Firstly, This module sheds light on what vendor assessment means and the need to assess vendors’ privacy posture under several privacy regulations. It also provides an overview of the data controller’s liabilities in the case of non-compliance from their involved third parties. Then, it explains the problems of assessing vendors’ privacy posture and how these problems can be eradicated by following the PrivacyOps approach. It also describes how vendor assessments work in a PrivacyOps platform. In the end, it also explains how vendors’ risk monitoring and rating work.