PartnerScope

PartnerScope · Plans

Third-party AI risk — without the 40-page questionnaire

PartnerScope assesses your vendors across 13 dimensions — behavioural, financial, and AI-compliance — with automated tests, documentary review and AI red-teaming. Drop-in reports aligned with EU AI Act, GDPR, DORA and NIS2.

See the plans → Try the free snapshot
  • Used by DACH risk teams
  • 48h SLA
  • EU-hosted · GDPR-compliant
  • Independent analysts
Not ready to buy? Get a 60-second risk snapshot — 4 questions, no account.
Try it free →

Pricing

Three tiers. One methodology.

Every tier shares the 13-dimension framework. The difference is depth: which tests we run, how many questions, whether a named analyst signs the report, and whether we keep watching after delivery.

Starter

€99
Single vendor · 24h SLA · one-time

Spot-check a vendor, or stress-test our methodology.

  • Automated checks: DNS/TLS, security headers, breach history, mail deliverability, basic sanctions, CT log scan
  • 39-question self-service questionnaire
  • 5–8 page PDF report with risk scorecard, top concerns, upgrade path
  • Valid 90 days
Buy Starter — €99 →

SEPA / card payment via Stripe. Instant delivery of portal link.

Most popular

Pro

€299
Single vendor · 48h SLA · one-time

Serious vendor decisions — new contract, renewal, audit response.

  • Everything in Starter, plus:
  • Full 78-question analysis across all 13 dimensions
  • Documentary review (DPA, ISO 27001, SOC 2, Model Card, SBOM, BCP, IR plan)
  • Sanctions + adverse media + PEP + UBO verification (DACH + global)
  • Credit score + insolvency check
  • AI red-team (5 payloads: prompt injection · jailbreak · PII leakage)
  • EU AI Act Annex III classification + obligations gap
  • 20–30 page report + remediation checklist
  • Analyst + QA reviewer named on report
  • Valid 180 days · 72h re-score included
Start a Pro assessment → Book a 15-min demo →

Enterprise

€4 900
per quarter · 15-vendor minimum · 24h SLA · SSO

15+ vendors, regulated industries, ongoing compliance posture.

  • Everything in Pro, plus:
  • Continuous monitoring — 11 signals polled weekly (breach, sanctions, cert, UBO, model, SBOM CVEs…)
  • 25-payload AI red-team suite (injection, jailbreak, PII, bias, robustness, agentic abuse)
  • Human intelligence — reference calls, ex-employee interviews, site visits on request
  • 4th-party supply-chain mapping + concentration risk
  • Dashboard with SSO (SAML 2.0, OIDC)
  • GRC integrations: ServiceNow, Archer, OneTrust, SAP Ariba, Coupa
  • SIEM webhook: Splunk, Sentinel, Slack, Teams
  • Dedicated analyst + quarterly exec briefing
  • Additional vendors €199 / vendor / quarter
Book Enterprise call →

One-time onboarding €2 500 (SSO, integrations, portfolio import).

Why PartnerScope

Built for the EU risk stack.

EU

Built for the EU stack.

EU AI Act, GDPR Art. 28, DORA Art. 28–30, NIS2. Every finding mapped to regulation and Annex.

Evidence you can audit.

Every claim linked to timestamped, SHA-256-hashed artefacts. 7-year object-locked storage.

Independent and named.

Every report signed by a named analyst and QA reviewer. 15-day vendor right-of-reply.

Free snapshot · 60 seconds · no account

Get a 60-second AI-risk snapshot

Answer 4 questions about a vendor you're evaluating. We score it against three AI-specific dimensions (data provenance, model transparency, regulatory readiness) and email you a preview alongside your upgrade path.

  1. 1
    Data Provenance
    The vendor can fully document training data sources for their AI models.
    1 — No lineage — cannot say where data came from. 5 — Complete lineage with licences and consent basis.
  2. 2
    Model Transparency
    The vendor publishes a Model Card or System Card for each model in production.
    1 — None published. 5 — Comprehensive, updated with every release.
  3. 3
    Model Versioning
    Model versions are tracked and clients are notified of material changes.
    1 — No versioning. 5 — SemVer + changelog + client notice.
  4. 4
    EU AI Act Readiness
    The vendor has completed EU AI Act Annex III self-assessment (and registered, if applicable).
    1 — Not started. 5 — Registered, documentation ready.
GDPR: EU-hosted, 90-day lead retention, privacy.

Frequently asked

Questions buyers ask before signing the PO

How is this different from our existing GRC tool?

We plug in as a data source, not a replacement. Findings export as JSON, CSV, Parquet and deliver via direct webhook to ServiceNow, Archer, OneTrust and SAP Ariba.

Do vendors have to pay?

No. The buyer pays; vendors respond to a questionnaire at no cost.

Who runs the red-team?

Our analysts, using a maintained catalogue aligned to OWASP LLM Top 10 (2025), MITRE ATLAS and NIST AI RMF. Sandbox only; production is never exposed.

GDPR / EU hosting?

Yes. All data stored in EU (Frankfurt). DPAs signed with every customer. Sub-processors listed on trust.partnerscope.eu.

Refunds?

Starter refundable within 24h if automated tests cannot complete. Pro and Enterprise refundable pro-rata for undelivered work.

Can we self-serve?

Starter and Pro, yes — instant Stripe checkout and portal access. Enterprise requires a scoping call (portfolio sizing, SSO, integrations).

Ready to start?

Run a Starter in minutes — or talk to us about Enterprise.

Curious how we score vendors? See our assessment methodology →

See the plans → Email us

Starter — €99

Which vendor are you assessing? You'll be redirected to Stripe to pay.