Transparent by Design

The Methodology

Every signal, score, and review on Arodus follows rules we publish openly. Risk and reviews are one system here, each built to make the other earlier. This page documents exactly how the system works and will grow as new modules launch.

Peer Intelligence

Inside Verified Reviews

How Vendor Ratings

Are Calculated

The ratings on Arodus come from buyers with verifiable invoice history. ERP-verified spend is a more reliable signal than public reviews or self-reported surveys, and here is exactly how a vendor's rating is composed.

How the Arodus Score Is Built

One score from 0 to 100, showing where a vendor stands today. It combines three verified inputs, none of them self-reported.

Arodus Score = Risk + Verified Reviews + Spend Trajectory

01

Risk Sets the Score

Every vendor starts at 100 and loses points only when a verified event lands, each one linked to its source. The score leans on the worst dimension, so one serious problem is never averaged away by clean ones.

02

Verified Buyers Adjust It

The spend-weighted rating from buyers who actually pay the vendor moves the score, within published limits. Poor reviews carry more weight than glowing ones, since unhappy paying customers are the more reliable warning.

03

Spending Trajectory Confirms It

When buyers across the network quietly cut spend on a vendor, it often shows up before any news does. A sustained decline pulls the score down. Steady growth lifts it slightly.

Risk signals outweigh opinion. A vendor already in the Severe or Critical range cannot be lifted by good reviews or rising spend. Only the warning signals still apply.

01

Only Paying Buyers Count

Every rating traces to a buyer who actually paid that vendor. Receipts are the price of entry, which keeps out competitors, planted reviews, and anyone who never worked with them.

02

Ratings Reflect Active Relationships

When a buyer stops paying a vendor, their ratings stop counting toward that vendor's score. What you see reflects the buyers paying them today.

03

You Know Who Is Talking

Ratings are anonymous, but every contribution still shows the reviewer's organizational role and their verified annual spend tier, so you can judge whether the experience is relevant to your own relationship with that vendor.

04

Spend-Weighted

The final vendor rating is not a simple average. Each review is multiplied by the reviewer's verified 12-month spend with that vendor, then divided by total active spend across all reviewers. A $600k/year relationship shapes the score more than a $6k pilot, because proportional dependency is the real measure of trust.

Aggregate Rating = Σ(Score × Verified Spend) / Σ(Verified Spend)

Calculated across all active, ERP-verified reviewers.

The Six Risk Dimensions

Every vendor is scored across six dimensions using verified evidence: official records, first-party statements, and network signals. Each dimension has defined event types, data sources, and per-plan refresh cadences.

01

Operational Risk

Service outages, downtime, and degradation events, surfaced from vendor status pages and first-party disclosures, often before your team notices the impact downstream.

02

Cybersecurity Risk

Data breaches, ransomware events, and critical CVE exploits, tracked across government alerts, breach filings, and official disclosures, often before they reach the press cycle.

03

Financial Risk

Bankruptcy filings, credit rating downgrades, missed earnings targets, and acute liquidity signals, surfaced from public filings and official records.

04

Compliance and Regulatory Risk

OFAC sanctions, significant GDPR fines, active litigation, and government-mandated bans, monitored across official registries, court records, and watchlists.

05

Reputational Risk

Executive misconduct, fraud claims, and public-trust events, scored only when an official record or first-party statement confirms them. Press coverage appears in your feed, labeled, and never moves a score.

06

Strategic Risk

Major M&A activity, geopolitical exposure, and key executive departures, scored from official filings and first-party announcements.

Signal Integrity

How we verify every signal

Every signal is graded by how solid the evidence behind it is. Reported events reach your feed the day they break, so you hear about them early. Scores only move once there's a verifiable record.

01Moves scores

Official record

Court dockets, breach filings with a state attorney general, WARN layoff notices, SEC filings, and government sanctions or exclusion lists.

02Moves scores

First-party statement

A vendor's own status page, press release, or regulatory disclosure. A company admitting its own incident is evidence, not a rumor.

03Display only

Reported

Press coverage, crowd-sourced trackers, and unverified claims. These show up in your feed the day they break, labeled unverified, and never move a score.

Every scored event links back to its primary source, the docket, the filing, the disclosure, with the article that reported it credited underneath. The full score breakdown is visible in the product beneath every score, so you can always see which events produced the number.

Data Transparency

What We Read From Your ERP

What We Read

From Your ERP

Arodus connects via OAuth and requests read-only permissions. We read your vendor records and the bills and payments behind them, the accounts-payable side of your ledger and nothing else. You can revoke access at any time from within your ERP.

01

Vendor data

Vendor Records

Vendor name, legal name, address, contact details, vendor type, and account number. Used to build your canonical vendor list and deduplicate ERP entries, so AWS East and Amazon Web Services resolve to one vendor profile with a unified risk score.

Used for

Vendor identity, canonical mapping, deduplication, risk profile creation

02

Payment data

Bill and Payment Records

Vendor, invoice date, payment date, and payment amount in the bill's currency. We ingest at the bill level only and do not read line-item or SKU detail today. Used to verify active vendor relationships, calculate rolling 12-month spend per vendor, and determine peer review eligibility.

Used for

Spend verification, review eligibility, 12-month rolling spend, spend-weighted review aggregation

We do not read income statements, balance sheets, chart of accounts, payroll data, employee records, bank account details, or any financial data beyond bill-level payment records. Read-only access means Arodus can never write to, modify, or delete anything in your ERP.

Vendor Health Status Taxonomy

Every vendor on Arodus carries a current health status, updated automatically as verified signals arrive. Status levels define both the severity of risk and the operational response required.

Healthy100–90
Operational TriggerRoutine monitoring. No action required.
Risk TriggersNo active verified signals across Operational, Cybersecurity, Financial, Compliance, Reputational, or Strategic dimensions. No financial-distress filings, clean compliance record, no pending litigation.
Warning89–75
Operational TriggerIncrease monitoring frequency, flag for quarterly review.
Risk TriggersEarly verified signals: a negative credit-outlook revision; minor compliance inquiry opened on the record (unfined); vendor-disclosed service degradation; executive departure confirmed by the company.
Degraded74–50
Operational TriggerNotify procurement team. Begin contingency planning.
Risk TriggersConfirmed moderate event: minor regulatory fine; regional data incident disclosed but contained; minor lawsuit filed; credit rating placed on negative watch.
Severe49–25
Operational TriggerEscalate to CPO/CFO. Initiate vendor replacement search.
Risk TriggersHigh-impact confirmed event: ransomware attack confirmed by the vendor or a regulator; major lawsuit with material damages; significant credit downgrade; OFAC preliminary inquiry opened; confirmed executive misconduct; large regulatory fine.
Critical24–0
Operational TriggerImmediate executive escalation: freeze new spend, activate continuity plan.
Risk TriggersExistential event: bankruptcy filing; OFAC sanctions imposed; confirmed mass data breach with PII exposure; criminal charges against executives; government-mandated ban; hostile acquisition by sanctioned entity.
InactiveN/A
Operational TriggerContract terminated or offboarded; archived, not scored.
Risk TriggersContract terminated, offboarded, or $0 L12M spend. Removed from active scoring. Historical data retained for audit purposes.

See your vendors scored this way

We're onboarding our first companies by hand right now. Take the tour, leave your work email, and we'll get you connected.