. It has a broader reach - Ostendio MyVCM customers automatically become part of the MyVCM Trust Network which allows them to connect with any other MyVCM Customer to send and receive security information. For example, MyVCM users send out vendor risk assessments with MyVCM Vendor Connect and work with auditors using MyVCM Auditor Connect. In each scenario, customers can send and receive sensitive data without ever having to leave their own MyVCM instance.

3. It is more comprehensive - The Ostendio MyVCM platform supports every aspect of an organization's cyber security program, from policy and procedures, to asset management, risk management, learning management, incident management, training, and more. Essentially the platform can be used to build, operate and showcase every aspect of an organization's security and risk management program across more than 100 industry frameworks.

The Ostendio MyVCM platform is the only platform that allows customers to view 100% of your security program on an easy-to-read, customizable dashboard.