Vendor due diligence pack (sanitized demo sample)

This pack demonstrates a clean vendor review structure:
- vendor profile (what they do and how they access data)
- questionnaire answers (scoped, concise, evidence-linked)
- evidence index (artifact IDs, captured dates, expiration, and notes)
- risk assessment (inherent risk, control strength, open items)
- decision log (approve / approve-with-conditions / reject) with time-boxed follow-ups

How to use:
1) Start with Vendor_Profile.pdf to understand the service and data exposure.
2) Review Vendor_Questionnaire_Answers.csv and confirm scope notes match your usage.
3) Use Evidence_Index.csv to request artifacts with capture dates and expiration dates.
4) Record your decision (Decision_Log.csv) and keep conditions time-boxed.

Tip: preserve decisions and follow-ups. Auditors care about the decision trail.
