Third-party risk assessment systematically evaluates the security, financial stability, operational capability, and compliance posture of external organizations before and during business relationships. This process addresses risks including data breaches, service disruptions, regulatory violations, and reputational damage that can arise from vendor activities. For example, the 2013 Target data breach occurred through compromised credentials of an HVAC vendor, exposing 40 million customer payment records. Assessment methodologies typically include due diligence questionnaires, financial analysis, security audits, and ongoing monitoring, with risk ratings determining contract terms, insurance requirements, and oversight intensity.