Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Moreso than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
It is increasingly likely that one of an organization's vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

Our Advice

Critical Insight

Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.
Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

Impact and Result

Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Prioritize and classify your vendors with quantifiable, standardized rankings.
Prioritize focus on your high-risk vendors.
Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Research & Tools

1. Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management – Use the research to better understand the negative impacts of vendor actions to your organization

Use this research to identify and quantify the potential risk impacts caused by vendors. Utilize Info-Tech's approach to look at the impact from various perspectives to better prepare for issues that may arise.

2. Comprehensive Risk Impact Tool – Use this tool to help identify and quantify the impacts of negative vendor actions.

By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

Approach vendor risk impact assessments from all perspectives.

Analyst Perspective

Organizations must comprehensively understand the impacts vendors may cause through different potential actions.

The risks from the vendor market have become more prevalent as the technologies and organizational strategies shift to a global direction. With this shift in risk comes a necessary perspective change to align with the greater likelihood of an incident occurring from vendors' (or one of their downstream support vendor's) negative actions.

Organizational leadership must become more aware of the increasing risks that engaging vendors impose. To do so, they need to make informed decisions, which can only be provided by engaging expert resources in their organizations to compile a comprehensive look at potential risk impacts.

Frank Sewell

Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

More so than at any other time, our world is changing. As a result organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

It is increasingly likely that one of your vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

Common Obstacles

Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.

Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

Info-Tech's Approach

Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

Prioritize and classify your vendors with quantifiable, standardized rankings.

Prioritize focus on your high-risk vendors.

Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

Info-Tech Insight

Organizations must evolve their risk assessments to be more adaptive to respond to changes in the global market. Ongoing monitoring and continual assessment of vendors’ risks is crucial to avoiding negative impacts.

Info-Tech’s multi-blueprint series on vendor risk assessment

There are many individual components of vendor risk beyond cybersecurity.`

6 components of vendor risk beyond cybersecurity. Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

Out of Scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.