IT Vendor Risk Management

Better vendor relationships

Making a wise investment in a vendor-provided information technology solution is challenging. The concerns of operational, technical, and administrative stakeholders must be integrated in a holistic way, whereby the needs of specialty disciplines are evaluated and balanced to produce a relationship with the vendor that is functional, manageable, and responsible.

The Office of Information Security provides IT Vendor Risk Management as an advisory service available through the UW-IT Service Catalog. Support is available throughout the lifecycle of the vendor relationship.


Yes, on the IT Sourcing Guide web page.

Under APS 2.6, Executive Heads of Major University organizations are responsible for the risks associated with their assets. To satisfy this responsibility, they must exercise and demonstrate due care in securing their information assets and technical capabilities.

All IT projects conducted within any unit or by any individual, regardless of their cost, must comply with APS 2.3 and adhere to the stewardship guidelines for IT Projects and Acquisitions.

The Office of Information Security neither approves nor forbids any transaction but is often brought in as a resource that empowers informed decision-making and encourages cross-discipline cooperation.

Not at all. Information technology lifecycles are continuous. We will meet you wherever in the process you may be.

Questions should be directed to UW Procurement Services as early as possible. They will ensure that the correct subject matter experts and supporting offices can be coordinated to assist your effort.