Vendor Proof Exchange

Turn vendor promises into portable proof packets.

A Fortune 500 third-party risk layer for AI-use disclosure, data-boundary proof, subprocessor evidence, chain of custody, and review receipts.

Request Fortune 500 pilotProcurement readinessVRX-1 Enterprise

Vendor proof requests

Large companies need proof from vendors, not just promises in questionnaires.

AI-use disclosure

Did the vendor use AI in the work? Which systems? What data? What task boundary?

Human-review boundary

Who reviewed AI-assisted output before it reached the buyer, customer, regulator, or public?

Subprocessor evidence

Which subcontractors, processors, or offshore teams touched the matter?

Chain-of-custody packet

What files, logs, screenshots, declarations, and hashes support the claim?

Refusal/correction log

What unsafe, unsupported, or out-of-scope action was refused or corrected?

Verification link

What can the buyer, auditor, insurer, or regulator verify without seeing private content?

Sample Vendor Proof Packet JSON

{
  "protocol": "VRX-1",
  "profile": "enterprise-evidence",
  "receipt_id": "PLENA-VPX-20260514-0001",
  "issuer": {
    "name": "Example Enterprise",
    "organization_id": "ORG-EXAMPLE-001",
    "issuer_role": "Third-Party Risk Office"
  },
  "issuing_product": "PLENA Vendor Proof Exchange",
  "receipt_type": "vendor_proof",
  "created_at": "2026-05-14T17:05:00Z",
  "subject": "Vendor AI use disclosure packet",
  "summary": "Example vendor proof packet recording declared AI use, human review boundary, data-use boundary, and evidence requested for procurement review.",
  "status": "draft",
  "privacy_level": "shareable",
  "sharing_mode": "verification_link",
  "jurisdiction": "example",
  "actor": {
    "actor_type": "vendor",
    "actor_name": "Example Vendor LLC",
    "actor_id": "VENDOR-EXAMPLE-009",
    "system_owner": "Third-Party Risk"
  },
  "authority_basis": {
    "basis_type": "contract",
    "basis_reference": "MSA-DUE-DILIGENCE-EXAMPLE",
    "scope_limit": "Vendor may answer due-diligence questions; PlenaProof does not certify truth of the vendor claim."
  },
  "human_review": {
    "required": true,
    "status": "approved",
    "reviewer_id": "TPRM-REVIEWER-42",
    "reviewed_at": "2026-05-14T17:15:00Z"
  },
  "risk": {
    "risk_level": "medium",
    "risk_domains": [
      "vendor",
      "AI use",
      "data processing"
    ],
    "control_mapping": [
      "Third-party risk management",
      "AI governance policy",
      "Data processing review"
    ]
  },
  "evidence": {
    "evidence_hashes": [],
    "source_systems": [
      "Procurement portal",
      "Vendor questionnaire"
    ],
    "retention_period": "contract term plus 6 years",
    "redaction_level": "public_safe"
  },
  "verification_url": "https://joinplena.com/verify.html?receipt=PLENA-VPX-20260514-0001",
  "related_receipts": [],
  "appeal_or_correction_path": "Vendor correction request and internal procurement review"
}