What regulations are covered by this vendor assessment skill?

The skill includes pre-built assessment templates for major regulations including GDPR, DORA, NIS2, SOX, PCI DSS, and various ISO standards.

How does the risk scoring system work?

It uses a 1-5 scale across multiple dimensions (Security, Financial, Operational, etc.) with weighted calculations based on the criticality of the service being provided.

Does this replace the need for legal counsel?

No. While it provides structured frameworks and identifies gaps, it is a tool to support professionals and does not constitute legal, financial, or professional advice.

Can this skill generate reports for executive stakeholders?

Yes, it can produce comprehensive Vendor Risk Reports, visual risk heat maps, and Comparison Matrices designed for executive-level decision-making.

Vendor Due Diligence Framework

Name: Vendor Due Diligence Framework
Author: lawvable

bylawvable

•

セキュリティとテスト

Assesses IT service providers and technology vendors through structured risk evaluations and regulatory compliance checklists.

概要

This skill provides a comprehensive methodology for evaluating third-party service providers across financial, operational, and security dimensions. It automates the generation of structured risk reports, regulatory gap analyses (covering GDPR, DORA, and NIS2), and ongoing monitoring frameworks. By standardizing the assessment process, it helps procurement teams, compliance officers, and security professionals identify potential red flags, calculate weighted risk scores, and ensure robust vendor governance throughout the partnership lifecycle.

主な機能

Pre-built regulatory checklists for GDPR, DORA, NIS2, SOX, and ISO 27001
Three-phase assessment process covering initial screening, detailed deep-dives, and final decisions
Continuous monitoring frameworks with early warning indicators and KPI dashboards
Automated document request lists and structured interview frameworks for vendor stakeholders
Multi-factor risk scoring system across financial, operational, compliance, security, and reputational dimensions
38 GitHub stars

ユースケース

Evaluating new software-as-a-service (SaaS) or infrastructure providers during procurement
Performing mandatory third-party risk assessments for financial services compliance (DORA)
Generating executive-level vendor comparison matrices and risk mitigation roadmaps

概要

主な機能

Pre-built regulatory checklists for GDPR, DORA, NIS2, SOX, and ISO 27001
Three-phase assessment process covering initial screening, detailed deep-dives, and final decisions
Continuous monitoring frameworks with early warning indicators and KPI dashboards
Automated document request lists and structured interview frameworks for vendor stakeholders
Multi-factor risk scoring system across financial, operational, compliance, security, and reputational dimensions
38 GitHub stars

ユースケース

Evaluating new software-as-a-service (SaaS) or infrastructure providers during procurement
Performing mandatory third-party risk assessments for financial services compliance (DORA)
Generating executive-level vendor comparison matrices and risk mitigation roadmaps