Products

What You Can Do With ComplianceHarbor

Purpose-built products for every risk stakeholder — CISO, CIO, CRO, Compliance Director, CAB Chair, and VP Vendor Risk. Each includes predefined AI workflows, curated tool sets, and demo narratives.

Request a Demo
ThreatSight DeployGuard BoardView AuditReady ChangeIntel VendorRisk Platform
Workflows

Four workflows. Infinite risk scenarios.

Start with the workflow that matches your role, then explore the full product suite below.

Assess a Change

Before any deployment, maintenance window, or vendor change, get a composite risk score from 26 external sources in seconds.

assess_change_risk suggest_change_windows compare_change_windows batch_assess
See it in action →

Prove You're Audit-Ready

Auto-generate tamper-proof evidence receipts mapped to SOC 2, ISO 27001, PCI-DSS, HIPAA, SOX, NIS2, DORA, and FedRAMP.

generate_evidence_receipt check_compliance_calendar check_regulatory_calendar generate_report
See it in action →

Know Your Vendor Risk

Score any vendor's external risk posture across DNS, SSL, breach history, supply chain concentration, and geopolitical exposure.

assess_vendor_risk check_vendor_security_rating check_supply_chain_risk check_domain_health
See it in action →

Gate Your Deployments

Automate go/no-go decisions in your CI/CD pipeline with real-time external risk data.

evaluate_rollback_trigger assess_change_risk check_csp_health
See it in action →
complianceharbor.ai — ThreatSight
13 Included Tools
triangulate_cve
get_kev_exposure
get_nvd_exposure
get_vulnerability_summary
+ 9 more tools included
CISO / Security

ThreatSight — Detect. Correlate. Respond.

Automated CVE triangulation, ransomware correlation, MITRE ATT&CK mapping, and CI/CD halt decisions — collapsing the detection-to-action cycle from days to seconds.

Workflow
NVD bulk feed detects new CVE affecting your stack
triangulate_cve cross-references CISA KEV, NVD, and AlienVault OTX
check_ransomware_exposure correlates with active campaigns
get_threat_ttp_mapping maps to MITRE ATT&CK tactics
map_attack_surface identifies unpatched exposure points
evaluate_rollback_trigger halts CI/CD if risk exceeds threshold
triangulate_cve get_kev_exposure get_nvd_exposure get_vulnerability_summary check_dark_web_exposure get_current_cyber_threat_level get_threat_ttp_mapping map_attack_surface check_ransomware_exposure check_patch_race check_certificate_intelligence check_domain_health evaluate_rollback_trigger
See CISO demo narrative →
CIO / IT Operations

DeployGuard — Deploy with Confidence.

Automated CI/CD deployment gates with real-time environmental intelligence, halt reason cards, and optimal change window recommendations.

Workflow
CI/CD pipeline calls assess_change_risk during build
evaluate_rollback_trigger returns halt/proceed decision in <2 seconds
Environmental checks (weather, ISP, power, CSP) provide context
suggest_change_windows ranks alternative deployment times by residual risk
assess_change_risk evaluate_rollback_trigger suggest_change_windows compare_change_windows check_datacenter_weather check_regional_isp_health check_toolchain_status check_csp_health check_power_grid_status check_disaster_alerts check_software_eol check_regional_resilience monitor_risk
See CIO demo narrative →
complianceharbor.ai — DeployGuard
60/ 100
MEDIUM RISK
3 sources elevated • 2 timing-reducible
Source Breakdown
CISA KEV+12
MSRC Patch Tuesday+8
Cloud Provider Health+0
Compliance Calendar+6
complianceharbor.ai — BoardView
FAIR-Aligned Financial Impact
Annual Loss Expectancy
$2.4M
Value at Risk (95%)
$8.1M
Loss by Threat Scenario
Ransomware$1.2M
Data Breach$680K
Supply Chain$340K
DDoS / Insider / APT$180K
CRO / Board Risk

BoardView — Risk in Dollars. Ready for the Board.

FAIR-aligned financial quantification, risk posture trending, and automated board deck generation — translating technical risk into executive-ready dollar figures.

Workflow
assess_risk_posture captures point-in-time risk across your stack
quantify_cyber_risk translates scores into ALE, VaR, and SLE figures
get_risk_trend shows quarter-over-quarter improvement
generate_report produces a board-ready deck with financials and recommendations
assess_risk_posture quantify_cyber_risk generate_report get_risk_trend check_regional_resilience check_geopolitical_risk explain_risk_score
See CRO demo narrative →
Compliance Director

AuditReady — Continuous Compliance. Zero Manual Work.

SHA-256 tamper-proof evidence generation, regulatory calendar tracking, internal control signal ingestion, and full remediation lifecycle management — mapped to 8 compliance frameworks.

