RiskXchange
Platform · Security ratings

Ratings that move when reality moves.

Continuously-monitored security ratings backed by combined-signal analysis — outside-in scans plus the vendor's own evidence, on the same score. Not a stale snapshot from a single source.

The reality

The numbers your team already knows.

Most security ratings are single-signal — outside-in scans only — and most of them sit between refreshes for weeks at a time. A score that moves the day after the breach is a score that didn't help.

7-30 days
Typical rating refresh latency at competing platforms
Industry estimate
11 days
Average time to act on a vendor breach signal
Industry average
Daily / weekly
Refresh cadence for customer / vendor scans on RX
The agents that drive this

REX scores it. ARIA contextualises it. TARA acts on the drop.

The rating is the head of the funnel. REX produces the score from continuous external scanning. ARIA layers in the vendor's own evidence. TARA decides what a drop should actually trigger.

REX avatar
REX
Risk & Breach Intelligence

A rating that's continuously, not occasionally, calibrated. REX's Outside-In Scanner refreshes daily for customers and weekly for vendors — and the Continuous Monitoring sub-agent watches the time-series for material changes around the clock.

What you get
  • Outside-in scoring across 5M+ companies
  • Continuous Monitoring detects material drops in real time
  • BreachWatch correlates dark-web findings into the score
ARIA avatar
ARIA
Assessment & Risk Intelligence

A rating, joined to the vendor's own evidence. ARIA pairs REX's external score with the vendor's questionnaires, certs and trust centre — so the rating reflects both what we can see and what's been attested.

What you get
  • Combined-signal analysis on every vendor
  • Document evidence linked to the score that summarises it
  • Response Validator flags ratings/attestation mismatches
TARA avatar
TARA
Tiering & Remediation

A drop that triggers the right action automatically. When a rating moves materially, TARA decides what it means — for that vendor's tier, against the regulatory frameworks in scope, and what the SLA-bound remediation should be.

What you get
  • Smart Tiering — score drops weighted by inherent risk
  • SLA-driven remediation kicked off automatically
  • DORA, NIS2, ISO 27001 gap analysis on every vendor
What changes

From single-signal score to combined-signal posture.

The number stops being a thing you check on a dashboard and starts being something the agents act on while you sleep.

Drops detected, not discovered

Continuous Monitoring catches material rating changes in real time, not at the next refresh window.

The score is the front of the evidence

Click any rating and you get the underlying signals — scan data, breach findings, attested evidence — joined together.

Mismatches surface automatically

When a vendor scores well externally but the questionnaire suggests otherwise, ARIA flags it before you investigate.

Action follows the drop, not the meeting

A material rating change opens a TARA-led remediation track without waiting for someone to spot it on a dashboard.

The combined-signal model is the difference. We stopped arguing about whose rating was 'right' — we started looking at the score and the evidence together.

MK
CISO
FTSE 250 financial services

See it on your vendors.

Book a 30-minute call and we'll have NOVA, ARIA and REX produce a complete posture report on one of your live vendors inside 24 hours.