# Vendor Risk Assessment Steps

1. Identify the vendor: Determine who you are assessing and the purpose of the assessment.
2. Gather documentation: Request and review the vendor’s policies, procedures, and contracts.
3. Conduct interviews: Talk to vendor personnel and stakeholders to understand the vendor’s processes and risk management approaches.
4. Collect evidence: Gather evidence from the vendor’s systems to determine their security posture.
5. Assess risk: Analyze the evidence to identify risks and determine the vendor’s capability to manage them.
6. Report findings: Document the assessment results and provide recommendations for mitigating risk.
7. Monitor: Regularly monitor the vendor’s performance to ensure they are meeting the requirements.