NOMINATION HIGHLIGHTS

The problem with traditional TPRM is not only the tools. It’s the underlying assumption: that vendor self-attestation reflects reality. Questionnaires measure how well a vendor describes their security posture, not whether that posture actually exists. Strike Graph built Trust Chain to solve a different problem—not how to collect vendor answers faster, but how to verify whether those answers are true.

Strike Graph’s Trust Chain is a novel AI-native TPRM solution that replaces the security questionnaire model of vendor risk assessment with a new approach that validates whether or not vendor evidence meets compliance requirements. Trust Chain requires vendors to submit actual compliance documentation—security audits, penetration test results, breach response procedures—and uses Verify AI, Strike Graph’s patent-pending evidence validation engine purpose-built for compliance, to test each submission against the specific requirements it is meant to satisfy. Gaps surface automatically. No manual review required. No false confidence from a completed questionnaire. This is a fundamental shift in how vendor risk is assessed and managed.

Three capabilities define the platform:
– Evidence Request Libraries: Compliance teams define exactly what documentation vendors must submit, drawn from Trust Chain’s standard library or converted from existing questionnaire workflows.
– AI Evidence Validation: Verify AI tests each vendor submission against the compliance requirement it is meant to address—assessing whether evidence demonstrates control effectiveness; not that a document was received.
– Automated Supply Chain Monitoring: Continuous vendor risk visibility with custom evidence expiration schedules and automated refresh requests, replacing point-in-time assessment with persistent monitoring.

Trust Chain is built directly into the Strike Graph platform, meaning vendor risk data lives alongside internal compliance programs, framework controls, and audit evidence—no separate tool, no disconnected workflow.

Pilot program results: vendor assessment completion rates more than double those of traditional questionnaire-based tools, and a 92% reduction in customer time spent on TPRM.
Chris Steffen, VP of Research at Enterprise Management Associates, noted that Trust Chain is “architecturally different: rather than asking vendors what their controls look like, it validates whether the evidence they submit actually demonstrates those controls. That’s the shift the market needs.”

The Head of IT Security at Sanmina confirmed the operational impact: “We adopted Trust Chain, which provides a user-friendly interface with notifications and consolidates all supply chain cybersecurity information into a single dashboard, giving a holistic view of our vendor risk. With Strike Graph, we were able to implement a formal process for collecting vendor evidence and validating their security controls.”