Overview
You are liable for
your vendor's data breach.
The Digital Personal Data Protection Act 2023 holds Data Fiduciaries liable for breaches at their Data Processors (vendors). Similarly, GDPR holds Controllers responsible for Processor non-compliance. Your vendors who handle personal data on your behalf create direct regulatory liability for you.
Our vendor risk assessment uses an AI-driven questionnaire framework to evaluate up to 20 of your key vendors across security, data protection, operational resilience, and compliance dimensions, scores each vendor by risk tier, and recommends contractual and operational controls.
Why This Matters
A single vendor breach can trigger your breach notification obligation, DPDP Consent Manager notification, and regulatory inquiry even though the breach was not in your own systems. Knowing which vendors are high-risk and implementing appropriate controls is both a regulatory requirement and a commercial protection.
What We Audit
๐
Security Controls Review
Vendor security certifications, penetration testing, access controls, and incident history reviewed.
๐
Data Protection Assessment
Data processing agreement, sub-processor disclosure, and data retention practices reviewed.
๐
Operational Resilience
Business continuity, disaster recovery, and SLA track record reviewed.
๐
Contractual Review
DPA, DPDP Data Processing Agreement, and liability clauses in vendor contracts reviewed.
โก
Concentration Risk
Single-vendor dependency analysis to identify operational concentration risk.
๐
Compliance Posture
Vendor regulatory certifications and compliance claims independently verified.
What You Receive
Vendor Risk Register - All assessed vendors scored and tiered by risk level with supporting evidence.
High Risk Vendor Report - Detailed findings on vendors rated high risk with specific remediation actions.
DPA Template - DPDP-compliant Data Processing Agreement template for immediate use with vendors.
Questionnaire Framework - Reusable vendor risk questionnaire for annual reassessment.
Concentration Risk Map - Critical vendor dependencies mapped with alternative sourcing recommendations.
30-Day Support - Vendor negotiation and DPA drafting advisory at no additional charge.