Vendor Risk Assessment

Detects vendor risk assessments revealing third-party security posture and supply chain vulnerabilities.

Type: keyword_list
Confidence: medium
Confidence justification: Medium confidence: keyword-based detection requires corroborative evidence for accurate identification.
Jurisdictions: au
Regulations: IPA 2009 (Qld), Privacy Act 1988 (Cth), SOCI Act 2018 (Cth)
Frameworks: DISP, ISO 27001, NIST CSF
Data categories: security, governance
Scope: narrow
Risk rating: 7

Should match

Vendor risk assessment: third-party risk and vendor due diligence — Test match 1
Supply chain risk review with vendor security questionnaire results — Test match 2
Vendor management program: vendor assessment and outsourcing risk evaluation — Test match 3

Should not match

Vendor booth at the market — Non-match 1
Best vendor award ceremony — Non-match 2

Known false positives

Generic vendor references in non-risk contexts. Mitigation: Require risk assessment keywords alongside vendor.