Your Security Program. Documented, Evidenced, and Ready to Prove.
Respond to questionnaires in days. Manage vendor risk properly. Govern your policies with evidence. Know your gaps before an auditor finds them. Publish a Trust Center that answers prospects before they ask. One application, five problems solved — and your data never leaves your machine.
Five problems. One application. Your machine.
Most 20–200 person companies manage their security posture across a patchwork of spreadsheets, shared drives, and memory. Questionnaire responses get rewritten from scratch every time. Vendor assessments are one-off emails. Policies live in a folder nobody opens. Gap assessments happen when an auditor forces them. And when someone asks "can you prove your security program?" — the answer takes two weeks to assemble.
Ridgeguard puts all five in one place: questionnaire response, vendor risk management, policy governance, gap assessment, and a public Trust Center. It runs on your machine. Your data stays in an encrypted local database. Nothing is sent to any cloud service. For $299/year, you get the security program management that used to require a $30,000 platform or a team of three.
The business case
Win deals faster
Security questionnaires are the last gate before a contract closes. Companies that respond in days — not weeks — win more business. Ridgeguard turns a two-week scramble into a same-day export. When a prospect sends 200 questions, 60–80% are already answered. AI fills the rest using your company profile. The deal doesn't stall.
Stop pulling engineers off projects
Every questionnaire that lands on a senior engineer's desk is a week of billable work that doesn't happen. Ridgeguard means the person answering questionnaires doesn't need to be your most experienced security person — the answers are already written at three maturity tiers with evidence notes and red-flag warnings.
Prove your posture before anyone asks
A Trust Center on your website answers the first 30 questions a prospect would ask — before they send a questionnaire. Companies with public Trust Centers receive shorter, less invasive assessments. Some prospects skip the questionnaire entirely. That's the highest-leverage security investment a small company can make.
Know your gaps before someone else finds them
The Gap Assessment tells you where your program is strong, where it's weak, and what to fix first. AI generates a prioritized remediation plan — quick wins you can close this week, projects for this quarter, strategic initiatives for the year. You walk into audits and customer reviews knowing exactly where you stand.
Manage vendors without a spreadsheet
Your customers and auditors want to know how you manage third-party risk. A spreadsheet of vendor names doesn't cut it. Ridgeguard gives you a proper register with risk tiers, assessment history, certification tracking, contract dates, risk events, and AI-generated risk summaries. When an auditor asks "how do you assess your vendors?", you show them the register.
Keep your data off someone else's server
Ridgeguard is a desktop application. Your security posture data — every questionnaire response, gap analysis result, vendor assessment, policy document — stays on your machine in an AES-256-GCM encrypted database. No cloud account. No data leaving your network. No third party with access to your answers. The irony of uploading your security posture to a SaaS platform you haven't assessed shouldn't need explaining.
How it works
Send questionnaires back in days, not weeks
Stop rewriting the same answers. Import, match, generate, export.
Response Library
790 pre-written answers across 25 security categories, each with 3 maturity tiers (Mature, Developing, Early-stage). Search, filter, copy, and refine with AI.
The 80% that repeats is already answered — your team stops rewriting from scratchImport Questionnaire
Five-step wizard: upload XLSX or DOCX, map columns, review fuzzy matches (TF-IDF with synonym expansion for MFA, SSO, SIEM, WAF, EDR), AI auto-complete unmatched questions using your company profile, then export in the original format. Pause, resume, or cancel AI generation at any time. Multiple import sessions can run simultaneously.
A 200-question questionnaire goes from inbox to sent in one sittingCreate Questionnaire
Build branded questionnaire documents from your library. Select questions, configure branding, export as professional XLSX or DOCX. Use your own template or the Ridgeline format.
Send your own assessments to vendors and partners — with your brand, not a generic templateWalk into audits with evidence, not excuses
Vendor register, policy lifecycle, gap analysis — the program an auditor expects to see.
Vendor Risk Register
Full vendor lifecycle management — four risk tiers (Critical/High/Medium/Low), contract tracking, certification monitoring, and risk event logging (incidents, compliance issues, service disruptions). 22 assessment templates covering 505 questions. Send assessments, score responses, and generate board-ready AI risk summaries with strengths, risks, and recommended actions.
