Assess third-party cybersecurity, privacy, AI, cloud, and software supply-chain risks before approving a vendor.
Privacy note: This tool runs locally in your browser for the MVP version. Do not enter confidential contracts, credentials, secrets, regulated data, or private customer data.
Criticality
What type of data will the vendor access?
What level of system access will the vendor have?
Which security controls does the vendor provide?
Does the vendor use AI or machine learning?
Does the vendor train models on customer data?
Can the customer opt out of model training?
Does the vendor store prompts, documents, or uploaded files?
Does the vendor provide data deletion controls?
Does the vendor use subcontractors or third-party model providers?
Does the vendor provide enterprise privacy controls?
Does the vendor provide software, code, SDKs, APIs, packages, or integrations?
Does the vendor provide SBOM documentation?
Does the vendor disclose known vulnerabilities?
Does the vendor have a patch management process?
Does the vendor sign software releases?
Does the vendor use secure development practices?
Disclaimer: This tool provides a basic educational risk assessment and does not replace a formal vendor security review, legal review, compliance review, or professional cybersecurity assessment.