Stop managing paperwork. Start managing risk.
Rosella turns vendor artifacts into defensible, audit‑ready findings—complete with page‑level citations, contradiction detection, confidence scores, and a version/approval trail.
⬇️ Download a redacted sample audit pack
Usage note: This redacted pack is for demonstration only. It contains synthetic or anonymized artifacts and is not legal advice. Do not treat it as vendor approval or certification.
Preview of the ZIP manifest (abbreviated):
rosella-tprm-sample-pack-redacted/
├── 00_Cover-Sheet.pdf
├── 01_Findings-Summary.pdf
├── 02_Control-Evidence/
│ ├── AC-01_Access-Control.pdf
│ ├── EN-02_Encryption-At-Rest.pdf
│ └── IR-03_Incident-Response.pdf
├── 03_Exceptions-Log.csv
├── 04_Decision-Rationale.pdf
├── 05_Citations-Index.csv
├── 06_Chain-of-Custody.json
└── 07_Redacted-Source-Set/
├── SOC2_Report_Redacted.pdf
├── Policy_InformationSecurity_Redacted.pdf
└── MSA_Security-Addendum_Redacted.pdf
Need a different evidence format? Contact us to request a custom sample. What you’ll see in the sample:
-
Citation view with highlighted snippets and one‑click page jumps
-
Per‑fact and per‑document confidence scores
-
Version history with approvals and full chain‑of‑custody
-
Redacted source set and the export cover sheet
Rosella evidence parsing for third‑party risk (TPRM)
Turn vendor evidence into defensible findings. Rosella automatically ingests third‑party documents, extracts control‑relevant statements, adds page‑level citations, flags contradictions, and packages everything into an audit‑ready export so you can move from review to decision—fast.
How it works
-
Ingest evidence from questionnaires, reports, and contracts
-
Parse and normalize content into control‑aligned facts with inline confidence indicators
-
Generate page‑level citations back to the original source and page
-
Detect contradictions across documents, versions, and responses
-
Export a complete audit pack with citations, chain‑of‑custody, and redacted source set
Supported evidence types
Rosella’s parser is designed for the evidence you see most in TPRM. For an up‑to‑date list or custom formats, contact us.
| Category | Typical examples |
|---|---|
| Policy & assurance docs | Vendor policies, SOC 2 reports, ISO certificates, audit letters |
| Contracts & SOWs | MSAs, DPAs, SLAs, security addenda, SOWs |
| Questionnaires | Security questionnaires, SIG/CAIQ‑style responses, custom spreadsheets |
| Logs & registers | Asset lists, exception registers, vendor inventories, risk registers |
| Structured data | CSV extracts from GRC tools, control matrices, mappings |
| Visuals | Network diagrams, architecture images, screenshots |
Note: Spreadsheet synergy means you can keep using your existing Excel‑based matrices—Rosella preserves your layout while adding automation and audit trails.
Page‑level citations you can trust
-
Every extracted fact is anchored to a page‑level citation and snippet for quick spot‑checks
-
One‑click jump from a control to the exact page and highlighted passage
-
Citations persist across document versions with a diff view to see what changed
Short on time? Watch a 20‑second clip of citations being added: /media/rosella-citations.mp4
Contradiction detection across sources
Rosella compares vendor questionnaires, policies, contracts, and prior submissions to surface inconsistencies, such as:
-
Questionnaire claims encryption at rest, while the contract omits it
-
Policy states annual pen‑tests; SOC report identifies a gap
-
New submission downgrades control coverage vs. last year Review contradictions inline, accept or override with rationale, and keep a full decision trail.
Confidence indicators (per fact and per document)
-
Fact‑level: High / Medium / Low confidence based on source quality, clarity, and corroboration
-
Document‑level: Overall confidence score with drivers (e.g., age, redactions, missing annexes)
-
Guidance: Suggested next steps (request missing evidence, ask vendor to clarify, or proceed)
Audit‑pack export (one click)
Create a defensible package for internal review or external audit without re‑assembling artifacts.
-
Contents: Findings summary, control‑by‑control evidence with page citations, exception log, and decision rationale
-
Source bundle: Redacted originals organized by control and vendor
-
Chain‑of‑custody: Timestamps and user actions for each step
-
Formats: Review‑friendly PDF plus machine‑readable bundle for downstream tools
See detailed instructions in the Export Guide.
Get a redacted sample
See exactly what reviewers receive.
Related Rosella resources
-
Learn what powers the parser in the Rosella AI Agent overview
-
See how Rosella accelerates research and change capture in Rosella for compliance teams
Quick start workflow
1) Upload vendor evidence or drag‑drop a folder 2) Select the control framework or your custom matrix 3) Review extracted facts with citations and contradictions 4) Assign remediation or request clarifications 5) Export the audit pack and archive the source bundle
FAQ
-
What file types can I upload? Rosella is designed for common TPRM evidence across documents, spreadsheets, structured data, and visuals. If your format isn’t listed above, contact us for options.
-
How are contradictions determined? The parser compares semantically similar claims across sources and versions, then flags mismatches for human review with page‑level citations.
-
What do confidence indicators mean? They reflect corroboration across sources, clarity of language, document freshness, and extraction quality. Use them to guide follow‑ups.
-
How does the export stay audit‑ready? Each finding includes its citation, decision rationale, and timestamp. The export keeps a chain‑of‑custody and a redacted source set.
-
Can I keep my existing Excel tracker? Yes. Rosella enhances spreadsheet workflows with automation and audit trails, so teams keep their familiar templates.