A third-party risk assessment record for a vendor or subprocessor: certifications, data access, DPA, subprocessors, security controls and breach history, with a computed risk rating and a recommendation. Supports ISO 27001 supplier security and SOC 2 vendor due diligence.