Vendor Due Diligence Patrick Munro
Skill ActiveFramework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.
To provide a structured and comprehensive framework for evaluating IT service providers and third-party partners, enabling robust risk assessments and compliance verification.
Features
- Structured multi-dimensional risk assessments (financial, operational, compliance, security, reputational)
- Regulatory checklists for GDPR, DORA, NIS2, SOX, and others
- Detailed phased assessment process (screening, deep-dive, final evaluation)
- Multi-factor risk scoring system with weighted calculations
- Document request lists and vendor interview frameworks
- Ongoing monitoring frameworks with early warning indicators
Use Cases
- Evaluating new vendors or technology providers
- Conducting third-party risk assessments for procurement
- Performing critical vendor due diligence for regulatory compliance
- Creating vendor onboarding documentation
- Establishing ongoing vendor monitoring processes
- Assessing vendor concentration risk
- Generating executive-level vendor risk reports
Non-Goals
- Replacing professional legal, financial, or technical audit services
- Providing specific legal advice on contracts or regulations
- Guaranteeing vendor performance or eliminating all risks
- Substituting for organization-specific risk frameworks or policies
License
- warning:License usabilityThe license is AGPL-3.0, which is a strong copyleft license and may have implications for commercial use and redistribution depending on the user's specific needs.
Compliance
- info:GDPRThe skill processes information that could include personal data if provided by the user, but it does not inherently operate on personal data or submit it to third parties without explicit user input.
Installation
First, add the marketplace
/plugin marketplace add lawvable/awesome-legal-skills/plugin install vendor-due-diligence-patrick-munro@lawvableQuality Score
Trust Signals
Similar Extensions
Qms Audit Expert
100ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
CAIO Review
100/cs:caio-review <plan> — Eval-demanding Chief AI Officer interrogation of any plan that involves AI: model selection, risk classification, cost economics, or AI hiring.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master skill for legal teams using Claude. Loads the right reference for the user's question (privilege configuration, MCP hardening, verification, long documents, practice-area patterns, skill authoring) and routes to specialized starter skills (NDA triage, version diff, meeting brief, citation verification, status synthesis). Auto-invokes when the user mentions legal work, contracts, redlines, NDAs, privilege, attorney-client, court filings, depositions, regulatory compliance, or asks how to set up Claude for a law firm or in-house legal team.