ProcessUnity Introduces Generative AI Technology for Intelligent Questionnaire Scoping and Instant Controls Validation for Third-Party Risk Management

3 minute read

May 2025

by Kaitlyn Frank

Evidence Evaluator Accelerates Vendor Response Times via Automated Review of Certifications, Policies, and Other Assessment-Related Documentation

Concord, MA – May 7, 2025 – ProcessUnity, The Third-Party Risk Management Company, today introduced Evidence Evaluator, groundbreaking generative AI that reduces the manual lift of assessing and validating third-party security controls. A key component of ProcessUnity’s leading Third-Party Risk Management (TPRM) Platform, Evidence Evaluator automatically reviews third-party evidence and populates assessment responses complete with references to the specified evidence in the source documents.

For third-party risk teams overwhelmed by the hours spent reading security policies, SOC 2 reports, ISO27001 certifications, and other evidentiary documentation, Evidence Evaluator delivers a more consistent, accurate, and faster alternative. The technology analyzes third-party evidence, generates responses to questionnaires with supporting rationale and page reference locations, and flags any discrepancies in a third-party’s controls.

Unlike other AI-based TPRM assessment tools on the market, Evidence Evaluator stands out because it prioritizes:

  • Accuracy – Built and trained on ProcessUnity’s expansive cybersecurity large language model that delivers highly relevant reasoning behind each contextual result to reduce assessor review cycles.
  • Privacy – Built and trained in-house, with strict data protections in place. All data is encrypted in transit and at rest, and user-provided inputs are discarded after processing.
  • Flexibility – Created as framework-agnostic, Evidence Evaluator recognizes the nuances in language between different standards, regulations, and custom assessments.
  • Adaptability – Continuously updated through automated retraining, the dataset and resulting platform evolves to keep up with changes in industry language and regulations.
  • Integration – Embedded directly into the ProcessUnity TPRM platform, Evidence Evaluator eliminates the need for separate AI tools or manual integrations.

“We invested heavily in developing this advanced GenAI model to deliver far more than a generic, open-source tool,” said Dan Tobin, Senior Director of Analytics at ProcessUnity. “Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments. And because it’s fully integrated into our platform, teams can realize these benefits immediately.”

Built to Review the Documents That Define Third-Party Risk Posture

Trained using the world’s most comprehensive Third-Party Risk Management Large Language Model (LLM), Evidence Evaluator reads and understands virtually any document submitted as part of the vendor assessment process, accurately analyzing and interpreting the documents your team relies on to validate third-party controls. Examples include:

  • Statement of Controls Reports (SOC 1, SOC 2, etc.)
  • Certifications (ISO27001, etc.)
  • Completed Questionnaires (SIG Core, SIG Light, etc.)
  • Compliance Attestations (GDPR, CCPA, etc.)
  • Information Security Policies & Procedures
  • Business Continuity / Disaster Recovery Plans

Whether your third parties provide formal audit reports or internal policies, Evidence Evaluator extracts relevant insights and translates them into accurate, defensible responses, helping your team move from document review to decision faster than ever before.

About ProcessUnity

ProcessUnity is the Third-Party Risk Management company. Our software platforms and data services protect customers from cybersecurity threats, breaches, and outages that originate from their ever-growing ecosystem of business partners. By combining the world’s largest third-party risk data exchange, leading TPRM workflow platform, and powerful artificial intelligence, ProcessUnity extends third-party risk, procurement, and cybersecurity teams so they can cover their entire vendor portfolio. With ProcessUnity, organizations of all sizes reduce assessment work while improving quality and securing intellectual property and customer data so business operations continue to operate uninterrupted.

To learn more about Evidence Evaluator or to request a demo, visit our Evidence Evaluator page on the website.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.