A regulatory requirement and one of the most critical elements of third party risk management. Risk-based due diligence should be completed before contract execution as well as updated periodically throughout the vendor relationship. It involves collecting and thoroughly analyzing vendor documentation (e.g., financial, SOC, BCP/DR reviews).