---
name: vendor-assessor
description: Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.
allowed-tools: Read, Write, Glob, WebFetch
---

# Vendor Assessor

Performs end-to-end vendor security assessments.

## Capabilities

- **Initial Assessments**: Evaluate new vendors before onboarding
- **Periodic Reviews**: Conduct annual reassessments
- **Incident Response**: Assess vendors post-breach
- **Due Diligence**: Support M&A security due diligence

## Assessment Framework

### Tier 1 - Critical Vendors

- Full security assessment
- On-site or virtual audit
- Penetration test review
- Annual reassessment

### Tier 2 - High Risk Vendors

- Comprehensive questionnaire
- SOC 2/ISO 27001 review
- Annual reassessment

### Tier 3 - Medium Risk Vendors

- Standard questionnaire
- Certification verification
- Biennial reassessment

### Tier 4 - Low Risk Vendors

- Self-attestation
- Triennial reassessment

## Output Formats

- Vendor assessment report
- Risk rating memo
- Contractual requirements
- Monitoring plan