II.
LibraryProcess overview
Reference · livelib-process:security-compliance--third-party-risk
third-party-risk overview
Third-Party Risk Assessment - Comprehensive security due diligence and ongoing monitoring of third-party vendors, suppliers, and service providers to manage supply chain security risks. Includes vendor security questionnaires, certification reviews, risk scoring, contract security requirements, data protection agreements, periodic reassessments, and incident notification procedures based on industry frameworks and best practices.
Attributes
displayName
third-party-risk
description
Third-Party Risk Assessment - Comprehensive security due diligence and ongoing monitoring of third-party
vendors, suppliers, and service providers to manage supply chain security risks. Includes vendor security
questionnaires, certification reviews, risk scoring, contract security requirements, data protection agreements,
periodic reassessments, and incident notification procedures based on industry frameworks and best practices.
libraryPath
library/specializations/security-compliance/third-party-risk.js
specialization
security-compliance
references
- - Shared Assessments SIG: https://www.shared-assessments.org/ - NIST SP 800-161 (Supply Chain Risk Management): https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final - ISO 27036 (Supplier Relationships): https://www.iso.org/standard/59648.html - CAIQ (Consensus Assessments Initiative Questionnaire): https://cloudsecurityalliance.org/artifacts/caiq/ - BitSight and SecurityScorecard (Third-Party Risk): https://www.bitsight.com/ - NIST Cybersecurity Supply Chain Risk Management: https://csrc.nist.gov/projects/cyber-supply-chain-risk-management
example
const result = await orchestrate('specializations/security-compliance/third-party-risk', {
projectName: 'E-Commerce Platform Vendor Assessment',
vendors: [
{ name: 'Payment Gateway Inc', type: 'payment-processor', criticality: 'critical' },
{ name: 'Cloud Storage Co', type: 'infrastructure', criticality: 'high' },
{ name: 'Analytics Service', type: 'saas', criticality: 'medium' }
],
assessmentType: 'comprehensive', // 'initial', 'comprehensive', 'periodic', 'targeted'
riskCategories: ['security', 'compliance', 'financial', 'operational', 'reputational'],
complianceFrameworks: ['SOC2', 'ISO27001', 'GDPR', 'HIPAA', 'PCI-DSS'],
dataClassification: ['public', 'internal', 'confidential', 'restricted'],
assessmentFrequency: 'annual', // 'quarterly', 'annual', 'biennial'
autoScoring: true,
remediationTracking: true,
continuousMonitoring: true
});
usesAgents
- general-purpose
usesSkills
- vendor-security-questionnaire
- vendor-risk-monitor
Outgoing edges
lib_applies_to_domain1
- domain:security·DomainSecurity
lib_belongs_to_specialization1
- specialization:security-compliance·Specialization
lib_implements_workflow1
- workflow:vulnerability-management·Workflow
uses_skill2
- lib-skill:security-compliance--vendor-security-questionnaire·LibrarySkillvendor-security-questionnaire
- lib-skill:security-compliance--vendor-risk-monitor·LibrarySkillvendor-risk-monitor
Incoming edges
None.