When an auditor asks "how do you assess your vendors?" — you show them thisPolicy Register
Full policy lifecycle: Draft → In Review → Approved → Expired → Retired. 15 built-in templates from Information Security Policy to Vulnerability Management. Link evidence from gap assessments, vendor assessments, audits, and training records. Track staff acknowledgements. Approved policies auto-appear in your Trust Center.
Your policies have version history, evidence, and acknowledgement records — not a last-modified date from 2023Gap Assessment
Standard (40 questions) or Comprehensive (80 questions). Yes/Partial/No scoring with readiness percentage, category breakdown, and colour-coded risk bands (80%+ Low Risk, 60–79% Medium, 40–59% High, below 40% Critical). AI generates prioritized remediation plans sorted by priority and effort — quick wins first, strategic projects last. Export to CSV or XLSX.
Know exactly where you're exposed — and what to fix first — before someone else finds outAssessment Templates
22 assessment templates covering vendor security, internal controls, cloud readiness, AI governance, and more. Score responses (1–3), add notes, export results as XLSX.
Consistent, repeatable assessments you can show an auditor — not ad-hoc emailsProve your posture before anyone asks
Answer the first 30 questions a prospect would ask — before they send a questionnaire.
Trust Center Builder
6-step wizard with 6 industry presets (SaaS, Financial Services, Healthcare, Government, Professional Services, General). Select frameworks, domains, policies, and common questions. Export standalone HTML. No external dependencies.
Prospects self-serve — some skip the questionnaire entirelyAI Integration
10 AI providers supported (OpenAI, Anthropic, Google, Azure, Mistral, Groq, Perplexity, DeepSeek, Ollama, Custom). BYOK — your key, stored in your OS keychain, calls go direct. Three AI features: auto-complete questionnaires, generate remediation plans, and produce vendor risk summaries.
AI that knows your company writes answers that sound like you wrote themCompany Profile
Company identity, compliance certifications, security contacts, and technology stack. Feeds into questionnaire responses, Trust Center, and all exports automatically.
Enter your details once — every export, every AI answer, every report uses themCompliance Profiles
Framework-specific views showing your control coverage, implementation status, and evidence mapping across 12 frameworks including ISO 27001, SOC 2, NIST, CMMC, DORA, and NIS2.
When a prospect asks "which framework do you follow?" — you answer with coverage data, not claimsSee it in action
Your data stays yours. Period.
Ridgeguard stores your company's security posture — every questionnaire answer, every vendor assessment, every policy, every gap analysis result. That data is sensitive. It describes exactly where your program is strong and where it's exposed.
That's why Ridgeguard is a desktop application, not a SaaS platform. Your data lives in an encrypted database on your machine. It never touches a Ridgeline server. It never leaves your network. There's no cloud account to breach, no third-party data processor to assess, and no vendor who can see your answers.
If you use the optional AI features, calls go directly from your machine to your chosen provider using your own API key. Ridgeline is never in the middle.
No telemetry. No analytics. No phone-home. You install it, you own it, and the only person who can access your data is you.
790 answers · 25 categories · 12 frameworks · 22 templates · 15 policy templates
Everything a 20–200 person company needs to handle security questionnaires, manage vendor risk, and govern security policies — without a $30,000/year SaaS platform.
25 security categories
Every answer is written by a security practitioner. Three maturity tiers per question let you match the response to where your program actually is — not where you wish it was.
What this looks like in practice
Monday: A prospect sends a 200-question security questionnaire. Friday: You send it back.
Import the spreadsheet. The TF-IDF matching engine auto-fills 60–80% from your library with synonym expansion for MFA, SSO, SIEM, WAF, and EDR. AI generates tailored answers for the rest using your company profile. Review, adjust, export in the original format. Your competitor is still scheduling a meeting to discuss who should answer it.
Your board asks "how secure are we?" and you answer with specifics, not promises.
Run the Gap Assessment. Show the board a colour-coded breakdown by category: green where you're strong, red where you're exposed, and a prioritized plan for closing the gaps. Build a Trust Center in 30 minutes with an industry preset. Publish it. When the next prospect asks about your security posture, send them a link instead of a spreadsheet.
