How to Get a Clearer Picture of Vendor Risk

Experts Call for Continuous Assessments of Vendor Risk - