<a href="https://colab.research.google.com/github/micah-shull/AI_Agents/blob/main/676_TPROv2_DataGen.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>


# üì¶ Third-Party Risk Orchestrator v2 ‚Äî MVP Data Expansion Proposal

## Objective

Version 2 of the Third-Party Risk Orchestrator expands the data model just enough to introduce:

* lifecycle-driven orchestration
* event-triggered rescoring
* exposure-weighted prioritization
* renewal and contract risk workflows
* board-level escalation logic

The design explicitly **avoids ‚Äúbig data for its own sake.‚Äù**
The goal is to increase **architectural complexity and governance realism** while keeping datasets small, interpretable, and easy to reason about.

> **MVP principle:** introduce *new system behaviors*, not large volumes of records.

---

## üéØ What v2 Adds Beyond v1

v1 already supports:

* vendor registry & tiering
* risk domains and scoring weights
* control evidence tracking
* external signals
* historical assessments
* mitigations & HITL reviews
* ROI and orchestration KPIs

v2 introduces **five new data layers** that unlock enterprise-grade behaviors:

1. **Contract & obligation modeling**
2. **Internal risk event streams**
3. **Financial exposure per vendor**
4. **Control maturity trending**
5. **Executive trigger rules**

Each layer is represented by a **small, purpose-built dataset**.

---

---

# üóÇÔ∏è Proposed v2 Data Files

---

## 1Ô∏è‚É£ `vendor_contracts.json`

### Purpose

Adds legal and operational obligations to risk decisions.

Enables:

* renewal-driven escalation
* DPA / audit rights enforcement
* certification tracking
* termination planning
* SLA-based weighting

### Core Fields

* `vendor_id`
* `contract_start_date`
* `renewal_date`
* `auto_renew` (true/false)
* `termination_notice_days`
* `DPA_signed` (true/false)
* `right_to_audit` (true/false)
* `SLA_tier` (none/basic/standard/premium)
* `required_certifications` (array)

### MVP Size

**1 record per vendor (10‚Äì12 total).**

---

---

## 2Ô∏è‚É£ `risk_events.json`

### Purpose

Creates a continuous internal event stream that can trigger:

* rescoring runs
* mitigation workflows
* executive alerts
* renewal reviews
* audit escalations

This goes beyond news signals into **formal governance events.**

### Example Event Types

* `sla_breach`
* `audit_failed`
* `audit_passed`
* `subprocessor_added`
* `data_scope_changed`
* `renewal_approaching`
* `mitigation_completed`

### Core Fields

* `event_id`
* `vendor_id`
* `event_type`
* `severity`
* `event_date`
* `impact_estimate_usd`
* `linked_signal_id` (optional)
* `notes`

### MVP Size

**20‚Äì30 total events across vendors.**

---

---

## 3Ô∏è‚É£ `financial_exposure.json`

### Purpose

Allows risk scores to be translated into **enterprise impact**.

Supports:

* exposure-weighted prioritization
* ‚Äútop vendors by financial risk‚Äù
* board-level heatmaps
* ROI attribution for mitigations
* dependency analysis

### Core Fields

* `vendor_id`
* `annual_spend_usd`
* `revenue_dependency_usd`
* `switching_cost_usd`
* `regulatory_exposure_usd`
* `critical_business_process`

### MVP Size

**1 record per vendor.**

---

---

## 4Ô∏è‚É£ `control_maturity_history.json`

### Purpose

Tracks whether a vendor‚Äôs controls are improving or degrading over time.

