Use case - GRC and supplier risk

Evidence of supplier certification, exported on demand.

Pull the full certification timeline for any product in your supplier register - documents archived with hashes, CVEs linked from NVD, structured CSV and JSON export for the audit trail. Replaces the stale vendor PDF in the supplier binder with continuously refreshed source data.

Start 30-day free trial Book 20 minutes with a founder

Three jobs NenkinTracker does for GRC teams

Audit-ready evidence on demand

Every Security Target, Certification Report, and Maintenance Report archived with its source URL, fetch timestamp, and content hash. When the auditor asks why you trust the certificate, the evidence file is one click away - not a vendor email chain from six months ago.

CVE-to-certificate linkage for vuln post-mortems

When a vulnerability lands against a certified product, you need the certified scope, the affected versions, and the remediation status in one view. NenkinTracker links NVD CVE entries to the certificates impacted, so the post-mortem starts with the timeline already assembled.

Continuous timeline, not a quarterly rebuild

The certification timeline updates daily as schemes publish. No more spreadsheet re-population at audit time. CSV and JSON export when you need to drop the data into your GRC system or attach to a control evidence record.

What you can export

  • Per-product certification timeline - every certificate ever issued, with scheme, certificate ID, security level, issue date, expiry, and current status.
  • Document version history with hashes - every Security Target, Certification Report, and Maintenance Report archived with source URL, fetch timestamp, and SHA-256 content hash.
  • Linked CVE list - NVD entries attached to the certified product, with CVSS severity, affected versions, and references.
  • Vendor-level rollups - aggregate the certification posture across every product from a given supplier, useful for vendor onboarding scorecards.
  • Structured CSV and JSON - every export is a flat structured file ready to drop into Archer, ServiceNow GRC, OneTrust, AuditBoard, or any GRC platform with a CSV import.

Sized for an analyst or a team.

The User plan at 19.90 EUR/month works for a single analyst tracking up to 10 followed products across one list. The Professional plan at 49.90 EUR/month scales to 10 lists and 50 followed products with full CVE visibility for every tracked product. Larger supplier registers can move up to Enterprise at 249.90 EUR/month for unlimited products and developer-level vendor signals.

The 30-day free trial includes every paid feature and the full export surface, no credit card required.

Start 30-day free trial Compare all plans →

Frequently asked questions

How do I pull certification evidence for a product in our supplier register?
Sign in to NenkinTracker, search for the product by name or vendor, and follow it. The product page gives you the full certification history - every certificate ever issued, every document version archived with its hash, every linked CVE. Export the timeline as CSV or JSON when you need to attach it to a control evidence record. The Professional plan at 49.90 EUR/month covers up to 50 followed products across 10 lists.
What evidence does NenkinTracker preserve for an audit trail?
Each Security Target, Certification Report, and Maintenance Report we ingest is archived with the source URL, the fetch timestamp, the issuing scheme, and a SHA-256 content hash. When a scheme silently republishes a document, the new version is captured alongside the prior one - so you can reconstruct exactly what the certificate said on any given day. The hash chain is the audit-relevant artifact.
Can NenkinTracker email us when a CVE is published against a certified product we depend on?
Yes. Follow the products that matter to your vendor risk register and any CVE published against them in NVD triggers an email and an in-app notification, with severity, affected versions, and remediation status attached. The User plan at 19.90 EUR/month works for a single analyst tracking up to 10 followed products; the Professional plan at 49.90 EUR/month scales to 50 products across 10 lists.
Does NenkinTracker integrate with our GRC platform?
Today the integration surface is the public read-only API and structured CSV / JSON exports - both are available on every paid tier. That covers ingestion into the major GRC platforms (Archer, ServiceNow GRC, OneTrust, AuditBoard) via their import paths. Direct connectors are not yet shipped; talk to us if a particular GRC platform is high-priority for your team.

Replace the supplier binder with evidence on demand.

Start the 30-day free trial and add the products in your supplier register. The first export is one click away.

Start 30-day free trial Book 20 minutes with a founder