Vendor Risk Workflow

Third-party vendor risk management with due diligence, ongoing monitoring, and contract enforcement

Complexity: Moderate | Duration: 15-30m | Category: Professional/Hr

Tags: #vendor-risk #third-party #security #compliance #due-diligence

Workflow Diagram

Steps

Step 1: Classify vendor risk

Agent: vendor

risk-manager - Categorize as critical, high, medium, low risk

Step 2: Conduct due diligence

Agent: vendor

risk-manager - Review financials, references, security posture

Step 3: Security assessment

Agent: security

specialist - Request SOC 2, pen test results, security questionnaire

Step 4: Compliance check

Agent: compliance

auditor - Verify GDPR, HIPAA, PCI DSS compliance if applicable

Step 5: Review contract

Agent: contract

specialist - Ensure SLAs, liability, termination, audit rights

Step 6: Ongoing monitoring

Agent: vendor

risk-manager - Track vendor performance, security incidents

Step 7: Annual reassessment

Agent: vendor

risk-manager - Re-evaluate vendor risk annually

Step 8: Offboard vendor

Agent: vendor

risk-manager - Revoke access, retrieve data if vendor terminated

Usage

To execute this workflow:

/workflow professional/hr/vendor-risk-workflow.workflow

See other workflows in this category for related automation patterns.

Workflow Diagram​

Steps​

Step 1: Classify vendor risk​

Step 2: Conduct due diligence​

Step 3: Security assessment​

Step 4: Compliance check​

Step 5: Review contract​

Step 6: Ongoing monitoring​

Step 7: Annual reassessment​

Step 8: Offboard vendor​

Usage​

Related Workflows​

Workflow Diagram

Steps

Step 1: Classify vendor risk

Step 2: Conduct due diligence

Step 3: Security assessment

Step 4: Compliance check

Step 5: Review contract

Step 6: Ongoing monitoring

Step 7: Annual reassessment

Step 8: Offboard vendor

Usage

Related Workflows