Enables:

* trend-based alerts
* maturity scoring
* remediation effectiveness measurement
* early-warning signals

### Core Fields

* `vendor_id`
* `control_name`
* `maturity_level` (1‚Äì5)
* `assessment_date`

### MVP Size

**2‚Äì4 historical rows per critical control per high/medium vendor.**

---

---

## 5Ô∏è‚É£ `executive_trigger_rules.json`

### Purpose

Separates escalation logic from code and models **board-level risk policy.**

Supports:

* composable alerting
* explainable escalations
* portfolio governance
* audit-ready decision paths

### Example Triggers

* ‚ÄúCritical vendor + high risk + renewal < 60 days‚Äù
* ‚ÄúExpired SOC2 + sensitive data access‚Äù
* ‚ÄúRegulatory notice + open mitigation > 30 days‚Äù

### Core Fields

* `trigger_id`
* `name`
* `conditions` (JSON logic block)
* `severity`
* `escalation_role`
* `board_visibility` (true/false)
* `notification_channel`

### MVP Size

**6‚Äì10 trigger rules.**

---

---

# üß† Architectural Outcomes Enabled in v2

With only these additions, the orchestrator can now:

* re-score vendors based on internal lifecycle events
* escalate renewals with unresolved high risk
* rank vendors by exposure, not just score
* produce ‚ÄúTop 5 enterprise risk contributors‚Äù
* track mitigation ROI per vendor
* detect deteriorating control posture
* generate board-ready alerts
* separate policy logic from orchestration code

---

---

# üìè Design Constraints

To preserve the MVP focus:

* datasets remain human-readable
* no unstructured legal documents
* limited historical depth
* synthetic but realistic numbers
* schema-first modeling
* deterministic policy evaluation

---

---

# üìå Portfolio Framing

This v2 expansion demonstrates:

* event-driven orchestration
* governance-first AI design
* HITL integration
* policy-driven escalation
* ROI-linked risk management
* enterprise-ready architecture

It intentionally prioritizes **system behavior and decision logic** over scale.



# vendor_contracts.json

In [None]:
[
  {
    "vendor_id": "VEND_001",
    "contract_start_date": "2023-06-15",
    "renewal_date": "2026-06-15",
    "auto_renew": true,
    "termination_notice_days": 90,
    "DPA_signed": true,
    "right_to_audit": true,
    "SLA_tier": "premium",
    "required_certifications": ["SOC2", "ISO27001"]
  },
  {
    "vendor_id": "VEND_002",
    "contract_start_date": "2022-02-10",
    "renewal_date": "2026-03-01",
    "auto_renew": false,
    "termination_notice_days": 120,
    "DPA_signed": true,
    "right_to_audit": true,
    "SLA_tier": "standard",
    "required_certifications": ["GDPR", "SOC2"]
  },
  {
    "vendor_id": "VEND_003",
    "contract_start_date": "2021-11-20",
    "renewal_date": "2026-11-20",
    "auto_renew": true,
    "termination_notice_days": 60,
    "DPA_signed": true,
    "right_to_audit": true,
    "SLA_tier": "standard",
    "required_certifications": ["SOC2"]
  },
  {
    "vendor_id": "VEND_004",
    "contract_start_date": "2020-08-05",
    "renewal_date": "2027-08-05",
    "auto_renew": true,
    "termination_notice_days": 90,
    "DPA_signed": true,
    "right_to_audit": true,
    "SLA_tier": "premium",
    "required_certifications": ["SOC2", "ISO27001"]
  },
  {
    "vendor_id": "VEND_005",
    "contract_start_date": "2022-09-18",
    "renewal_date": "2026-09-18",
    "auto_renew": true,
    "termination_notice_days": 60,
    "DPA_signed": true,
    "right_to_audit": false,
    "SLA_tier": "standard",
    "required_certifications": ["SOX"]
  },
  {
    "vendor_id": "VEND_006",
    "contract_start_date": "2023-01-12",
    "renewal_date": "2026-01-12",
    "auto_renew": false,
    "termination_notice_days": 45,
    "DPA_signed": false,
    "right_to_audit": true,
    "SLA_tier": "basic",
    "required_certifications": []
  },
  {
    "vendor_id": "VEND_007",
    "contract_start_date": "2024-04-02",
    "renewal_date": "2026-04-02",
    "auto_renew": true,
    "termination_notice_days": 30,
    "DPA_signed": false,
    "right_to_audit": false,
    "SLA_tier": "basic",
    "required_certifications": []
  },
  {
    "vendor_id": "VEND_008",
    "contract_start_date": "2021-05-30",
    "renewal_date": "2027-05-30",
    "auto_renew": true,
    "termination_notice_days": 30,
    "DPA_signed": false,
    "right_to_audit": false,
    "SLA_tier": "basic",
    "required_certifications": []
  },
  {
    "vendor_id": "VEND_009",
    "contract_start_date": "2023-07-01",
    "renewal_date": "2026-07-01",
    "auto_renew": true,
    "termination_notice_days": 30,
    "DPA_signed": false,
    "right_to_audit": false,
    "SLA_tier": "none",
    "required_certifications": []
  },
  {
    "vendor_id": "VEND_010",
    "contract_start_date": "2026-01-05",
    "renewal_date": "2027-01-05",
    "auto_renew": false,
    "termination_notice_days": 60,
    "DPA_signed": false,
    "right_to_audit": true,
    "SLA_tier": "basic",
    "required_certifications": ["SOC2"]
  }
]