Workflow
generate_evidence_receipt creates SHA-256 hashed evidence for every assessment
check_compliance_calendar tracks regulatory deadlines and blackout windows
Control connectors ingest signals from Okta, CrowdStrike, and ServiceNow
create_remediation_findings converts gaps into tracked findings
resolve_remediation_finding closes the loop with cryptographic evidence receipts
generate_evidence_receipt check_compliance_calendar check_regulatory_calendar check_regulatory_pressure create_remediation_findings list_remediation_findings update_remediation_finding resolve_remediation_finding ingest_identity_signals ingest_endpoint_signals ingest_ticketing_signals
See Compliance Director demo narrative →
complianceharbor.ai — AuditReady
Evidence Receipt Verified
sha256:a4f8e3b1c9d7...
Generated: 2026-03-08T14:32:00Z
Mapped Controls
SOC 2 CC6.1, CC7.1, CC7.2
PCI-DSS 6.3.3, 6.5, 11.3
ISO 27001:2022 A.8.32, A.8.8
NIST CSF v2.0 ID.RA-01, DE.CM-08
complianceharbor.ai — ChangeIntel
CAB Batch Assessment
CRQ-2024-001
PROCEED
CRQ-2024-002
HALT
CRQ-2024-003
PROCEED
CRQ-2024-004
REVIEW
CRQ-2024-005
PROCEED
CRQ-2024-006
PROCEED
1 collision detected 3 windows compared
Change Advisory Board

ChangeIntel — Smarter CAB Decisions in Seconds.

Batch change assessment, collision detection, environmental context, and side-by-side window comparison — transforming marathon CAB reviews into data-driven decisions.

Workflow
batch_assess_changes scores an entire CAB agenda in one pass
Collision detection identifies overlapping infrastructure impacts
Environmental checks (weather, power, ISP) provide operational context
compare_change_windows ranks competing time slots by risk
explain_risk_score gives plain-English rationale for each decision
batch_assess_changes compare_change_windows assess_change_risk suggest_change_windows explain_risk_score check_datacenter_weather check_power_grid_status check_disaster_alerts check_regional_isp_health
See CAB demo narrative →
VP Vendor Risk

VendorRisk — Assess Every Vendor. Trust No Assumption.

6-dimension vendor risk scoring, supply chain analysis, security rating, and domain health validation — reducing 80+ analyst hours per vendor to seconds.

Workflow
assess_vendor_risk evaluates across 6 dimensions (vulnerability, security, incidents, ops, compliance, EOL)
check_supply_chain_risk analyzes upstream dependencies and SBOM completeness
check_vendor_security_rating grades DNS, TLS, and email security (SPF/DMARC)
check_domain_health validates certificate chain and reputation
batch_assess_changes compares multiple vendor candidates during procurement
assess_vendor_risk check_supply_chain_risk check_vendor_security_rating check_domain_health batch_assess_changes check_geopolitical_risk
See VP Vendor Risk demo narrative → Try Free Scan →
complianceharbor.ai — VendorRisk
VULNVulnerability Score
NVD CVE analysis • EOL detection • Patch currency
SECSecurity Rating
DNS • TLS • SPF/DKIM/DMARC • Certificate chain
SUPPLYSupply Chain Risk
SBOM completeness • Upstream dependencies • Concentration risk
GEOGeopolitical Risk
Jurisdiction analysis • Sanctions screening • Regional stability
Engineering Teams

Platform — All 48 Tools. Your Workflow.

For engineering teams that want direct API/MCP access to build custom integrations. All 48 tools, no predefined workflows — compose your own risk intelligence pipelines.

$2,500/mo
1,500 assessments included
All 48 MCP Tools
triangulate_cve get_kev_exposure get_nvd_exposure get_vulnerability_summary check_dark_web_exposure get_current_cyber_threat_level get_threat_ttp_mapping map_attack_surface check_ransomware_exposure check_patch_race check_certificate_intelligence check_domain_health evaluate_rollback_trigger assess_change_risk suggest_change_windows compare_change_windows check_datacenter_weather check_regional_isp_health check_toolchain_status check_csp_health check_power_grid_status check_disaster_alerts check_software_eol check_regional_resilience monitor_risk assess_risk_posture quantify_cyber_risk generate_report get_risk_trend check_geopolitical_risk explain_risk_score generate_evidence_receipt check_compliance_calendar check_regulatory_calendar check_regulatory_pressure create_remediation_findings list_remediation_findings update_remediation_finding resolve_remediation_finding ingest_identity_signals ingest_endpoint_signals ingest_ticketing_signals batch_assess_changes assess_vendor_risk check_supply_chain_risk check_vendor_security_rating tune_score_weights update_score_config score_config_update score_config_reset
View Pricing →

Ready to Quantify Your Risk Exposure?

See how ComplianceHarbor's 26-source intelligence network and FAIR-aligned quantification can transform your risk program — in a 30-minute executive briefing.

Request a Demo Explore the Platform →

Free trial available · No credit card required · Enterprise-grade security

Sign In