II.
LibraryProcess JSON
Structured · livelib-process:security-compliance--third-party-risk
specializations/security-compliance/third-party-risk json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "lib-process:security-compliance--third-party-risk",
"_kind": "LibraryProcess",
"_file": "generated-library/processes.yaml",
"_cluster": "generated-library",
"attributes": {
"displayName": "specializations/security-compliance/third-party-risk",
"description": "Third-Party Risk Assessment - Comprehensive security due diligence and ongoing monitoring of third-party\nvendors, suppliers, and service providers to manage supply chain security risks. Includes vendor security\nquestionnaires, certification reviews, risk scoring, contract security requirements, data protection agreements,\nperiodic reassessments, and incident notification procedures based on industry frameworks and best practices.",
"libraryPath": "library/specializations/security-compliance/third-party-risk.js",
"specialization": "security-compliance",
"references": [
"- Shared Assessments SIG: https://www.shared-assessments.org/",
"- NIST SP 800-161 (Supply Chain Risk Management): https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final",
"- ISO 27036 (Supplier Relationships): https://www.iso.org/standard/59648.html",
"- CAIQ (Consensus Assessments Initiative Questionnaire): https://cloudsecurityalliance.org/artifacts/caiq/",
"- BitSight and SecurityScorecard (Third-Party Risk): https://www.bitsight.com/",
"- NIST Cybersecurity Supply Chain Risk Management: https://csrc.nist.gov/projects/cyber-supply-chain-risk-management"
],
"example": "const result = await orchestrate('specializations/security-compliance/third-party-risk', {\n projectName: 'E-Commerce Platform Vendor Assessment',\n vendors: [\n { name: 'Payment Gateway Inc', type: 'payment-processor', criticality: 'critical' },\n { name: 'Cloud Storage Co', type: 'infrastructure', criticality: 'high' },\n { name: 'Analytics Service', type: 'saas', criticality: 'medium' }\n ],\n assessmentType: 'comprehensive', // 'initial', 'comprehensive', 'periodic', 'targeted'\n riskCategories: ['security', 'compliance', 'financial', 'operational', 'reputational'],\n complianceFrameworks: ['SOC2', 'ISO27001', 'GDPR', 'HIPAA', 'PCI-DSS'],\n dataClassification: ['public', 'internal', 'confidential', 'restricted'],\n assessmentFrequency: 'annual', // 'quarterly', 'annual', 'biennial'\n autoScoring: true,\n remediationTracking: true,\n continuousMonitoring: true\n});",
"usesAgents": [
"general-purpose"
],
"usesSkills": [
"vendor-security-questionnaire",
"vendor-risk-monitor"
]
},
"outgoingEdges": [
{
"from": "lib-process:security-compliance--third-party-risk",
"to": "domain:security",
"kind": "lib_applies_to_domain",
"attributes": {
"weight": 1
}
},
{
"from": "lib-process:security-compliance--third-party-risk",
"to": "workflow:vulnerability-management",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-process:security-compliance--third-party-risk",
"to": "specialization:security-compliance",
"kind": "lib_belongs_to_specialization",
"attributes": {
"weight": 0.9
}
},
{
"from": "lib-process:security-compliance--third-party-risk",
"to": "lib-skill:security-compliance--vendor-security-questionnaire",
"kind": "uses_skill",
"attributes": {
"weight": 0.8
}
},
{
"from": "lib-process:security-compliance--third-party-risk",
"to": "lib-skill:security-compliance--vendor-risk-monitor",
"kind": "uses_skill",
"attributes": {
"weight": 0.8
}
}
],
"incomingEdges": []
}