STAR Registry Listing for
Aranis
Aranis
Aranis is a SaaS platform for Third-Party Risk Management (TPRM) and Cyber Risk that centralizes third-party risk management for organizations across Latin America and the United States.
The platform unifies multiple compliance and security frameworks — including NIST CSF, LGPD, GDPR, ISO 22301, SOC 2, and NIST AI RMF — into a single control catalog, enabling organizations to assess vendors, monitor their external attack surface, and generate consolidated maturity and risk reports.
Unlike generic GRC tools, Aranis builds a causal chain between technical control and business impact, translating security findings into executive-level language. The product includes automated evidence collection, contradiction detection between questionnaire responses and observable technical data (DNS, TLS, DMARC), and maturity scoring by domain (Cyber, Privacy, Continuity, AI).
Built on cloud-native infrastructure, Aranis applies security controls aligned with SOC 2 and LGPD/GDPR by design, with formalized policies, continuous vulnerability management (SAST/SCA), and environment segregation.

Listed Since: 07/07/2026
STAR Level 1
Self-Assessment & Partner-Provided

CAIQ Self-assessment v4.0.3
Offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services. It provides a set of Yes/No/NA questions and space to justify the response a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).
Created or renewed 3 days ago, on July 06, 2026.