Helps protect an organization and the vendor from potential vulnerabilities (e.g., data breach). Identifies the vendor’s cybersecurity posture by discovering any weaknesses, and from there, gives you the information needed to effectively communicate to the vendor any requests to have their controls strengthened.