The Aravo Enterprise Platform Collaborative, configurable, cost effective

A highly scalable Governance, Risk and Compliance SaaS platform that delivers unrivaled configurability, regulatory agility, ease-of-use and performance. Flexible and extensible, the platform allows you to adapt a broad range of solutions to your requirements, build new applications and integrate easily with external systems. Even the most complex of configuration changes are made with clicks not code.

Request details

Platform Features

Data Dictionary

The platform’s extensible data model allows modeling of third parties in Aravo without changing the structure of the source data. For example, integration with existing systems such as SAP and Ariba are straightforward, since those data structures do not need to be modified. The Data Dictionary also allows you to take advantage of Aravo’s growing library of compliance applications, including Anti-Bribery and Corruption, Data Privacy/Data Security, Registration & Qualification and Responsible Sourcing.

Workflow Builder

The Graphical Workflow Builder enables business users to model business processes without writing any code. Business users can select from an extensive library of pre-existing best-practice business processes or start from scratch and model processes specific to their needs. The Workflow Builder leverages Aravo’s highly flexible Conditions Builder which makes real-time decisions to direct business processes based on the current status of third party data.

Form Builder

The Form Builder allows you to develop forms that collect information from third parties over the Internet. The Form Builder is optimized to work with all popular browser types worldwide. Featuring extensive support for conditional display of information code, the Form Builder enables companies to present only appropriate content to third parties based on geography, vertical market, revenue size, and other configurable factors. For instance, it is possible to configure unique questions for third parties from Brazil that have over $75M in revenue, versus a third party from any country who has unspecified revenue. The net effect of this is that the response rate for third parties is significantly improved, facilitating the collection and analysis of third-party data.

Data Quality Engine

The Aravo Platform has a configurable matching engine, that addresses two broad data quality issues: data duplication and limiting proliferation of unnecessary third parties. The latter is for unnecessary conditions that you can define for your third parties. The configurable validation engine lets you define rules for every field within the system, even in a nested hierarchical structure.

User Interface

The Aravo Enterprise UI is fully customizable so that any color scheme or logo placement can be accommodated and the platform overall can be completely white labelled. The UI has also been built from the ground-up to be responsive and viewable on any device: desktop, laptop, tablet or smartphone.

Supplier Portal

The Supplier Portal is used proactively by third parties to update their information in a self-service fashion. Once updates are entered, purchasing and compliance teams are notified and the update is automatically routed through the approval process. The Third Party/Supplier Portal can be branded with your website’s look and feel using custom CSS, so that consistent corporate branding is maintained.

Projects

Aravo’s configurable project management system allows you to manage third-party analysis and compliance work as formal projects. Workflows can be grouped into a project and then run as a single unit. Projects can then be rolled up into an initiative, such as FCPA, diversity, or anti-bribery & anti-corruption. For reporting, statistics can be aggregated from projects or initiatives and show useful criteria, such as percentage of third parties that have reached the end of the workflow.

Localization

With the Localization/Internationalization feature, applications can be translated into any local language. The Aravo Platform supports 33 languages today and has the capability to further localize using the provided tools, so that idiosyncrasies such as foreign date and number structures can be implemented. Since data is entered in a structured format, seamless translations are available. Aravo enables validation teams who speak one language to analyze data from third parties who speak different languages.

The Evaluate Scoring Engine

The Evaluate Scoring Engine enables compliance teams to assign scoring rules to data, aggregate those scores, and calculate an overall sense of health of the company’s third party base, their degree of compliance, how well they’re performing and their associated degree of risk. As a baseline, most customers calculate risk and performance, but the Scoring Engine can also be used to weight risk factors and then roll them up into different scores.

Reporting and Dashboards

Aravo provides a configurable online Report and Dashboard Builder. Upon entry, all data is immediately available across your configuration and all your datasets – immediate cross-filtering. The Visualization Engine aggregates data from different reports and provides flexible tools for building multiple dashboards, enabling multiple datasets to be displayed simultaneously.

Configuration Management Tools

The Configuration Management Tools allows configurators to create and update sandbox development and test environments in real time to support an effective configuration lifecycle management process.

