Vendor Risk Management

Due to regulations (DORA in our case) we have to setup vendor risk management. Has anyone ever done this for their Entra-integrated SaaS applications?