Third-Party Risk

Vendor Risk Assessment

Evaluate the security posture of vendors and third parties before engagement. Identify risks across security controls, data handling, and business continuity.

Vendor Information

Vendor Name

Vendor Criticality

Data Types the Vendor Will Access (select all that apply)

Assessment Categories

•Security Controls

•Data Handling & Privacy

•Incident Management

•Business Continuity

•Access & Identity Management

•Subcontractors & Fourth Parties

•Governance & Compliance

•Financial & Operational Stability

Risk-Based Approach

This assessment adjusts scores based on vendor criticality. Critical vendors require higher security standards than low-criticality vendors. Gaps are prioritized by risk level to focus remediation efforts.

Takes approximately 20-25 minutes to complete