Expand the Vendor & Risk module with a scorecard that evaluates vendors across more risk dimensions, not just impact × likelihood.
Key Features
Add additional fields to vendors:
- Data Sensitivity (dropdown)
- Options are: None, Internal Only, Personally Identifiable Information (PII), Financial Data, Health Data (e.g. HIPAA), Model Weights or AI Assets, Other Sensitive Data
- Business Criticality (dropdown)
- Options are: Low (Vendor supports non-core functions), Medium (Vendor affects day-to-day operations but is replaceable), and High (Vendor is critical to delivering core services or products).
- Past Issues (Dropdown)
- Options are: None, Minor Incident (e.g. small delay, minor bug), Major Incident (e.g. data breach, legal issue)
- Regulatory Exposure (Dropdown)
- Options are: None, GDPR (EU), HIPAA (US), SOC 2, ISO 27001, EU AI Act, CCPA (California), Other
Compute a simple risk score based on the selected values
First assign numeric values in each option and then normalize based on this calculation: Risk Score = (data sensitivty × 0.3) + (business criticality × 0.3) + (past issues × 0.2) + (regulatory exposure × 0.2)
Show calculated score in vendor detail view and in the table
Note: When adding a new vendor or editing a vendor, use the same modal for the additional fields above, but group the scorecard fields under a toggle/collapsible section labeled “Vendor Scorecard (Advanced)”. That way the main context is not lost, and it doesn’t require navigation or extra UI complexity.
Expand the Vendor & Risk module with a scorecard that evaluates vendors across more risk dimensions, not just impact × likelihood.
Key Features
Add additional fields to vendors:
Compute a simple risk score based on the selected values
First assign numeric values in each option and then normalize based on this calculation: Risk Score = (data sensitivty × 0.3) + (business criticality × 0.3) + (past issues × 0.2) + (regulatory exposure × 0.2)
Show calculated score in vendor detail view and in the table
Note: When adding a new vendor or editing a vendor, use the same modal for the additional fields above, but group the scorecard fields under a toggle/collapsible section labeled “Vendor Scorecard (Advanced)”. That way the main context is not lost, and it doesn’t require navigation or extra UI complexity.