Comprehensive software reviews to make better IT decisions
Removing Risky Vendors Appears to Be Risky Business
According to a 2019 vendor risk management study published by Protiviti and Shared Assessments, organizations want to give risky vendors the boot. However, the year-over-year data indicate organizations are having a hard time actually doing it.
The report, entitled “Vendor Risk Management Benchmark Study: Running Hard to Stay in Place,” provided insights from a survey conducted during the fourth quarter of 2018 and compared those findings to the previous year. Fifty-seven percent of respondents indicated that they are likely to exit high-risk relationships with their vendors; this is up 2% over the previous year.
Source: Protiviti Vendor Risk Management Study Published 2019
While the urgency appears to be building slowly, it’s difficult to translate this “likelihood” into action. Human nature and inertia work against organizations – they only move when they have to. Even then, additional factors impede the good intentions of those involved in the decision-making process:
- The cost of switching from one vendor to another can be high.
- Contract terms may prevent implementing an exit strategy for two or more years.
- Alternate vendors in some industries may not be any less risky.
- Emerging technologies may present abnormal levels of risk for several years until the technology matures.
- Performance concerns associated with a new vendor may influence the evaluation.
Until there is a real impetus to move (such as new regulations or the occurrence of significant risk events), it will be business as usual for most organizations. The survey numbers may go up over time, but we all know talk is cheap and action costs money.
Want to Know More?
SECURITI.ai Addresses the Privacy vs. AI Debacle With the Industry’s First AI-Powered Privacy Solution
AI-powered privacy is here to stay, driven by the innovative team at SECURITI.ai. The company injects automation through AI with its PrivacyOps solution, PRIVACI, taking the effort out of mapping out personal data within its various repositories.
Is it true that everything that can go wrong will go wrong? Don’t bet on it to not.
Lean IX and Apptio have partnered to produce an integrated solution that better informs the strategic decision-making process with improved visibility into an application’s total cost of ownership and alignment to business capabilities.
The privacy management software space is rapidly becoming crowded with vendors all looking to add value. 2B Advice has released the most recent version (7.0) of its software, emphasizing the support tools needed to build a privacy-aware culture.
Some virtual event platforms, such as vFairs, can represent a client’s online event as a 3D environment that replicates familiar sights, such as a convention center lobby populated by static or moving people. Users can click on auditoriums, information booths, or exhibitor hall booths to navigate the virtual space of their online conference. Does mimicking the appearance of an in-person conference add value to an online conference?
How can online event organizers recreate the networking and social components that make up an essential part of the in-person conference experience? This is one of the central challenges faced by organizers looking to move their events from onsite to online.
COVID-19 has not only initiated emergency remote work – it has also forced organizations to gaze into the looming economic abyss because of the pandemic lockdowns. In this climate, organizations should look in-house to see what communication and collaboration tools can be leveraged to optimize remote work. This note explores how organizations with Office 365 licenses can leverage Microsoft Teams as their collaboration hub.
Proteus-Cyber, a leading vendor within the privacy program management space, has added two standout features to its current privacy software offering. The Threat Intelligence feature tracks and links directly to CVEs discovered daily and can be integrated within the IT asset register of current Proteus-Cyber NextGen Data Privacy users.
The Department of Justice is looking to acquire a GRC tool for the Office of the CIO within the FBI’s Enterprise Information Security Section.