Third Party Data Integration

Aravo can access any third party data source as long as it supports SOAP- or REST-based integration. No additional programming or middleware is required. Business users can configure integrations with Ariba, Oracle, SAP, and other leading business platforms without coding.

Security System

The Aravo Platform implements industry best practices for protecting data privacy, including access controls based on user, role, and location. For example, the Security System can be configured to ensure that a business user in France cannot view the data of a third party based in Germany, if a company’s business and security rules require location-based data restrictions.

Regulations and Standards Today, there is a maze of regulations, laws and standards that companies need consider as part of their compliance programs and to support industry best practice operations and conduct. These are a selection:

  • Sarbanes-Oxley Act

    The Sarbanes-Oxley Act was enacted in 2002 and is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It defines audit requirements and the records businesses should store and for how long.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Payment Card Industry Data Security Standard (PCI DSS)

    A set of requirements for enhancing security of payment customer account data. It was developed to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • The Gramm-Leach-Bliley Act (GLB) Act of 1999

    TheGLB Act includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements, which are: the Financial Privacy Rule, the Safeguards Rule and pretexting provisions.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Children's Online Privacy Protection Act

    COPPA took effect in 2000, and applies to the online collection of personal information from children under 13. Monitored by the Federal Trade Commission (FTC), the rules limit how companies may collect and disclose children's personal information.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule

    FACTA is an amendment to the Fair Credit Reporting Act that is intended to help consumers avoid identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in the legislation. The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Health Insurance Portability and Accountability Act (HIPAA)

    HIPAA was enacted in 1996 to improve the efficiency and effectiveness of the health care system. It requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers. The law also incorporates provisions for guarding the security and privacy of personal health information.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • The Health Information Technology for Economic and Clinical Health Act (HITECH)

    Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act modifies HIPAA by adding new requirements concerning privacy and security for patient health information. It widens the scope of privacy and security protections available under HIPAA, increases the potential legal liability for non-compliance and provides for more enforcement.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • European Union Data Protection Directive

    This 1995 European directive sets strict limits on the collection and use of personal data and demands that each member state set up an independent national body responsible for the protection of this data.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • ISO/IEC 27001:2013

    An information security standard that was published on the 25th September 2013, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a specification for an information security management system (ISMS).

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Foreign Corrupt Practices Act of 1977 (FCPA)

    Foreign Corrupt Practices Act of 1977 (FCPA) forbids bribery and corruption by companies and their third-party partners, including resellers, distributors, and marketing agencies.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with anti-bribery and corruption laws.

  • UK Bribery Act of 2010

    The U.K.Bribery Act of 2010 is modeled on the OECD Anti-Bribery Convention and forbids bribery and corruption by companies and their third-party partners who are doing business in the U.K.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with anti-bribery and corruption laws.

  • International Traffic in Arms Regulations (ITAR)

    International Traffic in Arms Regulations (ITAR)
    controls the export and import of defense-related articles and services on the United States Munitions List.

    Aravo’s solution features a standardized supplier compliance scheme flexible enough to support the multi-buyer qualification schemes prevalent in the Aerospace & Defense market.

  • Title VII of the U.S. Civil Rights Act of 1964 The U.S. Civil Rights Act of 1991

    Title VII of the Civil Rights Act of 1964 (Pub. L. 88-352) & The Civil Rights Act of 1991 (Pub. L. 102-166) prohibit an employer with fifteen or more employees from discriminating on the basis of race, national origin, gender, or religion.

    Aravo helps enterprises ensure that third parties implement non-discriminatory policies, training, and processes for redress.

  • Wages and the Fair Labor Standards Act (FLSA) and Equal Pay Act (EPA)

    Wages and the Fair Labor Standards Act (FLSA) and the Equal Pay Act (EPA) of 1963 (Pub. L. 88-38) establishes minimum wage, overtime pay, record keeping, and youth employment standards.

    Aravo helps ensure that third parties have policies and practices that comply with the EPA.

  • Dodd-Frank 1502 and Clean Diamonds Trade Act (CDTA) Conflict Minerals

    Dodd-Frank Wall Street Reform and Consumer Protection Act 1502 and Clean Diamonds Trade Act (CDTA) defines restrictions on the mining, transporting and commerce of Conflict Minerals. Dodd-Frank Act mandated the SEC to ensure the sale of conflict materials (e.g. coltan, tantalum, tin, tungsten, and gold) does not benefit armed groups in or near the Democratic Republic of Congo.

