Afrexai Vendor Risk

# Vendor Risk Assessment

Score and manage third-party vendor risk across security, financial stability, compliance, operational dependency, and data handling. Built for procurement teams, CISOs, and operations leaders managing 10+ vendors.

## Usage
Run this assessment for each critical vendor. Aggregate scores into a portfolio risk view.

## Assessment Framework

### 1. Vendor Risk Scorecard (5 Domains, 0-100 each)

**Security Posture (0-100)**
- SOC 2 Type II current? (+20)
- Penetration test within 12 months? (+15)
- Incident response plan documented? (+15)
- Data encryption at rest and transit? (+15)
- MFA enforced for all access? (+10)
- Security questionnaire completed? (+10)
- Subprocessor list disclosed? (+15)

**Financial Stability (0-100)**
- Revenue trend (growing +25, flat +10, declining 0)
- Funding runway >18 months? (+20)
- Customer concentration <20%? (+15)
- Public financials or audited statements? (+15)
- No material litigation? (+15)
- Credit rating acceptable? (+10)

**Compliance & Regulatory (0-100)**
- Industry certifications current? (+20)
- GDPR/CCPA compliant? (+20)
- Data processing agreement signed? (+15)
- Regulatory audit history clean? (+15)
- Right to audit clause? (+15)
- Data residency requirements met? (+15)

**Operational Dependency (0-100)**
- SLA with financial penalties? (+20)
- Uptime >99.9% trailing 12 months? (+20)
- Disaster recovery tested annually? (+15)
- Single point of failure for your business? (-20)
- Migration plan documented? (+15)
- API/export capability? (+15)
- Vendor lock-in risk assessment? (+15)

**Data Handling (0-100)**
- Data classification documented? (+20)
- Retention/deletion policies clear? (+20)
- Breach notification <72 hours? (+20)
- Data portability guaranteed? (+15)
- AI/ML training on your data? (opt-out available +15, no opt-out -10)
- Access logging and audit trail? (+10)

### 2. Risk Tier Classification

| Aggregate Score | Tier | Review Cadence | Action |
|----------------|------|------------...

# Vendor Risk Assessment

Score and manage third-party vendor risk. Five domains, 500-point scoring, portfolio-level risk view, quarterly review templates.

**Covers:** Security posture, financial stability, compliance, operational dependency, data handling.

**Who it's for:** Procurement teams, CISOs, ops leaders managing 10+ vendors. Any company where a vendor failure means revenue loss.

→ [Calculate your AI automation savings](https://afrexai-cto.github.io/ai-revenue-calculator/)
→ [Industry-specific context packs](https://afrexai-cto.github.io/context-packs/) — $47 each
→ [Set up your AI agent workforce](https://afrexai-cto.github.io/agent-setup/)

Built by [AfrexAI](https://afrexai-cto.github.io/context-packs/) 🖤💛