Vendor Due Diligence Patrick Munro

Plugin Active

Framework for assessing IT vendors with structured risk assessments and regulatory checklists (GDPR, DORA, NIS2, SOX)

Purpose

To provide a structured and comprehensive framework for evaluating IT vendors and third-party partners, ensuring compliance and mitigating risks.

Features

Structured risk assessments for IT vendors
Multi-dimensional evaluation (financial, operational, compliance, security, reputational)
Integrated regulatory checklists (GDPR, DORA, NIS2, SOX)
Three-phase assessment process
Vendor risk scoring and comparison

Use Cases

Evaluating new vendors and technology providers
Conducting third-party risk assessments for procurement
Performing critical vendor due diligence for regulatory compliance
Establishing ongoing vendor monitoring processes

Non-Goals

Providing legal, financial, or specific technical advice
Replacing professional due diligence services
Automating vendor selection without expert oversight

License

warning:License usabilityThe bundled LICENSE.txt is the GNU Affero General Public License v3.0, which is a strong copyleft license. While permissive for personal use and modification, its network interaction clauses may pose challenges for some commercial distribution scenarios without careful consideration.

Compliance

info:GDPRThe skill references GDPR as a regulatory checklist but does not directly process personal data itself, though it advises users to consult professionals for compliance.

Installation

First, add the marketplace

/plugin marketplace add lawvable/awesome-legal-skills

/plugin install vendor-due-diligence-patrick-munro@lawvable

Contains 1 extensions

Skill (1)

Vendor Due Diligence Patrick Munro Skill

Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.

Quality Score

87 /100

Analyzed about 14 hours ago

Trust Signals

Last commit2 months ago

GitHub owner lawvable

Stars349

LicenseNOASSERTION

Websitelawvable.com

Status

View Source

Similar Extensions

Legal Risk Assessment Anthropic

Assess and classify legal risks using a severity-by-likelihood framework with escalation criteria

Plugin

lawvable

Review Agent Governance

Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.

Plugin

wshobson

Accessibility Compliance

WCAG accessibility auditing, compliance validation, UI testing for screen readers, keyboard navigation, and inclusive design

Plugin

wshobson

Meeting Briefing Anthropic

Prepare structured briefings for meetings with legal relevance and track resulting action items

Plugin

lawvable

Security Compliance

SOC2, HIPAA, and GDPR compliance validation, secrets scanning, compliance checklists, and regulatory documentation

Plugin

wshobson

Ra Qm Skills

14 regulatory affairs & quality management skills for HealthTech/MedTech: ISO 13485 QMS, MDR 2017/745, FDA 510(k)/PMA, GDPR/DSGVO, ISO 27001 ISMS, SOC 2, CAPA management, risk management, clinical evaluation, and more. Agent skill and plugin for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw.

Plugin

alirezarezvani