Vendor and Third Party Compliance Management Questions

Describe an end to end vendor risk management approach including pre onboarding due diligence, vendor risk tiering, analysis of independent audit reports and penetration test results, contractual security requirements, security questionnaires, and ongoing monitoring. Explain processes for tracking vendor posture changes, using external monitoring and attack surface tools, triaging third party incidents, escalating vendor risk, and coordinating remediation with procurement, legal, and engineering. Provide examples of building or improving vendor programs, tiered controls, and evidence collection for audits.