# financial_exposure.json

In [None]:
[
  {
    "vendor_id": "VEND_001",
    "annual_spend_usd": 4800000,
    "revenue_dependency_usd": 22500000,
    "switching_cost_usd": 3200000,
    "regulatory_exposure_usd": 15000000,
    "critical_business_process": "Core cloud infrastructure and customer data hosting"
  },
  {
    "vendor_id": "VEND_002",
    "annual_spend_usd": 2100000,
    "revenue_dependency_usd": 9800000,
    "switching_cost_usd": 1400000,
    "regulatory_exposure_usd": 12000000,
    "critical_business_process": "Payroll processing and employee records management"
  },
  {
    "vendor_id": "VEND_003",
    "annual_spend_usd": 3500000,
    "revenue_dependency_usd": 16000000,
    "switching_cost_usd": 2500000,
    "regulatory_exposure_usd": 9000000,
    "critical_business_process": "Customer data analytics and reporting platform"
  },
  {
    "vendor_id": "VEND_004",
    "annual_spend_usd": 2900000,
    "revenue_dependency_usd": 12000000,
    "switching_cost_usd": 1800000,
    "regulatory_exposure_usd": 6000000,
    "critical_business_process": "Identity management and authentication services"
  },
  {
    "vendor_id": "VEND_005",
    "annual_spend_usd": 1750000,
    "revenue_dependency_usd": 6200000,
    "switching_cost_usd": 1100000,
    "regulatory_exposure_usd": 4500000,
    "critical_business_process": "Payment reconciliation and financial reporting"
  },
  {
    "vendor_id": "VEND_006",
    "annual_spend_usd": 1250000,
    "revenue_dependency_usd": 4800000,
    "switching_cost_usd": 900000,
    "regulatory_exposure_usd": 2000000,
    "critical_business_process": "Order fulfillment and logistics coordination"
  },
  {
    "vendor_id": "VEND_007",
    "annual_spend_usd": 650000,
    "revenue_dependency_usd": 2100000,
    "switching_cost_usd": 450000,
    "regulatory_exposure_usd": 500000,
    "critical_business_process": "Market research and customer sentiment analysis"
  },
  {
    "vendor_id": "VEND_008",
    "annual_spend_usd": 420000,
    "revenue_dependency_usd": 900000,
    "switching_cost_usd": 250000,
    "regulatory_exposure_usd": 300000,
    "critical_business_process": "Facilities operations and workplace services"
  },
  {
    "vendor_id": "VEND_009",
    "annual_spend_usd": 300000,
    "revenue_dependency_usd": 700000,
    "switching_cost_usd": 200000,
    "regulatory_exposure_usd": 250000,
    "critical_business_process": "Creative and brand design services"
  },
  {
    "vendor_id": "VEND_010",
    "annual_spend_usd": 900000,
    "revenue_dependency_usd": 3500000,
    "switching_cost_usd": 800000,
    "regulatory_exposure_usd": 3000000,
    "critical_business_process": "IT support services and endpoint management"
  }
]


