Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · Third-Party Risk Assessment
workflow:third-party-risk-assessmenta5c.ai
II.
Workflow JSON

workflow:third-party-risk-assessment

Structured · live

Third-Party Risk Assessment json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-risk-compliance.yamlCluster · workflows
Record JSON
{
  "id": "workflow:third-party-risk-assessment",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-risk-compliance.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Third-Party Risk Assessment",
    "workflowKind": "governance",
    "triggerType": "event-driven",
    "typicalCadence": "per-vendor",
    "complexity": "cross-team",
    "description": "Assesses risk exposure from third-party vendors, partners, and service\nproviders -- distributing security questionnaires and evaluating\nresponses against organizational standards, reviewing SOC 2 and ISO\n27001 attestation reports for control coverage, assessing data-handling\npractices and sub-processor chains for GDPR compliance, evaluating\nbusiness-continuity and disaster-recovery capabilities, scoring vendors\non a composite risk matrix incorporating financial stability,\nconcentration risk, and geopolitical factors, and defining residual-risk\nacceptance or mitigation requirements. Produces third-party risk\nassessment report and risk-tier classification. Excludes contract\nnegotiation.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "role:security-reviewer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "role:planner",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "role:license-auditor",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "skill-area:threat-modeling",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "skill-area:identity-security",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "domain:security",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "domain:operations",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "domain:legal",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "responsibility:vendor-evaluation",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "responsibility:security-review",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "org-unit:risk-management-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "org-unit:security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:third-party-risk-assessment",
      "to": "org-unit:procurement-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": []
}