Printer Friendly, PDF & Email

Vendor risk management

Ian Shaw ( is Product Manager at Sword GRC in the UK.

As more and more organizations outsource business functions such as IT, the question arises: Just how reliable are the vendors providing the services? What happens if/when something goes wrong? Just because you’ve outsourced the function, doesn’t mean that you’ve also outsourced all responsibility. As a business, you still need to meet regulatory and legal requirements, and any transgressions by the vendors you use could reflect badly on your own brand.

The Deloitte global survey on third-party governance and risk management[1] highlighted how leading organizations are those that are able to protect their value through risk management and that third-party relationships, being a key part of the extended enterprise, need to be managed just as closely as every other part of the business. Furthermore, many of those leading organizations are looking to enhance the value of their third-party relationships with positive risk management.

This document is only available to members. Please log in or become a member