Get Instant Access
to This Blueprint

Vendor Management icon

Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

Approach vendor risk impact assessments from all perspectives


  • Moreso than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
  • It is increasingly likely that one of an organization's vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

Our Advice

Critical Insight

  • Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.
  • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

Impact and Result

  • Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
  • Prioritize and classify your vendors with quantifiable, standardized rankings.
  • Prioritize focus on your high-risk vendors.
  • Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Research & Tools

1. Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management – Use the research to better understand the negative impacts of vendor actions to your organization

Use this research to identify and quantify the potential risk impacts caused by vendors. Utilize Info-Tech's approach to look at the impact from various perspectives to better prepare for issues that may arise.

2. Comprehensive Risk Impact Tool – Use this tool to help identify and quantify the impacts of negative vendor actions.

By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.


Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

Approach vendor risk impact assessments from all perspectives.

Analyst Perspective

Organizations must comprehensively understand the impacts vendors may cause through different potential actions.

Frank Sewell

The risks from the vendor market have become more prevalent as the technologies and organizational strategies shift to a global direction. With this shift in risk comes a necessary perspective change to align with the greater likelihood of an incident occurring from vendors' (or one of their downstream support vendor's) negative actions.

Organizational leadership must become more aware of the increasing risks that engaging vendors impose. To do so, they need to make informed decisions, which can only be provided by engaging expert resources in their organizations to compile a comprehensive look at potential risk impacts.

Frank Sewell

Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

More so than at any other time, our world is changing. As a result organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

It is increasingly likely that one of your vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

Common Obstacles

Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.

Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

Info-Tech's Approach

Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

Prioritize and classify your vendors with quantifiable, standardized rankings.

Prioritize focus on your high-risk vendors.

Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

Info-Tech Insight

Organizations must evolve their risk assessments to be more adaptive to respond to changes in the global market. Ongoing monitoring and continual assessment of vendors’ risks is crucial to avoiding negative impacts.

Info-Tech’s multi-blueprint series on vendor risk assessment

There are many individual components of vendor risk beyond cybersecurity.`

6 components of vendor risk beyond cybersecurity.  Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

Out of Scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

The world is constantly changing

The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

Below are some things no one expected to happen in the last few years:

62%

of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

Info-Tech Tech Trends Survey 2022

82%

of Microsoft non-essential employees shifted to working from home in 2020, joining the 18% already remote.

Info-Tech Tech Trends Survey 2022

89%

of organizations invested in web conferencing technology to facilitate collaboration.

Info-Tech Tech Trends Survey 2022

Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Frank Sewell

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019