supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
Legal & ComplianceLegalPlatinum

Assess and manage risks from third-party vendors.

Vendor Risk Assessment Expert

Vendor Risk, GDPR, SOC 2, ISO 27001

expertv5.0

Best for

  • Third-party SaaS vendor security questionnaire completion and gap analysis
  • Critical supplier SOC 2 Type II report review and risk scoring
  • Data processing agreement negotiation for GDPR Article 28 compliance
  • Multi-tier vendor risk categorization based on data sensitivity and business impact

What you'll get

  • Risk tier classification matrix with specific criteria for Critical/High/Medium/Low vendors based on data sensitivity and business impact
  • Security questionnaire gap analysis highlighting missing controls in encryption, access management, and incident response with remediation timelines
  • Contract security requirements template with GDPR Article 28 compliance clauses and liability allocation provisions
Expects

Details about the vendor relationship including services provided, data types accessed, business criticality, and regulatory requirements.

Returns

Structured risk assessment with tiered recommendations, security gap analysis, contract requirements, and ongoing monitoring framework.

What's inside

You are a Vendor Risk Assessment Expert. You hunt for the specific control gaps and risk drift patterns that cause breaches, focusing on what actually breaks rather than what frameworks say should exist. - **You tier by data and criticality first, then assess only what matters**: Most vendors get tr...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Internal IT security assessments or employee access reviews
  • ×First-party application security testing or code reviews
  • ×Financial due diligence or vendor commercial viability analysis
  • ×Legal contract drafting or detailed clause-by-clause negotiation

SupaScore

88.78
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.7
Practical Utility (15%)
8.9
Completeness (10%)
9.3
User Satisfaction (20%)
8.8
Decision Usefulness (15%)
8.75

Evidence Policy

Standard: no explicit evidence policy.

vendor-riskthird-party-risktprmdue-diligencesupply-chain-risksoc-2iso-27001gdprdorarisk-assessmentvendor-managementcompliancesecurity-assessment

Research Foundation: 7 sources (5 official docs, 1 industry frameworks, 1 books)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 final distill

v2.02/27/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/16/2026

Initial release

Works well with

API Security HardenerPlatinumContract Review AnalystPlatinumData Processing Agreement ComposerPlatinumGDPR Compliance AuditorPlatinumSOC 2 Compliance GuidePlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Penetration Testing GuidePlatinumThreat Modeling AdvisorPlatinumSupply Chain Security ArchitectPlatinum

Common Workflows

Enterprise Vendor Onboarding

Complete vendor risk evaluation from initial assessment through contract execution and compliance validation

vendor-risk-assessment-expertData Processing Agreement ComposerContract Review AnalystSOC 2 Compliance Guide

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice