This repository demonstrates a lightweight, repeatable Third-Party/Vendor Risk Intake process that can be used by small to mid-sized organizations.

• A practical vendor intake form
• A simple risk scoring model (impact + exposure)
• Evidence request checklist
• Vendor decision log (approve / approve with conditions / reject)
• A basic vendor review email template

Third-party risk is a common source of security, privacy, and compliance exposure. This mini pack shows how I structure intake, evidence collection, and decision-making in a way that is audit-friendly and scalable.

1. Start in docs/01-workflow.md
2. Fill out artifacts/vendor-intake-form.md
3. Score the vendor using artifacts/vendor-risk-scorecard.csv
4. Request evidence using artifacts/evidence-request-checklist.md
5. Document the decision in artifacts/vendor-decision-log.csv

1. Fill out the intake: artifacts/vendor-intake-form.md
2. Score the vendor: artifacts/vendor-risk-scorecard.csv
3. Select evidence based on tier: artifacts/evidence-request-checklist.md
4. Document the decision: artifacts/vendor-decision-log.csv
5. Set the next review date based on risk tier: see docs/01-workflow.md