Vendor Risk Assessment

Evaluate the legal and security risk of a third-party vendor

🧪 Tested by a human Advanced 👤 Legal 👤 Procurement 👤 It Admin 👤 Compliance
Conduct a vendor risk assessment for [VENDOR NAME] providing [SERVICE]. Evaluate: (1) Data they will access or process, (2) Security certifications (SOC2, ISO 27001), (3) Data processing agreement status, (4) Sub-processor disclosure, (5) Incident notification obligations, (6) Insurance coverage, (7) Geographic data residency, (8) Exit strategy and data return. Rate overall risk as Low/Medium/High.

Works on

⭐ M365 Copilot (Best) 🟢 ChatGPT 🟠 Claude

Copy & Open in

🟢 ChatGPT 🟠 Claude

Prompt is copied to your clipboard when you click

Tips for Best Results

  • Conduct vendor risk assessments before signing contracts
  • Higher risk vendors need more frequent reviews
  • Include vendor risks in your overall risk register

📎 More Prompts

Acceptable Use Policy Guide

Summarise this AUP into a one-page guide: what you CAN do, what you CANNOT do, grey areas, monitoring notice, consequences, how to report. Understandable in 3 minutes.
⭐ M365 🟢 GPT 🟠 Claude

Compliance Checklist Generator

●●
Create a compliance checklist for [REGULATION — GDPR / SOC2 / ISO 27001 / HIPAA / PCI-DSS / Essential Eight]. Include: (1) Requirement description, (2) Evidence needed, (3) Current status (compliant, partial, gap), (4) Owner, (5) Remediation steps for gaps, (6) Review frequency. Focus on requirements relevant to [ORGANISATION TYPE]. Pre-populate status as Not Assessed.
⭐ M365 🟢 GPT 🟠 Claude

Contract Review Checklist

●●●
Review this contract and provide: (1) Summary of key terms (parties, scope, duration, value), (2) Obligations for each party, (3) Termination conditions, (4) Liability and indemnification clauses, (5) Payment terms, (6) Renewal or auto-renewal provisions, (7) Red flags or unusual clauses, (8) Missing clauses that should be included. Note: this is for initial review — legal counsel should approve.
⚡ M365 🟢 GPT ⭐ Claude
💬