Acerta
Vendor trust, verified.
CIA-based risk tiering. OSINT-backed verification.
Built for procurement and security teams operating under GDPR, NIS2 and DORA. Not another Excel spreadsheet.
Four stages. Zero guesswork.
IRQ Intake
Six questions determine your CIA exposure vector and assign an inherent risk tier — before the vendor is contacted.
CIA Tier Assignment
Confidentiality, Integrity and Availability scores are normalised to a 1–4 tier. Tier drives question depth.
Adaptive DDQ
12 EU-aligned domains, 150+ questions. Vendors receive only what is proportionate to their tier.
OSINT + Report
Tier 1–2 vendors undergo automated OSINT vetting and analyst sign-off before a scored PDF report is issued.
Vendors can say anything.
OSINT does not lie.
For Tier 1 and Tier 2 vendors, Acerta goes beyond self-attestation. Automated checks across EU registries, sanctions databases, breach records and external security posture — followed by a structured analyst review before approval.
- ›OpenCorporates · EU company registry verification
- ›EU Financial Sanctions List · OpenSanctions (332 sources)
- ›HaveIBeenPwned · data breach history
- ›Shodan · external attack surface (passive)
- ›Adverse media · regulatory fines · court records
- ›Financial health · insolvency register check
Demo Scenarios
Pre-configured vendor scenarios. Loads directly into the assessment flow.