What is vendor risk management?

• A. Process to assess supplier risk, including security controls, compliance, performance, and contingency plans.
• B. Process to manage vendor invoices.
• C. Process to market vendor products.
• D. Process to store vendor data.

Answer: (A)

Vendor risk management is the process of identifying, assessing, and mitigating risks that come from using third‑party vendors. It involves evaluating the vendor’s security controls and data protection practices, ensuring regulatory and contractual compliance, reviewing performance and reliability, and planning for contingencies such as business continuity and exit strategies. This broad approach helps protect your data, operations, and reputation by understanding and addressing potential vendor-related risks throughout the relationship.

Other tasks described—handling vendor invoices, marketing or selling vendor products, or simply storing vendor data—do not focus on evaluating and reducing risk across the vendor relationship, so they don’t fit as vendor risk management.