Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd party vendors for information technology (IT) products and services.
Download this free guide
What should be in a CIO’s IT strategic plan?
This complimentary document comprehensively details the elements of a strategic IT plan that are common across the board – from identifying technology gaps and risks to allocating IT resources and capabilities. The SearchCIO.com team has compiled its most effective, most objective, most valued feedback into this single document that’s guaranteed to help you better select, manage, and track IT projects for superior service delivery.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
When an enterprise outsources business processes to an external vendor, sensitive data may be transmitted, stored and processed on both company and vendor networks. Regulations such as the Sarbanes-Oxley Act (SOX ), Payment Card Industry Data Security Standard (PCI DSS ) and the Health Information Portability and Accountability Act (HIPAA ) mandate that risk management policies extend to third-party vendors, outsourcers, contractors and consultants.
A solid vendor risk management strategy should include:
- A contract outlining the business relationship between the organization and the business.
- Consistent monitoring of vendor performance to ensure that contract stipulations are being met.
- Guidelines regarding who will have access to what information as part of the vendor agreement.
- Stipulations to ensure that vendors meet regulatory compliance guidelines for your industry, and a method to monitor this compliance.
This was last updated in August 2011
Continue Reading About vendor risk management (VRM)
chief procurement officer (CPO) A chief procurement officer (CPO) is an executive title commonly given to the person responsible for the strategic acquisition of. See complete definition converged infrastructure Converged infrastructure (CI) is an approach to data center management that often relies on a specific vendor and the vendor’s. See complete definition vendor A vendor is an individual or company that sells goods or services to somone else in the economic production chain. Learn about. See complete definition