vendor-due-diligence-patrick-munro

Installation
SKILL.md

Vendor Due Diligence Framework

Overview

Risk-based vendor assessment framework that identifies material risks early, ensures DORA/NIS2/GDPR compliance, and provides clear recommendations for selection, contract calibration, and ongoing management. Built for regulated sectors (financial services under DORA, KRITIS sectors under NIS2) and for any organisation with meaningful ICT third-party exposure.

LEGAL DISCLAIMER

This skill provides frameworks for vendor assessment purposes only. It does not constitute legal, financial, or professional advice. Users should:

  • Consult qualified legal counsel for specific requirements in their jurisdiction;
  • Engage financial and security professionals for detailed assessments;
  • Verify all regulatory requirements independently;
  • Adapt frameworks to specific organisational needs and risk tolerance;
  • Not rely on this skill as a substitute for professional due diligence services.

The frameworks are templates. Actual assessments require expertise in law, finance, cybersecurity, and risk management. Neither the skill creator nor Claude/Anthropic assumes liability for decisions made based on this skill's output.

Regulatory references current as of 2026-04-23. EU (DORA, NIS2, GDPR) and German (NIS2UmsuCG, BDSG) citations reflect the consolidated text available at that date. Member State NIS2 transposition remains uneven; Germany's NIS2UmsuCG entered into force on 6 December 2025 with the BSI reporting portal opening on 6 January 2026. Verify the current consolidated text and national transposition status on EUR-Lex and the Bundesgesetzblatt before use.

Installs
116
GitHub Stars
555
First Seen
Feb 5, 2026
vendor-due-diligence-patrick-munro — lawvable/awesome-legal-skills