# risk_events.json

In [None]:
[
  {
    "event_id": "EVT_001",
    "vendor_id": "VEND_001",
    "event_type": "audit_failed",
    "severity": "high",
    "event_date": "2026-01-07",
    "impact_estimate_usd": 1200000,
    "linked_signal_id": "SIG_001",
    "notes": "SOC2 renewal audit identified control gaps in change management."
  },
  {
    "event_id": "EVT_002",
    "vendor_id": "VEND_001",
    "event_type": "renewal_approaching",
    "severity": "medium",
    "event_date": "2026-03-15",
    "impact_estimate_usd": 0,
    "linked_signal_id": null,
    "notes": "Contract renewal in 90 days; remediation still open."
  },
  {
    "event_id": "EVT_003",
    "vendor_id": "VEND_002",
    "event_type": "regulatory_inquiry",
    "severity": "high",
    "event_date": "2026-01-09",
    "impact_estimate_usd": 3000000,
    "linked_signal_id": "SIG_002",
    "notes": "EU regulator expanded GDPR review scope."
  },
  {
    "event_id": "EVT_004",
    "vendor_id": "VEND_003",
    "event_type": "subprocessor_added",
    "severity": "medium",
    "event_date": "2025-12-18",
    "impact_estimate_usd": 500000,
    "linked_signal_id": null,
    "notes": "New offshore data processing subcontractor added; review pending."
  },
  {
    "event_id": "EVT_005",
    "vendor_id": "VEND_003",
    "event_type": "data_scope_changed",
    "severity": "medium",
    "event_date": "2026-01-04",
    "impact_estimate_usd": 800000,
    "linked_signal_id": null,
    "notes": "Expanded access to customer behavioral datasets."
  },
  {
    "event_id": "EVT_006",
    "vendor_id": "VEND_004",
    "event_type": "audit_passed",
    "severity": "low",
    "event_date": "2026-01-02",
    "impact_estimate_usd": 0,
    "linked_signal_id": "SIG_005",
    "notes": "SOC2 Type II audit clean; controls validated."
  },
  {
    "event_id": "EVT_007",
    "vendor_id": "VEND_006",
    "event_type": "sla_breach",
    "severity": "medium",
    "event_date": "2025-12-14",
    "impact_estimate_usd": 350000,
    "linked_signal_id": "SIG_004",
    "notes": "Fulfillment delays exceeded contractual thresholds."
  },
  {
    "event_id": "EVT_008",
    "vendor_id": "VEND_006",
    "event_type": "renewal_approaching",
    "severity": "low",
    "event_date": "2026-01-12",
    "impact_estimate_usd": 0,
    "linked_signal_id": null,
    "notes": "Contract renewal window opening in 60 days."
  },
  {
    "event_id": "EVT_009",
    "vendor_id": "VEND_005",
    "event_type": "audit_passed",
    "severity": "low",
    "event_date": "2025-03-01",
    "impact_estimate_usd": 0,
    "linked_signal_id": null,
    "notes": "SOX audit confirmed effective financial controls."
  },
  {
    "event_id": "EVT_010",
    "vendor_id": "VEND_007",
    "event_type": "negative_media_watch",
    "severity": "low",
    "event_date": "2026-01-20",
    "impact_estimate_usd": 150000,
    "linked_signal_id": null,
    "notes": "Social media chatter flagged but not substantiated."
  },
  {
    "event_id": "EVT_011",
    "vendor_id": "VEND_010",
    "event_type": "onboarding_delay",
    "severity": "medium",
    "event_date": "2026-01-18",
    "impact_estimate_usd": 400000,
    "linked_signal_id": null,
    "notes": "Security questionnaire incomplete; onboarding extended."
  },
  {
    "event_id": "EVT_012",
    "vendor_id": "VEND_008",
    "event_type": "renewal_approaching",
    "severity": "low",
    "event_date": "2026-02-15",
    "impact_estimate_usd": 0,
    "linked_signal_id": null,
    "notes": "Facilities services renewal in 90 days."
  },
  {
    "event_id": "EVT_013",
    "vendor_id": "VEND_002",
    "event_type": "mitigation_completed",
    "severity": "medium",
    "event_date": "2026-03-10",
    "impact_estimate_usd": -1500000,
    "linked_signal_id": null,
    "notes": "GDPR remediation milestones achieved; regulator notified."
  },
  {
    "event_id": "EVT_014",
    "vendor_id": "VEND_001",
    "event_type": "penetration_test_started",
    "severity": "medium",
    "event_date": "2026-01-22",
    "impact_estimate_usd": 0,
    "linked_signal_id": null,
    "notes": "Third-party penetration testing engagement initiated."
  },
  {
    "event_id": "EVT_015",
    "vendor_id": "VEND_003",
    "event_type": "executive_review_triggered",
    "severity": "high",
    "event_date": "2026-01-25",
    "impact_estimate_usd": 2000000,
    "linked_signal_id": null,
    "notes": "Risk score trend + financial exposure exceeded threshold."
  }
]


