Assessing risk of a particular function or third party across a ranked scale (e.g., 1-5, high to low). The scale may be custom defined or developed by/for an organization to help prioritize due diligence requirements throughout the lifecycle of the third party relationship. The scale should take into account the risk of a particular activity, concentration risk, and other factors unique to the outsourcer’s needs.