陌讯skills聚合平台

vendor-management

📁 bagelhole/devops-security-agent-skills 📅 9 days ago
1
总安装量
1
周安装量
#51069
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill vendor-management

Agent 安装分布

opencode 1
codex 1
claude-code 1

Skill 文档

Vendor Management

Manage third-party vendor security risks.

Vendor Assessment

assessment_process:
  1_identify:
    - Catalog all vendors
    - Classify by risk tier
    
  2_assess:
    - Security questionnaire
    - SOC 2 review
    - Penetration test results
    
  3_contract:
    - Security requirements
    - Data processing agreement
    - SLAs
    
  4_monitor:
    - Continuous monitoring
    - Annual reassessment
    - Incident notification

Risk Tiers

Tier Criteria Assessment
Critical Access to sensitive data Full assessment, annual
High Significant data access Questionnaire + SOC 2
Medium Limited data access Security questionnaire
Low No data access Basic due diligence

Security Questionnaire

categories:
  governance:
    - Security policies
    - Risk management
    - Compliance certifications
    
  technical:
    - Access controls
    - Encryption
    - Vulnerability management
    
  operational:
    - Incident response
    - Business continuity
    - Change management

Best Practices

  • Tier-based assessments
  • Regular reassessment
  • Contract security terms
  • Incident notification requirements
  • Exit strategy planning
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。