# executive_trigger_rules.json

In [None]:
[
  {
    "trigger_id": "TRG_001",
    "name": "Critical Vendor High Risk Near Renewal",
    "conditions": {
      "all": [
        { "field": "vendor.criticality", "operator": "equals", "value": "high" },
        { "field": "risk.overall_risk_score", "operator": "greater_than", "value": 65 },
        { "field": "contract.days_to_renewal", "operator": "less_than", "value": 90 }
      ]
    },
    "severity": "critical",
    "escalation_role": "Chief Risk Officer",
    "board_visibility": true,
    "notification_channel": "board_dashboard"
  },
  {
    "trigger_id": "TRG_002",
    "name": "Expired Certification on Sensitive Data Vendor",
    "conditions": {
      "all": [
        { "field": "vendor.data_access_level", "operator": "in", "value": ["sensitive", "restricted"] },
        { "field": "controls.expired_count", "operator": "greater_than", "value": 0 }
      ]
    },
    "severity": "high",
    "escalation_role": "Chief Information Security Officer",
    "board_visibility": true,
    "notification_channel": "email"
  },
  {
    "trigger_id": "TRG_003",
    "name": "Regulatory Inquiry With Open Mitigation",
    "conditions": {
      "all": [
        { "field": "events.recent_regulatory_inquiry", "operator": "equals", "value": true },
        { "field": "mitigations.open_count", "operator": "greater_than", "value": 0 }
      ]
    },
    "severity": "critical",
    "escalation_role": "General Counsel",
    "board_visibility": true,
    "notification_channel": "board_dashboard"
  },
  {
    "trigger_id": "TRG_004",
    "name": "High Financial Exposure Moderate Risk",
    "conditions": {
      "all": [
        { "field": "financial.revenue_dependency_usd", "operator": "greater_than", "value": 10000000 },
        { "field": "risk.overall_risk_score", "operator": "between", "value": [45, 65] }
      ]
    },
    "severity": "high",
    "escalation_role": "Chief Financial Officer",
    "board_visibility": true,
    "notification_channel": "board_dashboard"
  },
  {
    "trigger_id": "TRG_005",
    "name": "Repeated SLA Breaches",
    "conditions": {
      "all": [
        { "field": "events.sla_breach_count_90d", "operator": "greater_than_or_equal", "value": 2 }
      ]
    },
    "severity": "medium",
    "escalation_role": "Chief Operating Officer",
    "board_visibility": false,
    "notification_channel": "email"
  },
  {
    "trigger_id": "TRG_006",
    "name": "Missing DPA for Confidential Data Vendor",
    "conditions": {
      "all": [
        { "field": "vendor.data_access_level", "operator": "equals", "value": "confidential" },
        { "field": "contract.DPA_signed", "operator": "equals", "value": false }
      ]
    },
    "severity": "high",
    "escalation_role": "Data Protection Officer",
    "board_visibility": true,
    "notification_channel": "email"
  },
  {
    "trigger_id": "TRG_007",
    "name": "Onboarding Delayed for High Criticality Vendor",
    "conditions": {
      "all": [
        { "field": "vendor.contract_status", "operator": "equals", "value": "onboarding" },
        { "field": "vendor.criticality", "operator": "equals", "value": "high" }
      ]
    },
    "severity": "medium",
    "escalation_role": "Vendor Management Lead",
    "board_visibility": false,
    "notification_channel": "slack"
  },
  {
    "trigger_id": "TRG_008",
    "name": "Executive Review Triggered by Risk Trend",
    "conditions": {
      "all": [
        { "field": "risk.trend_direction", "operator": "equals", "value": "worsening" },
        { "field": "financial.regulatory_exposure_usd", "operator": "greater_than", "value": 5000000 }
      ]
    },
    "severity": "critical",
    "escalation_role": "Chief Executive Officer",
    "board_visibility": true,
    "notification_channel": "board_dashboard"
  }
]


