IT Vendor Risk Management

Last updated: January 19, 2024
Audience: StaffIT Staff / TechnicalDecision Makers

Many times, IT solutions will involve using outside vendors. This can be as simple as signing up for a service or buying a product, or as complex as engaging a vendor that offers enterprise solutions to create a custom experience for UW or UW departments.

Just because you signed a contract on the dotted line, made a payment, and started to use their product or service doesn’t mean the vendor will help you meet your goals, and bring value to your department or the UW as a whole. There are many things to consider when choosing a vendor and formalizing your relationship with them to ensure the solution will meet your needs.

UW-IT experts can help advise you and be directly involved in your engagements with vendors. The IT Vendor Risk Management service can help you with vendors by providing risk analysis, contract negotiation support, service operationalization planning, and general information resources to UW stakeholders who are accountable and responsible for delivering services so that risks associated with information technology vendors are managed and manageable.

How IT Vendor Risk Management can help

  • Conversations to help articulate your goals and come up with a strategy for meeting them
    • What are you trying to achieve with a product or service?
    • Who is going to use it?
    • How does the vendor help meet your goals?
  • Contract strategy, which includes reviewing contract language and ensuring the contract covers all applicable considerations
  • Connects you with technical experts to evaluate the technology and considerations like usability, accessibility and more
  • Ongoing vendor relationship management for concerns that arise mid-contract
  • Evaluation of vendor relationships and updating contracts for renewal
  • Ongoing support and consultation

Job aid worksheet

Better vendor relationships

Making a wise investment in a vendor-provided information technology solution is challenging. The concerns of operational, technical, and administrative stakeholders must be integrated in a holistic way, whereby the needs of specialty disciplines are evaluated and balanced to produce a relationship with the vendor that is functional, manageable, and responsible.

The Office of Information Security provides IT Vendor Risk Management as an advisory service available through the UW-IT Service Catalog. Support is available throughout the lifecycle of the vendor relationship.

Frequently asked questions

FAQ Accordion

Yes, on the IT Sourcing Guide web page.

Under APS 2.6, Executive Heads of Major University organizations are responsible for the risks associated with their assets. To satisfy this responsibility, they must exercise and demonstrate due care in securing their information assets and technical capabilities.

All IT projects conducted within any unit or by any individual, regardless of their cost, must comply with APS 2.3 and adhere to the stewardship guidelines for IT Projects and Acquisitions.

The Office of Information Security neither approves nor forbids any transaction but is often brought in as a resource that empowers informed decision-making and encourages cross-discipline cooperation.

Not at all. Information technology lifecycles are continuous. We will meet you wherever in the process you may be.

Questions should be directed to UW Procurement Services as early as possible. They will ensure that the correct subject matter experts and supporting offices can be coordinated to assist your effort.

Need help?
Contact and put “ IT Sourcing” in the subject line and ask for “IT Vendor Risk Management” in the message body.