IT Connect
Your connection to information technology at the UW

IT Vendor Risk Management

Many times, IT solutions will involve using outside vendors. This can be as simple as signing up for a service or buying a product, or as complex as engaging a vendor that offers enterprise solutions to create a custom experience for UW or UW departments.

Just because you signed a contract on the dotted line, made a payment, and started to use their product or service doesn’t mean the vendor will help you meet your goals, and bring value to your department or the UW as a whole. There are many things to consider when choosing a vendor and formalizing your relationship with them to ensure the solution will meet your needs.

UW-IT experts can help advise you and be directly involved in your engagements with vendors. The IT Vendor Risk Management service can help you with vendors by providing risk analysis, contract negotiation support, service operationalization planning, and general information resources to UW stakeholders who are accountable and responsible for delivering services so that risks associated with information technology vendors are managed and manageable.

How IT Vendor Risk Management can help

  • Conversations to help articulate your goals and come up with a strategy for meeting them
    • What are you trying to achieve with a product or service?
    • Who is going to use it?
    • How does the vendor help meet your goals?
  • Contract strategy, which includes reviewing contract language and ensuring the contract covers all applicable considerations
  • Connects you with technical experts to evaluate the technology and considerations like usability, accessibility and more
  • Ongoing vendor relationship management for concerns that arise mid-contract
  • Evaluation of vendor relationships and updating contracts for renewal
  • Ongoing support and consultation

Job aid worksheet       IT Vendor Risk Management Home

Need help?
Contact help@uw.edu and put “ IT Sourcing” in the subject line and ask for “IT Vendor Risk Management” in the message body.

Last reviewed November 25, 2020