    Aravo has helped implement a risk and compliance program for one of the top three diversified metals & mining companies.

  • The California Transparency in Supply Chains Act

    The California Transparency in Supply Chains Act of 2010 requires larger retailers doing business in California to report on their specific actions that eradicate slavery and human trafficking from their supply chains.

    Aravo's scaleable solution can seamlessly handle the supply chain issues of all 3,200 companies affected by the California Transparency in Supply Chains Act.

  • UK Modern Slavery Act

    The Modern Slavery Act of 2015 gives UK law enforcement the tools to fight slavery, ensure perpetrators receive suitably severe punishment and protect victims of these crimes.

    Using Aravo, businesses with more than £36M annual revenue will be able to assess and audit its suppliers' capabilities in stopping the use of slave labour.

  • ISO 14001:2015

    ISO 14001 Environmental Management System. 
ISO 14001:2015 sets out the criteria for an environmental management system applicable to any industry.

    Aravo helps ensure that third parties have policies and practices that comply with the ISO 14001:2015.

  • Clean Air Act of 1963

    The Clean Air Act of 1963 as defined in U.S. Code Title 42, Chapter 85, Subchapter I, Part A, § 7412 and § 7420 designates what is a hazardous air pollutant, how to dispose of it and what are the penalties for non-compliance with the Environmental Protection Agency’s (EPA) Standards.

    Aravo has helped implement a R&C solution for the largest US-based multinational conglomerate, so that its third parties remain in compliance with the EPA.

  • OHFAS 18001

    OHSAS (Occupational Health and Safety Assessment Series) 18001 or BS OHSAS 18001, helps organizations put in place demonstrably sound occupational health and safety management systems.

    Aravo helps ensure that third parties have policies and practices that comply with occupational health and safety requirements.

  • UK Health & Safety at Work etc Act of 1974

    The Health and Safety at Work etc Act 1974 (also referred to as HSWA, the HSW Act, the 1974 Act or HASAWA) provides for securing the health, safety and welfare of persons at work.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with international health and safety laws and regulations.

  • RIDDOR 2013

    Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013 requires employers, the self-employed, and those in control of premises to report specified workplace incidents.

    Aravo’s enterprise solution makes it straight-forward to report, track and document incidents in the base of third parties.

  • U.S. Foreign Corrupt Practices Act (FCPA)
  • UK Bribery Act
  • Title VII of the U.S. Civil Rights Act of 1964 The U.S. Civil Rights Act of 1991

    Title VII of the Civil Rights Act of 1964 (Pub. L. 88-352) & The Civil Rights Act of 1991 (Pub. L. 102-166) prohibit an employer with fifteen or more employees from discriminating on the basis of race, national origin, gender, or religion.

    Aravo helps enterprises ensure that third parties implement non-discriminatory policies, training, and processes for redress.

  • Wages and the Fair Labor Standards Act (FLSA) and Equal Pay Act (EPA)

    Wages and the Fair Labor Standards Act (FLSA) and the Equal Pay Act (EPA) of 1963 (Pub. L. 88-38) establishes minimum wage, overtime pay, record keeping, and youth employment standards.

    Aravo helps ensure that third parties have policies and practices that comply with the EPA.

  • Dodd-Frank 1502 and Clean Diamonds Trade Act (CDTA) Conflict Minerals

    Dodd-Frank Wall Street Reform and Consumer Protection Act 1502 and Clean Diamonds Trade Act (CDTA) defines restrictions on the mining, transporting and commerce of Conflict Minerals. Dodd-Frank Act mandated the SEC to ensure the sale of conflict materials (e.g. coltan, tantalum, tin, tungsten, and gold) does not benefit armed groups in or near the Democratic Republic of Congo.

    Aravo has helped implement a risk and compliance program for one of the top three diversified metals & mining companies.

  • The California Transparency in Supply Chains Act

    The California Transparency in Supply Chains Act of 2010 requires larger retailers doing business in California to report on their specific actions that eradicate slavery and human trafficking from their supply chains.

