Which factor is NOT listed as a basis for vendor due diligence requirements?

When evaluating vendors for due diligence, the focus is on whether they meet the obligations that protect the organization: regulatory requirements, IT security and data privacy controls, and adherence to applicable industry standards. Geographic location isn’t typically named as a separate basis for due diligence because it’s not a direct measure of a vendor’s ability to comply or protect data; instead, location can influence which laws and transfer rules apply, and those implications are captured under regulatory requirements and data privacy considerations. For example, regulatory requirements spell out the laws the vendor must follow; IT security and data privacy requirements ensure controls are in place to protect information; industry standards provide established benchmarks for security and governance. Therefore, geographic location is the factor that isn’t listed as a basis for vendor due diligence requirements.