The process of systematically validating the legitimacy and good standing of a vendor. It also formally evaluates the vendor’s risk management practices and controls to ensure they are suitable for mitigating the risks associated with their product or service. Due diligence is a regulatory requirement and one of the most critical elements of third-party risk management. Risk-based due diligence should be completed before contract execution and updated periodically throughout the vendor relationship. It involves collecting and thoroughly analyzing vendor documentation (e.g., financial, SOC, BC/DR plan reviews).