Inherent Risk

Inherent risk is the level of risk a vendor poses before any security controls are applied, determined by factors like data access, system criticality, regulatory scope, and integration depth. It is the starting point for vendor assessment and tiering, establishing how much risk a relationship introduces before any mitigating measures are considered. See also: Residual Risk.