Third-party assessments

ISO-mapped questionnaires sent to third parties post due-diligence. Security, AI and Privacy frameworks live alongside; questions are versioned in YAML and dynamically scoped to the vendor's service type and criticality.