Framework for assessing IT vendors with structured risk assessments and regulatory checklists (GDPR, DORA, NIS2, SOX)