Skip to main content
A dependency tier answers a single question: how much would it hurt if this vendor failed, was breached, or went away? Tiers let VendexLabs weight your vendors so that a problem with a critical provider moves your portfolio posture more than a problem with a peripheral one.

The tiers

Core

Business-critical. Deep access, sensitive data, or no easy replacement. A failure here is felt immediately.

Standard

Important but not existential. Typical SaaS and service providers used across the business.

Minimal

Low criticality. Limited access or data, and easily replaced.

How tiers affect your portfolio posture

Your portfolio posture (the “tier-weighted score” on the dashboard) is a weighted average of your vendors’ latest aggregate scores. Higher-criticality vendors carry more weight:
TierWeight in portfolio posture
Core1.0
Standard0.65
Minimal0.65
A vendor with no tier set is treated the same as Standard/Minimal (weight 0.65) so it still counts, but doesn’t dominate the number.
This means improving or fixing a Core vendor has the biggest effect on your overall posture — which is exactly where you want attention to go first.

Setting a tier

You can set a vendor’s tier from:
  • The vendor row on the Vendors page (the Tier dropdown)
  • The vendor’s detail page, in the right-hand summary
  • A CSV import, using the tier column
  • The API, via the vendor list membership (dependency_tier)
Tier is about your usage, not the vendor’s quality. AWS might be Core for one team and Standard for another. Set it based on how deeply the vendor sits in your environment and how much sensitive data it touches.

Tiers and scoring are different things

Tiers weight your portfolio number. They do not change a vendor’s aggregate score. However, a closely related idea — integration depthdoes influence a vendor’s recommendation. See Risk scoring for the distinction.