Mitigate Risks Ensure Compliance & Optimise Supply Chains

SupplyDIO is an Australian platform for issuing supplier risk assessments, scoring the responses against a configurable rubric, and retaining the supporting evidence in one auditable record. Procurement and compliance teams use it instead of the spreadsheet-and-email cycle that breaks down once you're managing more than a handful of vendors.

Procurement leads, compliance officers, and risk managers — typically in organisations that need to assess vendors against an internal policy or an external standard such as ISO 27001, ASIO PSPF, or NIST. The platform is built around the assumption that the assessment is auditable and replayable, not a one-off email exchange.

Yes — templates are fully configurable. You can author your own questions, branch logic, weighting, and scoring rubric, or start from a template aligned to a recognised standard and adapt it to your internal policy. Templates are versioned, so a change to the rubric doesn't silently overwrite scoring on assessments already in flight.

Each question in a template carries a weight and a rubric. As responses are submitted, SupplyDIO calculates the score automatically against the configured rubric. Scoring is replayable — if you change a weight or rubric, the platform recalculates affected assessments rather than leaving stale numbers in reports. A reviewer can override an autoscore, with the reasoning recorded in the audit trail.

Assessments and individual questions can be assigned to specific users in your team or delegated within the supplier's organisation. Each assignment tracks who responded and when, and outstanding items remain visible from the assessment dashboard until they are completed.

Suppliers are invited from inside your SupplyDIO account and create their own account from the invitation link to receive and respond to assessments. The invitation flow is designed for onboarding an existing supplier base efficiently, so bringing your vendors onto the platform is a rollout step rather than a separate sales process for each one.

Instead of rejecting an entire response, you can flag specific questions with reviewer notes and reissue just those questions to the supplier. The original answer stays on the record alongside the revised one, so the assessment shows what changed and why — useful for audit, and less disruptive for the supplier than restarting the whole questionnaire.

Supporting documents (security policies, certifications, insurance certificates) are uploaded against specific questions and retained as part of the assessment record. Files are stored encrypted at rest in Australian AWS S3, scoped to the issuing organisation — no other tenant can see them.

SupplyDIO Pty Ltd is ISO 27001 certified and aligned with the Australian Government's Essential Eight (E8) and Information Security Manual (ISM). Data is hosted on AWS and Microsoft 365 in Australian regions, encrypted in transit and at rest, with per-tenant access scoping enforced at the application and database layers. All authentication and authorisation events are written to a dedicated security event log.

On AWS and Microsoft 365 inside Australian regions. Our Microsoft 365 tenancy is Australian, and AWS instances used to store assessment records and uploaded evidence are located in Australia. This keeps personal information and supplier records inside Australian jurisdiction for organisations with data sovereignty requirements.

Yes. SupplyDIO supports TOTP-based MFA through any standard authenticator app, and single sign-on via Microsoft Entra ID. Organisations can enforce MFA across their tenant so no user can sign in without a second factor.

Users are invited by an administrator inside your organisation — there is no self-serve registration. Even with Entra ID SSO enabled, a sign-in from an un-invited email fails. This prevents drive-by account creation by anyone who happens to share a Microsoft tenant.

You can request a full export of your assessment records and uploaded evidence at any time. After termination, data is retained in accordance with our Privacy Policy and applicable Australian retention laws before being deleted. SupplyDIO does not transfer customer data to third parties except as required by law or to deliver the Service (see EULA §4).