# control_maturity_history.json

In [None]:
[
  {
    "vendor_id": "VEND_001",
    "control_name": "SOC2",
    "maturity_level": 3,
    "assessment_date": "2025-09-01"
  },
  {
    "vendor_id": "VEND_001",
    "control_name": "SOC2",
    "maturity_level": 2,
    "assessment_date": "2026-01-07"
  },
  {
    "vendor_id": "VEND_001",
    "control_name": "Incident Response Plan",
    "maturity_level": 4,
    "assessment_date": "2025-10-01"
  },
  {
    "vendor_id": "VEND_001",
    "control_name": "Incident Response Plan",
    "maturity_level": 4,
    "assessment_date": "2026-01-07"
  },

  {
    "vendor_id": "VEND_002",
    "control_name": "GDPR",
    "maturity_level": 2,
    "assessment_date": "2025-06-15"
  },
  {
    "vendor_id": "VEND_002",
    "control_name": "GDPR",
    "maturity_level": 3,
    "assessment_date": "2026-03-10"
  },

  {
    "vendor_id": "VEND_003",
    "control_name": "Access Controls",
    "maturity_level": 3,
    "assessment_date": "2025-12-01"
  },
  {
    "vendor_id": "VEND_003",
    "control_name": "Access Controls",
    "maturity_level": 2,
    "assessment_date": "2026-01-04"
  },
  {
    "vendor_id": "VEND_003",
    "control_name": "Encryption",
    "maturity_level": 4,
    "assessment_date": "2025-12-01"
  },
  {
    "vendor_id": "VEND_003",
    "control_name": "Encryption",
    "maturity_level": 4,
    "assessment_date": "2026-01-04"
  },

  {
    "vendor_id": "VEND_004",
    "control_name": "SOC2",
    "maturity_level": 5,
    "assessment_date": "2025-01-05"
  },
  {
    "vendor_id": "VEND_004",
    "control_name": "SOC2",
    "maturity_level": 5,
    "assessment_date": "2026-01-02"
  },

  {
    "vendor_id": "VEND_006",
    "control_name": "SLA Monitoring",
    "maturity_level": 3,
    "assessment_date": "2025-11-20"
  },
  {
    "vendor_id": "VEND_006",
    "control_name": "SLA Monitoring",
    "maturity_level": 2,
    "assessment_date": "2025-12-14"
  },

  {
    "vendor_id": "VEND_010",
    "control_name": "SOC2",
    "maturity_level": 2,
    "assessment_date": "2026-01-05"
  },
  {
    "vendor_id": "VEND_010",
    "control_name": "SOC2",
    "maturity_level": 3,
    "assessment_date": "2026-02-10"
  }
]
