vendor-risk-scoring

Installation
SKILL.md

Vendor Privacy Risk Scoring

Overview

Effective vendor privacy management requires a risk-based approach that allocates oversight resources proportionate to the privacy risk each vendor presents. GDPR Recital 76 states that risk should be assessed based on "the likelihood and severity" of potential impact on data subjects. The EDPB Guidelines 07/2020 (paragraph 86) indicate that the controller's assessment of processor sufficiency must consider expert knowledge, reliability, and resources — factors that feed directly into risk scoring.

At Summit Cloud Partners, the Vendor Privacy Risk Scoring Model assigns each vendor a quantified risk score based on objective factors, enabling consistent risk tiering, proportionate oversight, and audit prioritization.

Risk Scoring Model

Scoring Dimensions

The model evaluates seven dimensions, each scored on a 1-5 scale where 1 = lowest risk and 5 = highest risk.

Dimension 1: Data Volume (Weight: 15%)

Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
vendor-risk-scoring — mukul975/privacy-data-protection-skills