Overview
Third-party risk is the risk that most companies discover during a crisis: the vendor whose data breach exposed customer records, the supplier whose financial failure disrupted operations, the SaaS tool whose outage took down a critical business process. These risks were present from the moment the relationship was established — they were just never assessed.
The Third-Party & Vendor Risk Management Prompt builds a risk-based approach to third-party relationships: tiering vendors by the risk they introduce, applying proportionate due diligence before onboarding, and monitoring ongoing risk without treating every vendor as if they were a critical infrastructure provider.
What you get: - Vendor risk tiering: how to classify vendors by the risk they introduce - Pre-onboarding due diligence framework: what to assess before signing - Contract risk provisions: the clauses that protect the company in a vendor failure - Ongoing monitoring protocol: how to track vendor risk without a dedicated team - Concentration risk assessment: the vendors whose failure would be most damaging - Incident response for third-party failures: what to do when a vendor fails - Regulatory requirements: the third-party risk obligations that apply to regulated industries
Built for: operations leads, procurement teams, and risk managers who need a third-party risk program that is proportionate to the actual risk — not one that treats every vendor as a critical risk.