Abstract: A computer-implemented system and method are disclosed that monitor and determine vendor compliance with at least some aspects of information and security criteria. At least one computing device is configured by executing code to access information and security criteria respectively associated with a vendor that provides a good and/or service. At least some aspects of the information and security criteria are provided by an organization considering the vendor and, further, the information and security criteria include at least one of cybersecurity criteria, regulatory criteria, intellectual property criteria, data management criteria, and policy criteria.