•  Vanta is a private company with headquarters in San Francisco that specializes in internet security and software.

Tugboat Logic

•  Tugboat Logic has a goal of simplifying and automating information security management in organizations. They handle all aspects of this, including planning, implementation, certification, and compliance.
•  Previous clients have included Allibix, Docto, Filevine, Spiff, Verato, Ahead, Balbax, Sight Machine, and Eltropy.
• Tugboat Logic currently employees 28 staff and has an estimated annual revenue of $5.6 million.
• In March 2019, Tugboat Logic released its Virtual CISO Platform. This assists the organization in obtaining security certifications (including SOC 2 and ISO27001) in a less timely and costly manner than traditional solutions.
• An audit of their Virtual CISO Platform was completed in May 2019, with the independent auditor attesting to the five core trust principles of SOC 2.

Laika

•  Laika assists companies to be both secure and compliant. They have a threefold approach, which includes providing a knowledge base for controls and processes, guidance through the services, and project management of vendor questionnaires.
• They have three primary investors, NYC, Third Prime, and Bain Capital. https://heylaika.com/about/
• Their two main products are Laika Knowledge Base and Laika Concierge. Laika Dataroom is to be released in the near future. The products are offered under two subscription plans, starter, and growth.

Zeguro

•  Zeguro is located in San Francisco, California. Its products are focused on small and medium-sized businesses with revenues of less than $100 million.
• The company had one round of funding in 2018, although the investors have not been disclosed.
• Currently, Zeguro employees, 79 staff, and has an estimated revenue of $15.8 million.

Other Competitors

• Other competitors in this area include Auditboard, SAI360, LogicGate, SAP GRC, and Auditboard.

Summary

• An initial review of the software security services of third party vendors market did not immediately provide an estimate of its size. Most of the reports covered cybersecurity as a whole rather than specialist aspects of it. It may be that this information is not readily accessible.
• There are several competitors in this area. We have completed a superficial review of the three provided. There seems to be a reasonable amount of information available publicly concerning this aspect of the research.