The vendor assessment section must be filled out for each vendor before your audit and reviewed annually after. You can fill out the vendor assessment starting from the top with Environment Type, Data Management, Operational Reliance, and Risk Level.  

To help identify each category, you can hover over the assessment boxes or tooltip icon for examples and short definitions. 

After filling out Data Management and Operational Reliance information, Secureframe will automatically recommend a risk level for that vendor.