Frequently Asked Questions (FAQ)

What solutions does Mirato provide for Third-Party Risk Management (TPRM)?

Whether you use email and spreadsheets or have a fully automated and mature TPRM program, Mirato SaaS solutions help you address the most common and difficult challenges of Third-Party Risk Management by automating the manual work traditional systems don’t address.

Mirato’s TPRM Intelligence Platform is an advanced Artificial Intelligence solution created and trained specifically to complete your TPRM assessments using your controls framework and the information you already collect. Now, your risk experts can start with an audit trail of which controls are supported by evidence and which are not, without reading a single page.

Mirato’s Questionnaire Killer uses the same advanced AI/NLP engine to automatically pre-answer due diligence questionnaires for your third parties and validate the answers with evidence for you. This reduces time, cost, pain, and effort for everyone.

Where does Mirato fit within the TPRM landscape, or other solutions I already have?

Traditional solutions for third-party risk Management include:

GRC, TPRM platforms that guide and streamline workflow processes
Subscription Data services and Threat Intelligence solutions that provide risk data and scores by domains and offer “continuous monitoring.”
Consortiums, exchanges used for one-to-many efficiency of collecting standardized risk elements and providing standardized risk scores at the company level
Service providers that provide due diligence reports as a service, often as overflow or in emergency situations

Mirato focuses on automating the manual work that remains in between and despite these approaches. Mirato seamlessly integrates and interprets the information across these approaches to interpret your risk the way you do. Just faster, more accurately and comprehensively, with infinite and sustainable scalability. Like a turbocharger, Mirato can be added to any existing program to leverage the most of the technology, people and information you’ve already invested in.

How do Mirato solutions benefit my business?

Mirato helps you leverage all of the investments you’ve already made in people, systems, and information sources to reduce the time, cost pain, and errors of the entire life cycle of Third-Party Risk Management. A turbocharger for your current approach, with Mirato, you will have less manual effort and better results and manage more volume with increased accuracy and process integrity without adding resources.

What types of risk do Mirato's solutions address?

All risk domains within Third-Party Risk Management are supported using your risk appetite, controls framework and the information you already collect.

What stages of the TPRM lifecycle does Mirato Support?

We support all stages of the complete lifecycle of Third-Party Risk Management, from planning to offboarding and everything in between.

Who in my organization would use Mirato?

Mirato is used by anyone involved in your organization’s third-party risk management processes, including sourcing, procurement, IT/information security, data privacy, resilience, compliance, audit, etc.

Who are Mirato’s competitors, what makes Mirato different?

Although other solutions are starting to use artificial intelligence to compare limited amounts of very specific policy documents against a pure industry standard, no one is currently interpreting all unstructured and structured information across all risk domains, using each client’s unique risk appetite, controls framework, and assessment approach like Mirato does. Other solutions still require individual assessors to evaluate those generic industry standard results before they understand how the risk applies to their firm. Mirato eliminates this last step and interprets all information across all domains using the logic unique to each organization’s assessment approach.

I don't want to replace my system or add another step in the process.

Mirato is designed to seamlessly integrate with your existing systems, eliminating the need for a disruptive replacement or additional steps in your current processes. It is configured specifically for your program and designed to maximize the value of your existing technology, data, service, and partner investments. Our goal is to enhance and optimize your current workflow without causing unnecessary disruptions.

Can Mirato integrate with my existing software solutions, data providers and partners?

Yes, Mirato is designed with flexibility as a core functionality and can integrate seamlessly with your existing software solutions, information sources and partners, internally and externally. Using API’s Mirato can push or pull virtually any information within your TPRM environment as your business process requires, eliminating the “swivel chair” effect and insuring process integrity. This provides a smooth and cohesive integration into your current business processes and enhances the overall efficiency of your risk management efforts. Our goal is to enhance and optimize your current workflow without causing unnecessary disruptions.

Is Mirato suitable for businesses of all sizes?

Mirato’s TPRM solution is scalable and can be tailored to meet the needs of businesses of all sizes. Whether you are a small business or a large enterprise, Mirato provides a flexible and comprehensive solution to reduce the cost, time, and manual effort within your program while increasing speed, efficiency, quality, accuracy, and scalability.

I don't want artificial intelligence making decisions for me.

Neither does Mirato. Mirato is not generative AI, does not make any decisions of its own, or create any new information during the analysis of your third-party risk management evidence. Just like a human assessor, Mirato examines all available information that you’ve collected on your third parties and correlates evidence to questionnaire answers or controls to confirm which requirements are supported by specific evidence and which are not. These results are presented to your human assessors to either agree, override, accept or reject the findings. Mirato NLP reads every piece of information 3,000,000,00 times, cross-referencing all available information through the lens of your specific requirements to support each control. Mirato then provides your risk experts with an audited, evidenced-based control-centric view as their starting point, allowing them to focus all their time, experience and expertise on more strategic, higher-value risk evaluation and decision-making activities.

How do I know what Mirato's AI has done during assessments? How do I know it's correct?

