Test mode — all payments in preview use Stripe test cards (e.g. 4242 4242 4242 4242).
Playbooks
Playbook

Vendor Risk Playbook

Security

6 min read

The 2-tier model

  • Tier 1 (data processor, SSO, prod-connected): full review — SOC 2, pen test, DPA, sub-processor list
  • Tier 2 (non-sensitive SaaS): lightweight — SSO enforced, MFA, contract

The 20-minute review

Use a standard questionnaire. If clean in 20 minutes, approve.

Common trap

Blocking every tool by default. Security's job is to make the safe path the easy path.

Newsletter

The Operator Memo

Bi-weekly notes on fractional hiring and executive playbooks.

No spam · Unsubscribe anytime