> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Dependency tiers

> How dependency tiers describe vendor criticality and weight your portfolio posture.

A **dependency tier** answers a single question: *how much would it hurt if this vendor failed, was breached, or went away?* Tiers let VendexLabs weight your vendors so that a problem with a critical provider moves your portfolio posture more than a problem with a peripheral one.

## The tiers

<CardGroup cols={3}>
  <Card title="Core" icon="circle">
    Business-critical. Deep access, sensitive data, or no easy replacement. A failure here is felt immediately.
  </Card>

  <Card title="Standard" icon="circle-half-stroke">
    Important but not existential. Typical SaaS and service providers used across the business.
  </Card>

  <Card title="Minimal" icon="circle-dot">
    Low criticality. Limited access or data, and easily replaced.
  </Card>
</CardGroup>

## How tiers affect your portfolio posture

Your **portfolio posture** (the "tier-weighted score" on the dashboard) is a weighted average of your vendors' latest aggregate scores. Higher-criticality vendors carry more weight:

| Tier     | Weight in portfolio posture |
| -------- | --------------------------- |
| Core     | 1.0                         |
| Standard | 0.65                        |
| Minimal  | 0.65                        |

<Info>
  A vendor with no tier set is treated the same as Standard/Minimal (weight 0.65) so it still counts, but doesn't dominate the number.
</Info>

This means improving or fixing a **Core** vendor has the biggest effect on your overall posture — which is exactly where you want attention to go first.

## Setting a tier

You can set a vendor's tier from:

* The vendor row on the **Vendors** page (the Tier dropdown)
* The vendor's detail page, in the right-hand summary
* A CSV import, using the tier column
* The API, via the vendor list membership (`dependency_tier`)

<Tip>
  Tier is about **your** usage, not the vendor's quality. AWS might be Core for one team and Standard for another. Set it based on how deeply the vendor sits in your environment and how much sensitive data it touches.
</Tip>

## Tiers and scoring are different things

Tiers weight your **portfolio** number. They do **not** change a vendor's aggregate score. However, a closely related idea — **integration depth** — *does* influence a vendor's recommendation. See [Risk scoring](/concepts/risk-scoring) for the distinction.
