Vendor Risk Tiering

Vendor risk tiering is the application of criticality classification to risk treatment decisions, determining not just how much assessment effort a vendor receives, but what risk responses are appropriate if that vendor's posture deteriorates. A vendor's risk tier sets the threshold at which findings trigger escalation, remediation requirements, or contract review. See: Criticality Tiering.