    Aravo's scaleable solution can seamlessly handle the supply chain issues of all 3,200 companies affected by the California Transparency in Supply Chains Act.

  • UK Modern Slavery Act

    The Modern Slavery Act of 2015 gives UK law enforcement the tools to fight slavery, ensure perpetrators receive suitably severe punishment and protect victims of these crimes.

    Using Aravo, businesses with more than £36M annual revenue will be able to assess and audit its suppliers' capabilities in stopping the use of slave labour.

  • ISO 14001:2015

    ISO 14001 Environmental Management System. 
ISO 14001:2015 sets out the criteria for an environmental management system applicable to any industry.

    Aravo helps ensure that third parties have policies and practices that comply with the ISO 14001:2015.

  • Clean Air Act of 1963

    The Clean Air Act of 1963 as defined in U.S. Code Title 42, Chapter 85, Subchapter I, Part A, § 7412 and § 7420 designates what is a hazardous air pollutant, how to dispose of it and what are the penalties for non-compliance with the Environmental Protection Agency’s (EPA) Standards.

    Aravo has helped implement a R&C solution for the largest US-based multinational conglomerate, so that its third parties remain in compliance with the EPA.

  • OHFAS 18001

    OHSAS (Occupational Health and Safety Assessment Series) 18001 or BS OHSAS 18001, helps organizations put in place demonstrably sound occupational health and safety management systems.

    Aravo helps ensure that third parties have policies and practices that comply with occupational health and safety requirements.

  • UK Health & Safety at Work etc Act of 1974

    The Health and Safety at Work etc Act 1974 (also referred to as HSWA, the HSW Act, the 1974 Act or HASAWA) provides for securing the health, safety and welfare of persons at work.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with international health and safety laws and regulations.

  • RIDDOR 2013

    Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013 requires employers, the self-employed, and those in control of premises to report specified workplace incidents.

    Aravo’s enterprise solution makes it straight-forward to report, track and document incidents in the base of third parties.

  • U.S. Foreign Corrupt Practices Act (FCPA)
  • UK Bribery Act
  • Sarbanes-Oxley Act

    The Sarbanes-Oxley Act was enacted in 2002 and is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It defines audit requirements and the records businesses should store and for how long.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Payment Card Industry Data Security Standard (PCI DSS)

    A set of requirements for enhancing security of payment customer account data. It was developed to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • The Gramm-Leach-Bliley Act (GLB) Act of 1999

    TheGLB Act includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements, which are: the Financial Privacy Rule, the Safeguards Rule and pretexting provisions.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Children's Online Privacy Protection Act

    COPPA took effect in 2000, and applies to the online collection of personal information from children under 13. Monitored by the Federal Trade Commission (FTC), the rules limit how companies may collect and disclose children's personal information.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule

    FACTA is an amendment to the Fair Credit Reporting Act that is intended to help consumers avoid identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in the legislation. The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Health Insurance Portability and Accountability Act (HIPAA)

    HIPAA was enacted in 1996 to improve the efficiency and effectiveness of the health care system. It requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers. The law also incorporates provisions for guarding the security and privacy of personal health information.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • The Health Information Technology for Economic and Clinical Health Act (HITECH)

    Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act modifies HIPAA by adding new requirements concerning privacy and security for patient health information. It widens the scope of privacy and security protections available under HIPAA, increases the potential legal liability for non-compliance and provides for more enforcement.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • European Union Data Protection Directive

    This 1995 European directive sets strict limits on the collection and use of personal data and demands that each member state set up an independent national body responsible for the protection of this data.

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • ISO/IEC 27001:2013

    An information security standard that was published on the 25th September 2013, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a specification for an information security management system (ISMS).

    Aravo allows enterprises to collect attestation and certifications from third parties in respect to compliance with data security and privacy laws and standards.

  • Foreign Corrupt Practices Act of 1977 (FCPA)

    Foreign Corrupt Practices Act of 1977 (FCPA) forbids bribery and corruption by companies and their third-party partners, including resellers, distributors, and marketing agencies.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with anti-bribery and corruption laws.

  • UK Bribery Act of 2010

    The U.K.Bribery Act of 2010 is modeled on the OECD Anti-Bribery Convention and forbids bribery and corruption by companies and their third-party partners who are doing business in the U.K.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with anti-bribery and corruption laws.