An auditor asks how you manage third-party risk. You open the Vendor Register.
Every vendor has a risk tier, assessment history, certification dates, and contract renewal tracking. When a vendor's review is overdue, the dashboard flags it. When a vendor has an incident, you log it. When the auditor asks for evidence, you export the register — not a spreadsheet you built the night before.
You're pursuing SOC 2 and need to know what's missing before you engage an auditor.
The Comprehensive Gap Assessment covers 80 questions across 11 categories. AI generates a remediation plan with priority levels and effort estimates. You close the quick wins before the auditor arrives. The Policy Register tracks your 15 security policies through their lifecycle with evidence linking. When the auditor asks for your Information Security Policy, you show them a versioned, approved document with acknowledgement records — not a PDF from 2023.
What it costs to not have this
Every questionnaire your team spends two weeks on is two weeks of billable work that didn't happen. Every deal that stalls because you couldn't respond fast enough is revenue that went to the competitor who could. Every audit where you scramble to produce evidence is a finding waiting to happen.
Respond to your next questionnaire this week
30-day free trial
Download, install, and import your first questionnaire today. Full Professional features for 30 days. No credit card. No account required.
In 30 days you'll have:
Questionnaires answered, vendors assessed, gaps identified, policies tracked, Trust Center published, and a remediation plan your board can act on
After the trial:
Core features continue free. Activate a licence key to keep AI, Trust Center, unlimited vendors, XLSX export, and multi-user
Who this is for
✓ Right fit
20–200 person companies that receive security questionnaires from customers and prospects. Companies that need to demonstrate security posture without a full GRC platform. Teams that want their security data to stay on their machine, not in someone else's cloud.
✗ Not the right fit
Large enterprises with dedicated compliance teams and existing GRC platforms. Companies that need real-time collaboration across distributed security teams. Anyone who needs automated evidence collection from cloud infrastructure — that's what Drata and Vanta do.
---
System requirements
Operating System
Windows 10 or Windows 11, 64-bit
Disk Space
150 MB installed
Memory
4 GB minimum, 8 GB recommended
Internet
Optional — required only for AI features
---
Common questions
Where is my data stored?
On your machine. Ridgeguard is a desktop application with an AES-256-GCM encrypted local database. Nothing is sent to Ridgeline or any external service. If you configure AI integration, API calls go directly from your machine to your chosen provider — Ridgeline is never in the middle.
What operating systems are supported?
Windows 10/11. macOS support is planned. The installer is under 7 MB.
Can multiple people use it?
Yes. Professional tier supports multiple user accounts with admin and viewer roles. Active Directory and Microsoft Entra ID authentication are supported for organizations that use them.
How does the AI integration work?
Bring Your Own Key. You provide an API key from any of 10 supported providers. Your key is stored in your OS keychain. AI calls go directly from your machine to the provider. AI powers three features: questionnaire auto-complete, gap remediation plans, and vendor risk summaries. AI is optional — every feature works without it.
What questionnaire formats can I import?
XLSX and CSV. The import engine automatically detects column headers and maps them. It handles most questionnaire formats including SIG, CAIQ, HECVAT, and custom spreadsheets. The export preserves the original file format and structure.
How does the free trial work?
Download and install. Full Professional features activate automatically for 30 days — no credit card, no sign-up. When the trial ends, the app continues working with the core feature set: Response Library browsing, basic import matching, standard gap assessment, 5 vendors, and 5 policies. Purchase a licence key any time to unlock Professional permanently.
I already bought Ridgeline documentation toolkits. Do I need this too?
Different tools for different problems. Ridgeline toolkits give you the security documents themselves — policies, procedures, plans. Ridgeguard helps you respond to questionnaires about those documents, manage your vendor relationships, govern your policies, and present your posture. They work well together — your toolkit documents become the evidence behind your questionnaire answers.
What frameworks are covered?
ISO 27001, SOC 2, NIST CSF, SIG, CAIQ, CMMC, DORA, GDPR, NIS2, PCI-DSS, CCPA, and HIPAA. Each of the 790 answers is tagged with applicable frameworks so you can filter by compliance requirement.