Vendor Risk Assessment
by @afrexai-cto
Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...
clawhub install afrexai-vendor-risk-assessmentπ About This Skill
name: vendor-risk-assessment description: > Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilience. Use when onboarding new vendors, conducting annual reviews, or building a vendor management program. Generates a scored risk report with mitigation recommendations. Built by AfrexAI. metadata: version: 1.0.0 author: AfrexAI tags: [vendor-risk, security, compliance, procurement, enterprise]
Vendor Risk Assessment
Evaluate any AI/SaaS vendor across 6 risk dimensions. Outputs a scored report with go/no-go recommendation.
When to Use
How to Use
The user provides vendor details (name, product, website, any available documentation). The agent researches and scores the vendor across 6 dimensions.
Input Format
Vendor: [Company Name]
Product: [Product/Service Name]
Website: [URL]
Use Case: [What you'd use it for]
Data Sensitivity: [low/medium/high/critical]
Additional Context: [Any docs, certifications, or concerns]
Assessment Framework
6 Risk Dimensions (each scored 1-10)
#### 1. Security Posture
#### 2. Data Handling & Privacy
#### 3. Compliance & Certifications
#### 4. Financial Stability
#### 5. Operational Resilience
#### 6. Contractual Terms
Output Format
# Vendor Risk Assessment: [Vendor Name]
Date: YYYY-MM-DD
Assessor: AI Agent (AfrexAI)
Data Sensitivity Level: [low/medium/high/critical]Overall Risk Score: [X/10] β [LOW/MEDIUM/HIGH/CRITICAL]
Dimension Scores
| Dimension | Score | Risk Level | Key Finding |
|-----------|-------|------------|-------------|
| Security Posture | X/10 | LOW/MED/HIGH | ... |
| Data Handling | X/10 | LOW/MED/HIGH | ... |
| Compliance | X/10 | LOW/MED/HIGH | ... |
| Financial Stability | X/10 | LOW/MED/HIGH | ... |
| Operational Resilience | X/10 | LOW/MED/HIGH | ... |
| Contractual Terms | X/10 | LOW/MED/HIGH | ... |Recommendation: [APPROVE / APPROVE WITH CONDITIONS / REJECT]
Critical Findings
[Finding 1]
[Finding 2] Mitigation Requirements (if Approve with Conditions)
1. [Requirement 1 β deadline]
2. [Requirement 2 β deadline]Research Sources
[Source 1]
[Source 2]
Scoring Guide
Overall Risk Calculation
Research Process
1. Check vendor website for security/compliance pages 2. Search for SOC2/ISO certifications and trust pages 3. Check status pages for uptime history 4. Search for breach history or security incidents 5. Review pricing page for contract terms indicators 6. Check Crunchbase/LinkedIn for financial stability signals 7. Search for customer reviews mentioning reliability/supportPro Tips
*Need help managing vendor risk across your entire stack? AfrexAI builds autonomous AI agents that monitor vendors continuously β not just at onboarding. Visit afrexai.com or book a call: calendly.com/cbeckford-afrexai/30min*