AssessmentFree tool

Vendor Governance Assessment

Third-party risk is governance risk. This assessment evaluates your vendor governance across: selection criteria, contract governance, ongoing monitoring, data handling, and exit planning. Identify which vendor relationships need stronger governance controls.

Vendor Selection

Formal selection criteria documented?

Due diligence process defined?

Security assessment required before onboarding?

Contract Governance

Standard contract terms defined?

SLAs included in all vendor contracts?

Data processing agreements in place?

Ongoing Monitoring

Regular vendor performance reviews?

Annual security reassessment?

Incident notification requirements?

Data Handling

Data classification shared with vendors?

Data return/destruction clauses?

Cross-border data transfer controls?

Exit Planning

Transition plan for each critical vendor?

Data portability guaranteed?

Alternative vendors identified?

Constellation tracks vendor commitments alongside internal ones

Take the governance health check →