For Financial Services Vendors and Clients

The Zero-Cost Vendor Risk Management Standard

Free for Vendors

Answer a questionnaire, upload your evidence documents, and share them with your clients and prospects.

Centralized VRM

Reduce time and resources on questionnaires and meet cyber regulatory requirements.

Free for Clients

Simply select your vendors, request access to their Cyber Package, and assess vendor risk

Open VRM Advisory Board

Volunteering for a better VRM World

Joel Bruckenstein


John Cooney

Cybersecurity Counsel

Brian Edelman


Vincent Guyaux


Ken Leibow


Paul Osterberg


Stephen Simons


Greg Wilson


Vendors & Clients

How to Participate



Chad Ramberg


“Finally a Vendor Risk Management standard that benefits both our clients and us.”

Katrina Wilson

VP, Compliance Officer

“We’ve been able to gather more relevant information for vendors from Buckler Open VRM than others!”

How Open VRM Works

Simple Steps to Ease Vendor Risk Management

Patrick Parker

Chief Product Officer

“After manually filling out 6 different cybersecurity questionnaires this week for prospects’ vendor due diligence, more RIAs should use Buckler…

So much faster and no duplication.

the trickle-down effect

The need for a standard in vendor risk management

As cybersecurity regulatory requirements and security risks increased, vendors are now highlighted as a critical third-party extension for private data management.
When regulations tightened for Financial Services firms, they also tightened for vendors as they must adhere to the same compliance standards as their clients.






J. Gaston Siri


“OpenVRM is pushing us towards better compliance, thank you.”

The Challenge

Vendors and Clients find themselves in a never-ending spending spiral. Clients struggle to send requests to vendors that struggle to manage them. The result is incomplete, or outdated, due diligence resulting in non-compliance.

Vendors & Clients

The Never-Ending Spending

Annual Re-Certification Costs

All Vendors, and some Clients, pay for certifications like SOC 3, SOC 2 Type 1, SOC 2 Type 2, SIG Lite, SIG Core, etc.

Annual Security Assessment Costs

Vendors and Clients pay for penetration testing and vulnerability scans of networks, applications, cloud, etc.

Annual Due Diligence Costs

Clients contact Vendors who sometimes must answer each Client individually. This unnecessary effort results in incomplete or outdated VRM.

Multiple VRM System Costs

Clients pay for a VRM system while Vendors often pay for multiple, depending on their Clients' requests.

Joe Lucking

Director of Operations

“Open VRM saves us answering 150 different Vendor Due Diligence Questionnaires per year.”

Vendors spend over 15,000 hours per year answering security assessments and companies spend $2.1 million annually, on average, vetting these answers.

The Solution

A unique and free platform to allow Vendors and their Clients to better communicate and manage the due diligence process of vendor risk management.

The Power of Open VRM

Compliance-Driven Way to Identify & Manage Supplier Risks

Home Offices, Agencies, Branches & Advisors

Easily manage vendor cyber risk

Invite Third-Party Vendors to a secure platform where you can easily manage them all, gain vendor visibility and oversight and reduce third-party risk.

Vendors, Suppliers, Third-Parties & Contractors​

Save time on client requests

Collaborate, manage and share your vendor cyber package with multiple clients in one location so they can access it upon your approval.



Luis Quiroz

Co-Founder & CTO

“We save resources by leveraging Open VRM to share our Due Diligence documents with Clients.”


Open VRM

Powered by Buckler

Open VRM (Vendor Risk Management) offers the Financial Services industry a new standard for vendor due diligence management. Unlike traditional VRM software, Open VRM provides vendors with a free, open environment to populate, manage and share a pre-vetted security questionnaire and compliance evidence documents in one private location. Clients of vendors access the Vendor Directory with confidence to request access to Vendor due diligence information. Created by Buckler with oversight from an Advisory Board that includes cybersecurity compliance experts, Open VRM drives faster collaboration between vendors and clients in an ever-growing cyber regulatory world.

An Innovative Fremium Model

Open VRM is Freemium offering from Buckler, a unique Cyber Program Management System for the Financial Services Industry.

Compliance Service Add-Ons


Open VRM partners with strong, industry-knowledgable vCISOs to support their vendor management inititatives.

Eliminate Never-Ending Spending & Optimize Vendor Risk Management Process