Vendor Risk Scorer

Assess third-party vendor security across 8 weighted domains

Score vendor security posture across 8 weighted domains: Data Handling, Access Control, Compliance, Incident Response, Network Security, Secure Development (SDLC), Governance, and Physical Security. Generates a weighted overall score, risk tier classification, engagement recommendation, and identifies priority improvement areas. Supports 7 vendor types for contextualized assessment.

Vendor Risk Assessment

Vendor Name

Vendor Type

Security Domain Scores

Rate the vendor on each security domain (0 = not assessed, 1 = critical gaps, 7 = excellent).

Data Handling & Privacy (weight: 20%) How well does the vendor protect data? (encryption, classification, retention, DLP)

Access Control & Authentication (weight: 15%) MFA, RBAC, SSO, privileged access management, password policies

Compliance & Certifications (weight: 15%) SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, regulatory alignment

Incident Response & BCP (weight: 12%) IR plan, notification SLA, disaster recovery, business continuity

Network & Infrastructure (weight: 12%) Firewall, IDS/IPS, segmentation, vulnerability management, patching

Secure Development (SDLC) (weight: 10%) Secure coding practices, code review, SAST/DAST, dependency scanning

Governance & Risk Management (weight: 8%) Security policies, risk assessments, security team, board oversight

Physical & Environmental (weight: 8%) Data center security, physical access controls, environmental protections

Vendor Risk Scorer

Security Domain Scores

Related Tools

CVSS v3.1 Calculator

Risk Score Calculator

ALE Calculator

FAIR Risk Calculator