Vendor Directory
Vendor due diligence, open by default
A public database of SaaS vendor compliance profiles. Subprocessor chains, DPA links, GDPR status, and EU data residency — the due diligence mandated by NIS2, DORA, and EAA.
Why this matters
Vendor risk management is no longer optional
EU regulations now require organizations to assess their third-party providers. Sudory's vendor directory makes that assessment accessible to everyone.
NIS2 — Article 21(2)(d)
Supply chain security — assess vulnerabilities of direct suppliers and service providers.
DORA — Article 28
ICT third-party risk management — maintain a register of all contractual arrangements with ICT third-party providers.
EAA — Article 14
Obligations of distributors — verify that third-party components meet accessibility requirements.
ISO 27001 — A.5.19–5.23
Supplier relationships — identify and manage risks from suppliers and their supply chains.
What's inside
Every vendor profile, open by default
1,500+ vendor profiles and growing daily. Each profile contains the compliance data your auditors ask for — structured, searchable, and always up to date.
Subprocessor chains
See every vendor's subprocessors — who they share data with, where it's processed, and what safeguards are in place.
DPA links
Direct links to each vendor's Data Processing Agreement. No more searching through footer links and legal pages.
EU data residency
Filter vendors by data processing regions. Know exactly which vendors keep data within the EU — and which don't.
GDPR status
SOC 2 certification, EU-US Data Privacy Framework participation, and trust center availability at a glance.
Are you a vendor? Claim your profile.
Sudory dogfoods itself as a vendor. Claim your page, add your DPA, list your subprocessors, and show customers you take compliance seriously.