What regulations are covered by this vendor assessment skill?

The skill includes pre-built assessment templates for major regulations including GDPR, DORA, NIS2, SOX, PCI DSS, and various ISO standards.

How does the risk scoring system work?

It uses a 1-5 scale across multiple dimensions (Security, Financial, Operational, etc.) with weighted calculations based on the criticality of the service being provided.

Does this replace the need for legal counsel?

No. While it provides structured frameworks and identifies gaps, it is a tool to support professionals and does not constitute legal, financial, or professional advice.

Can this skill generate reports for executive stakeholders?

Yes, it can produce comprehensive Vendor Risk Reports, visual risk heat maps, and Comparison Matrices designed for executive-level decision-making.

Vendor Due Diligence Framework

Name: Vendor Due Diligence Framework
Author: lawvable

bylawvable

•

Security & Testing

Assesses IT service providers and technology vendors through structured risk evaluations and regulatory compliance checklists.

This skill provides a comprehensive methodology for evaluating third-party service providers across financial, operational, and security dimensions. It automates the generation of structured risk reports, regulatory gap analyses (covering GDPR, DORA, and NIS2), and ongoing monitoring frameworks. By standardizing the assessment process, it helps procurement teams, compliance officers, and security professionals identify potential red flags, calculate weighted risk scores, and ensure robust vendor governance throughout the partnership lifecycle.

Key Features

01Pre-built regulatory checklists for GDPR, DORA, NIS2, SOX, and ISO 27001

02Three-phase assessment process covering initial screening, detailed deep-dives, and final decisions

03Continuous monitoring frameworks with early warning indicators and KPI dashboards

04Automated document request lists and structured interview frameworks for vendor stakeholders

05Multi-factor risk scoring system across financial, operational, compliance, security, and reputational dimensions

0638 GitHub stars

Use Cases

01Evaluating new software-as-a-service (SaaS) or infrastructure providers during procurement

02Performing mandatory third-party risk assessments for financial services compliance (DORA)

03Generating executive-level vendor comparison matrices and risk mitigation roadmaps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lawvable/awesome-legal-skills vendor-due-diligence-patrick-munro

For use in Claude.ai and ChatGPT

Download Skill