HIU Vendor risk management (VRM) deals with the management and monitoring of risks resulting from third-party vendors and suppliers of university information technology (IT) products and services. VRM programs are concerned with ensuring third-party products, IT vendors, and service providers do not result in business disruption or financial and reputational damage. Vendor risk management programs have a comprehensive plan for the identification and mitigation of business uncertainties, legal liabilities, and reputational damage. As businesses increase their use of outsourcing, VRM and third-party risk management become an increasingly important part of any enterprise risk management framework. Organizations are entrusting more of their business processes to third parties and business partners, so they can focus on what they do best. This means they must ensure third parties are managing information security, data security, and cyber security well. The risk of cyber-attacks and data breaches from third-party vendors must be identified and mitigated. While outsourcing has great benefits, if vendors lack strong security controls, your organization is exposed to operational, regulatory, financial, and reputational risk. Vendor management is focused on identifying and mitigating those risks.