The VRCM Professional’s Playbook:
The Challenges of Managing Vendor Risk Contingency Plans
Organizations increasingly rely on critical, "Tier 1" vendors for essential products and services. This reliance increases their exposure to various types of risk, including regulatory risk, reputational risk, information security risk, and financial risk. Vendor Risk Management intersects with Business Continuity Management (BCM) and Operational Risk Management (ORM) where third-party vendors provide critical products, services, or have access to critical company information. This playbook explores how—using established risk management and BCM/DR principles—we can define a practice to manage vendor risk while addressing contingency and recovery capabilities.