Which statement about vendor risk taxonomy is accurate?

In vendor risk management, a taxonomy is a structured classification scheme that groups vendors by risk characteristics such as risk type, criticality, data access, and potential system impact. This framework provides a consistent way to compare vendors, assign risk scores, and determine appropriate due diligence, controls, and monitoring intensity. It helps organizations prioritize resources and tailor risk responses based on how different vendors affect business processes and information security. For example, a vendor that handles sensitive personal data and connects to core systems would fall into a high-risk, high-impact category, triggering stricter contractual safeguards and more frequent reviews. This clear, organized approach to categorization is what makes the described statement the best fit. It’s not about pricing models, geographic locations, or onboarding checklists, which are separate concepts used for other purposes.