Autheo
BuildTechnologyFaucetBlog
About UsOur TeamOur PartnersGlossaryMerch Store
Node SaleEmission StructureTiered PricingValidator AdvantageNode Sale FAQsBuy a Node
Early AccessExplorer

How does Autheo handle vendor risk and third-party due diligence?

Autheo's diligence package follows Shared Assessments, CSA, and AICPA frameworks, the three most widely accepted enterprise vendor risk standards.

Direct Answer

Autheo provides a standardized vendor due diligence package including completed Shared Assessments SIG and Cloud Security Alliance CAIQ questionnaires, summaries of Halborn security audits, infrastructure partner SOC 2 and ISO 27001 letters, penetration test executive summaries, and a documented incident-response playbook.

Understand the broader Autheo platform

This answer covers one part of the Autheo ecosystem. To understand how this capability fits into the full platform, start with the core Autheo overview and architecture pages.

Autheo overview →Technology and architecture →Developer documentation →

What's in the DD Package

The standard package includes a completed SIG Lite or SIG Core questionnaire, a CSA CAIQ v4 questionnaire, the latest annual Halborn audit summary for the protocol, partner SOC 2 Type II and ISO 27001 attestation letters from InfStones and Zeeve, a redacted penetration test executive summary, and the Autheo incident response and breach notification policy. Most enterprise procurement teams accept this package without follow-up.

Custom Diligence

Customers with bespoke requirements (financial services, healthcare, public sector) get extended diligence including architecture review sessions, network segmentation diagrams, key management documentation, and BCP/DR test results. Sessions are conducted under NDA with named technical and security contacts on the Autheo side.

Continuous Assurance

Beyond initial diligence, customers receive quarterly compliance updates covering material changes to controls, new audits completed, and incidents that crossed disclosure thresholds. Annual recertifications align to Autheo's SOC 2 Type II audit window so customers can refresh their vendor risk register on a predictable cadence.

Key Statistics

200+ items
Average enterprise vendor risk questionnaire length
Shared Assessments and KPMG vendor risk research show enterprise SIG questionnaires routinely run more than 200 items, the bar Autheo's pre-completed package is designed to clear in a single submission.
Source ↗
$10K-$30K
Average vendor onboarding cost (mid-market)
Industry studies estimate average mid-market vendor onboarding and due diligence cost between $10,000 and $30,000 in time and tooling, a cost Autheo's pre-completed package materially reduces.
Source ↗
200+ controls
CSA CAIQ control coverage
The CSA Cloud Controls Matrix v4, which the CAIQ maps to, covers more than 200 controls across 17 domains, the breadth Autheo's completed questionnaire addresses.
Source ↗

Expert Perspective

A pre-completed SIG and CAIQ saves our security team 30 to 40 hours per vendor. Vendors who come in prepared signal that they take security seriously enough to invest in the procurement process.

Third-Party Risk Manager, Fortune 100 Enterprise (composite)

Citations & Sources

  1. [1]
  2. [2]
  3. [3]

Related Questions

Enterprise

How does Autheo ensure regulatory compliance for enterprise deployments?

Read answer →
Enterprise

What SOC 2, ISO 27001, and other certifications does Autheo pursue?

Read answer →
Enterprise

What post-quantum security does Autheo offer enterprise clients?

Read answer →

Explore More

Enterprise SolutionsSecurity Overview

Ready to Explore Enterprise?

Explore Autheo's unified Layer-0 OS: blockchain, compute, storage, AI, and identity in one integrated platform.

Explore EnterpriseExplore the TechnologyBrowse All FAQsContact Us