Essential Guide

Enterprise risk management strategy: A planning guide for CIOs

A comprehensive collection of articles, videos and more, hand-picked by our editors

vendor risk management (VRM)

Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd party vendors for IT products and services.

Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd party vendors for information technology (IT) products and services. 

When an enterprise outsources business processes to an external vendor, sensitive data may be transmitted, stored and processed on both company and vendor networks.  Regulations such as the Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS) and the Health Information Portability and Accountability Act (HIPAA) mandate that risk management policies extend to third-party vendors, outsourcers, contractors and consultants. 

A solid vendor risk management strategy should include:

  • A contract outlining the business relationship between the organization and the business.
  • Consistent monitoring of vendor performance to ensure that contract stipulations are being met.
  • Guidelines regarding who will have access to what information as part of the vendor agreement.
  • Stipulations to ensure that vendors meet regulatory compliance guidelines for your industry, and a method to monitor this compliance.

 

This was first published in August 2011

Continue Reading About vendor risk management (VRM)

Glossary

'vendor risk management (VRM)' is part of the:

View All Definitions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Managing technology providers to meet business initiatives: A CIO guide

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close