Which regulations does this skill support?

It provides built-in assessment templates for GDPR, DORA, NIS2, SOX, PCI DSS, ISO 27001, SOC 2, HIPAA, and FINMA.

How is vendor risk calculated?

It uses a 1-5 scoring system across financial, operational, compliance, security, reputational, and strategic dimensions, with weighted calculations for critical services.

Does this skill provide legal advice?

No, it is a tool for assessment and documentation. All outputs should be reviewed by qualified legal and security professionals.

Can this skill be used for ongoing vendor monitoring?

Yes, it includes frameworks for quarterly and annual reviews, as well as early-warning indicators for event-triggered assessments.

Vendor Due Diligence Framework

Name: Vendor Due Diligence Framework
Author: lawvable

bylawvable

•

228

•

Seguridad y Pruebas

Conducts comprehensive risk assessments and regulatory compliance checks for IT service providers and third-party technology vendors.

This skill provides a structured methodology for evaluating vendors across financial, operational, compliance, security, and reputational dimensions. It automates the creation of detailed risk reports, regulatory gap analyses—covering standards like GDPR, DORA, and NIS2—and executive-level summaries. Designed for procurement, legal, and IT security teams, it streamlines the complex process of vendor onboarding and ongoing monitoring to ensure supply chain resilience and organizational compliance.

Características Principales

01Pre-built regulatory compliance checklists for GDPR, DORA, NIS2, SOX, and ISO 27001.

02Multi-factor risk scoring system covering financial, operational, and security dimensions.

03Automated generation of risk heat maps, comparison matrices, and executive-level reports.

04228 GitHub stars

05Comprehensive document request lists and structured interview frameworks for vendor verification.

06Three-phase assessment process including screening, deep-dive evaluation, and final decisioning.

Casos de Uso

01Evaluating new technology providers or service partners during the procurement lifecycle.

02Establishing continuous monitoring frameworks and early-warning systems for critical vendors.

03Performing mandatory third-party risk assessments to satisfy regulatory compliance requirements.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lawvable/awesome-legal-skills vendor-due-diligence-patrick-munro

For use in Claude.ai and ChatGPT

Características Principales

01Pre-built regulatory compliance checklists for GDPR, DORA, NIS2, SOX, and ISO 27001.

02Multi-factor risk scoring system covering financial, operational, and security dimensions.

03Automated generation of risk heat maps, comparison matrices, and executive-level reports.

04228 GitHub stars

05Comprehensive document request lists and structured interview frameworks for vendor verification.

06Three-phase assessment process including screening, deep-dive evaluation, and final decisioning.

Casos de Uso

01Evaluating new technology providers or service partners during the procurement lifecycle.

02Establishing continuous monitoring frameworks and early-warning systems for critical vendors.

03Performing mandatory third-party risk assessments to satisfy regulatory compliance requirements.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lawvable/awesome-legal-skills vendor-due-diligence-patrick-munro

For use in Claude.ai and ChatGPT