You confirm Mirato is working according to your unique requirements the same way you verify your human assessors are following your rules, interpreting your risk appetite, and enforcing the controls the way your organization requires. Mirato provides a complete audit trail of all correlations made down to the document, page, paragraph, and sentence, with an onscreen or exportable view. This fully exposes where each piece of evidence is found and which element or control it supports for your review. Mirato is actually more comprehensive, accurate and consistent in providing this complete audit trail for your internal audit and Regulatory review than humans.

How does Mirato train the AI model for my requirements, and how long does it take?

Mirato’s AI / NLP / NLU engines have already been trained on the best practices of TPRM RISK assessment. Configuring Mirato how to enforce your unique interpretation of risk is done the same way you teach a new assessor, by reviewing your controls framework, your questionnaires, the evidence you already collect, and the rules you teach your new assessors to enforce. After configuring your instance, we’ll process assessments to confirm that the results produced are accurate – just like you validate the results of a new human assessor after training and periodically review for quality assurance.

This client-specific configuration typically takes 4 to 12 weeks, depending on the size and scope of the project.

The difference is that once you’ve optimized Mirato, instead of having trained one new assessor, you’ve trained unlimited number of assessors, with unlimited scalability.

How can my business get started with Mirato's solutions?

Simply complete a “contact us” or “request a demo” form on this website or email [email protected]. We’ll be happy to discuss your specific needs and explore how we can support your objectives.

Does Mirato offer free trials?

Yes. Mirato provides multiple Proof of Value options, including free trials for qualified prospects.

We're brand new to TPRM; our program is not mature and not ready for AI.

Whether you are new to TPRM and just building your program or have a mature, sophisticated and automated approach, Mirato provides the same value of removing the manual work by consuming, analyzing, and correlating evidence to your controls while freeing up your limited and overburdened human resources to have more time for strategic decision making.

We’re fully automated with a mature, sophisticated TPRM program; why would I add Mirato?

Instead of replacing your current systems, Mirato complements existing automation and information systems by removing the manual work that still remains, eliminating the process, data, and workflow silos often found in mature programs. Mirato seamlessly integrates and consumes the information across all of your resources to interpret your risk the way you do. Just faster, more accurately and comprehensively, with infinite and sustainable scalability. Like a turbocharger, Mirato can be added to any existing program to leverage the most of the technology, people and information you’ve already invested in.

How does Mirato access the information used in the risk assessment process?

The Mirato platform uses the questionnaires, documents, evidence, and other TPRM information you already collect, accessing where they are currently gathered or stored within your ecosystem. This can include multiple locations such as risk platforms, shared drives, contract repositories, procurement, GRC, financial solutions, external subscription feeds and threat intelligence providers. The Mirato Questionnaire Killer collects evidence and completes DDQ directly with your third parties ( branded as your organization’s technology). An integrated approach eliminates the need for additional steps or swivel chair operations to use Mirato and typically reduces existing workflow steps and process integrity gaps while optimizing the speed and quality of risk assessment.

Why would I replace my TPRM systems with Mirato?

Mirato doesn’t replace your existing systems; it enhances them by automating manual work. The platform improves efficiency, reduces costs, and provides additional insights. Mirato’s unique approach to TPRM sets it apart, offering a valuable addition to your existing technology stack.

Where's my data, who do you share it with, who has access to it, how is it safeguarded?

Mirato is ISO 27001 certified, client data is treated with the utmost confidentiality, and Mirato follows strict data protection practices, limiting access to authorized personnel only. Each Mirato client has an individual dedicated instance of the application, operating in an individual dedicated private cloud instance. There is zero sharing of the application and zero sharing of data between clients. All information is encrypted in transit and at rest, and each client can have their data located where they prefer. Mirato is designed, implemented, and operated with the most stringent requirements of information security, data privacy and regulatory mandates of large Global Financial Services firms.

How do you license Mirato? Is this a subscription service or a managed service?

Mirato is offered as a Software as a Service (SaaS) technology with flexible licensing options to match the scope and scale of your requirements, including an enterprise model for large scale usage across all functionality, third parties and business processes, as well as “by the drink” for more specific and focused use cases and business processes.

Mirato SaaS technology can also be provided as a managed service through our partner channel.

How does Mirato adapt when my program changes or regulatory requirements change?

Mirato is adaptable to changes in your program or regulatory requirements. Our platform allows for easy customization, ensuring it evolves with your evolving needs. Regular updates and communication with our team help align Mirato with any changes in your risk management approach.

What's the error rate of Mirato AI? What about false positives and false negatives?

While no system or human is perfect, Mirato strives for minimal error rates. Our models are continually refined, with rigorous ongoing testing and validation consistently demonstrating significantly higher accuracy rates than humans, including lower false positives and lower false negatives. Mirato also provides additional information that humans just don’t have the time or capacity to uncover, exposing hidden 4th parties, CVEs, vulnerabilities, data centers, service centers, concentration risk, cascading risk, etc. Regular updates and user feedback contribute to ongoing improvements to enhance accuracy.