AgentSkillsCN

vendor-management

实施供应商风险管理计划,评估第三方安全态势并持续更新供应商名录,在管理供应商安全时加以运用。

SKILL.md
--- frontmatter
name: vendor-management
description: Implement vendor risk management programs. Assess third-party security and maintain vendor inventory. Use when managing supplier security.
license: MIT
metadata:
  author: devops-skills
  version: "1.0"

Vendor Management

Manage third-party vendor security risks.

Vendor Assessment

yaml
assessment_process:
  1_identify:
    - Catalog all vendors
    - Classify by risk tier
    
  2_assess:
    - Security questionnaire
    - SOC 2 review
    - Penetration test results
    
  3_contract:
    - Security requirements
    - Data processing agreement
    - SLAs
    
  4_monitor:
    - Continuous monitoring
    - Annual reassessment
    - Incident notification

Risk Tiers

TierCriteriaAssessment
CriticalAccess to sensitive dataFull assessment, annual
HighSignificant data accessQuestionnaire + SOC 2
MediumLimited data accessSecurity questionnaire
LowNo data accessBasic due diligence

Security Questionnaire

yaml
categories:
  governance:
    - Security policies
    - Risk management
    - Compliance certifications
    
  technical:
    - Access controls
    - Encryption
    - Vulnerability management
    
  operational:
    - Incident response
    - Business continuity
    - Change management

Best Practices

  • Tier-based assessments
  • Regular reassessment
  • Contract security terms
  • Incident notification requirements
  • Exit strategy planning