IT vendor risk management

Vendor Risk Management: A Proactive Approach

Colorful blocks that spell risk

SIG University student Hanne McBlain enrolled in the Certified Third Party Risk Management Professional (C3PRMP) Program while working at Information Services Group. She shares what she learned from her own experience with a data breach and how she is taking a proactive approach to IT vendor risk management to mitigate future business disruptions.  


In times of cost-cutting, vendor management functions that include third party risk are often the first to go or be significantly reduced. Many senior executives fail to see the value these functions bring and are usually happy to cover third party risk as part of a general risk function.

Stakeholder Support is Critical

I previously worked for an organization that prided itself on not relying on third parties for any critical functions. Redundancy was abundant and built into every platform, and on the surface, there was not much to worry about when it came to third party risk.

During my time there things started to change. We convinced the organization to implement a third party risk management framework. But with no experience in this area, we were fighting an uphill battle. We managed to win support and quickly implemented standard due diligence and on-going monitoring of critical suppliers. The business stakeholders generally regarded the added due diligence and tracking as unnecessary and bureaucratic.

Hanne McBlain, Director - ANZ Managed Services