The process of assessing third-party vendors for potential risk to an organization. It involves evaluating vendors’ security policies, procedures, and processes, as well as their financial and compliance status. This allows organizations to identify and mitigate risks associated with third-party vendors.