  • International Traffic in Arms Regulations (ITAR)

    International Traffic in Arms Regulations (ITAR)
    controls the export and import of defense-related articles and services on the United States Munitions List.

    Aravo’s solution features a standardized supplier compliance scheme flexible enough to support the multi-buyer qualification schemes prevalent in the Aerospace & Defense market.

  • Title VII of the U.S. Civil Rights Act of 1964 The U.S. Civil Rights Act of 1991

    Title VII of the Civil Rights Act of 1964 (Pub. L. 88-352) & The Civil Rights Act of 1991 (Pub. L. 102-166) prohibit an employer with fifteen or more employees from discriminating on the basis of race, national origin, gender, or religion.

    Aravo helps enterprises ensure that third parties implement non-discriminatory policies, training, and processes for redress.

  • Wages and the Fair Labor Standards Act (FLSA) and Equal Pay Act (EPA)

    Wages and the Fair Labor Standards Act (FLSA) and the Equal Pay Act (EPA) of 1963 (Pub. L. 88-38) establishes minimum wage, overtime pay, record keeping, and youth employment standards.

    Aravo helps ensure that third parties have policies and practices that comply with the EPA.

  • Dodd-Frank 1502 and Clean Diamonds Trade Act (CDTA) Conflict Minerals

    Dodd-Frank Wall Street Reform and Consumer Protection Act 1502 and Clean Diamonds Trade Act (CDTA) defines restrictions on the mining, transporting and commerce of Conflict Minerals. Dodd-Frank Act mandated the SEC to ensure the sale of conflict materials (e.g. coltan, tantalum, tin, tungsten, and gold) does not benefit armed groups in or near the Democratic Republic of Congo.

    Aravo has helped implement a risk and compliance program for one of the top three diversified metals & mining companies.

  • The California Transparency in Supply Chains Act

    The California Transparency in Supply Chains Act of 2010 requires larger retailers doing business in California to report on their specific actions that eradicate slavery and human trafficking from their supply chains.

    Aravo's scaleable solution can seamlessly handle the supply chain issues of all 3,200 companies affected by the California Transparency in Supply Chains Act.

  • UK Modern Slavery Act

    The Modern Slavery Act of 2015 gives UK law enforcement the tools to fight slavery, ensure perpetrators receive suitably severe punishment and protect victims of these crimes.

    Using Aravo, businesses with more than £36M annual revenue will be able to assess and audit its suppliers' capabilities in stopping the use of slave labour.

  • ISO 14001:2015

    ISO 14001 Environmental Management System. 
ISO 14001:2015 sets out the criteria for an environmental management system applicable to any industry.

    Aravo helps ensure that third parties have policies and practices that comply with the ISO 14001:2015.

  • Clean Air Act of 1963

    The Clean Air Act of 1963 as defined in U.S. Code Title 42, Chapter 85, Subchapter I, Part A, § 7412 and § 7420 designates what is a hazardous air pollutant, how to dispose of it and what are the penalties for non-compliance with the Environmental Protection Agency’s (EPA) Standards.

    Aravo has helped implement a R&C solution for the largest US-based multinational conglomerate, so that its third parties remain in compliance with the EPA.

  • OHFAS 18001

    OHSAS (Occupational Health and Safety Assessment Series) 18001 or BS OHSAS 18001, helps organizations put in place demonstrably sound occupational health and safety management systems.

    Aravo helps ensure that third parties have policies and practices that comply with occupational health and safety requirements.

  • UK Health & Safety at Work etc Act of 1974

    The Health and Safety at Work etc Act 1974 (also referred to as HSWA, the HSW Act, the 1974 Act or HASAWA) provides for securing the health, safety and welfare of persons at work.

    Aravo establishes clear criteria for vetting, onboarding and monitoring third parties and their compliance with international health and safety laws and regulations.

  • RIDDOR 2013

    Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013 requires employers, the self-employed, and those in control of premises to report specified workplace incidents.

    Aravo’s enterprise solution makes it straight-forward to report, track and document incidents in the base of third parties.

  • U.S. Foreign Corrupt Practices Act (FCPA)
  • UK Bribery Act