Forrester’s Security and Risk Management clients often describe the frustration they feel when they are not included in important initiatives until after decisions have been made. Lately, this situation has been especially pronounced among decisions to enter partnership agreements based on service, performance, and cost considerations… with risk management only brought in later to identify and mitigate potential points of exposure.At the same time, Forrester’s Sourcing and Vendor Management professionals find themselves facing their own challenges when it comes to managing the risk of partner relationships. In a Q3, 2011 suvey of 575 Sourcing and Vendor Management professionals, top concerns related at “X-as-a-service” relationships included the lack of recourse if a vendor fails or goes out of business, the lack of a clear way to assess risk of a third party, and inability to manage how providers are handling data. ( Source: Forrsights Services Survey, Q3 2011)In order to bridge this gap, Security and Risk Management professionals need to deliver a streamlined way to insert risk identification, analysis, and evaluation steps within their organization’s existing vendor management lifecycle. Forrester customers who have taken this approach – for example, by introducing short, 10-15 question surveys to determine whether more detailed vendor risk assessments are warranted – report better oversight of vendor risk and better involvement in the decision making process. In some cases, Security and Risk Management professionals have even reported casting a decisive thumbs-down vote to block a new vendor contract because it represents unacceptable risk.I will be publishing a report describing these and other best practices later this quarter, and I will be presenting this information at Forrester’s upcoming Security Forum, November 9-10 in Miami. With a theme of protecting the extended enterprise, this event will also include relevant sessions such as Remote Control: Managing Risk By Auditing Your Supply Chain And Cloud Provider, delivered by my colleague Andrew Rose. As always, we welcome your thoughts and questions on the subject. Have you seen any unique solutions to deal with the challenges described above? Related content opinion Just Let Me Fling Birds At Pigs Already! Thoughts On The Snowden / Angry Birds Revelations By Tyler Shields By Forrester Research Jan 28, 2014 4 mins Mobile Security IT Leadership opinion LG Is Learning An Embarrassing Privacy Lesson In The Age Of The Customer By Rick Holland By Forrester Research Nov 22, 2013 3 mins IT Leadership opinion Rise Of The Second Mobile App War By Tyler Shields By Forrester Research Sep 04, 2013 3 mins Application Security opinion Point Solutions Must Die By Forrester Research Aug 19, 2013 4 mins Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe