Skip to main content
Legalai.guide
Συμμόρφωση & ρυθμιστικά
legalai
bundled
vendor
due-diligence
compliance
procurement

Due diligence προμηθευτών

Δομημένη αξιολόγηση κινδύνου τρίτων για IT προμηθευτές με οικονομικά, λειτουργικά, συμμόρφωσης, ασφάλειας και φήμης, συμπεριλαμβανομένων GDPR, DORA και NIS2.

Μάθετε να φτιάχνετε skills

Official alternative

Anthropic maintains an official plugin workflow for this task. Use it when you want the full marketplace plugin with MCP connectors.

Vendor AI Reviewer
/plugin install ai-governance-legal@claude-for-legal

Official outputs require attorney review before client reliance.

Σχετικά με αυτό το skill

Δομημένη αξιολόγηση κινδύνου τρίτων για IT προμηθευτές με οικονομικά, λειτουργικά, συμμόρφωσης, ασφάλειας και φήμης, συμπεριλαμβανομένων GDPR, DORA και NIS2.

Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.

Εγκατάσταση

Λήψη starter bundle
  1. Download the ZIP and unzip the skill folder.
  2. In Claude: Settings → Capabilities → Skills → Upload skill folder.
  3. In Claude Code or Codex: copy the folder into `.claude/skills/` or `~/.agents/skills/`.
  4. Invoke the skill by describing a task that matches the skill description.

Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.

Προεπισκόπηση περιεχομένου

# Vendor Due Diligence

Run a structured vendor risk assessment before onboarding or renewal.

## Intake questions

1. Vendor name, service description, and data processed
2. Criticality tier (critical / important / standard)
3. Hosting regions and subprocessors
4. Existing certifications (SOC 2, ISO 27001, etc.)
5. Contract stage (RFP, renewal, incident follow-up)

## Assessment dimensions

Score each area: Low / Medium / High risk with evidence notes.

1. **Financial stability**
2. **Operational resilience** — SLAs, BCP/DR, support model
3. **Security** — access controls, encryption, incident history
4. **Compliance** — GDPR/DPA, DORA ICT third-party rules, NIS2 if applicable
5. **Reputational / concentration risk**

## Output format

```markdown
## Vendor diligence summary
## Risk scorecard
| Domain | Rating | Evidence | Gap | Mitigation |
## Required contract clauses / security addenda
## Open items for vendor questionnaire
## Recommendation (proceed / proceed with conditions / do not proceed)
```

## Guardrails

- Mark missing evidence explicitly; do not assume compliance from marketing claims.
- Separate factual findings from recommended business decision.
- Escalate critical vendors with access to sensitive or regulated data.

Πηγές και επίσημες αναφορές

www.nist.gov/cyberframework

Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.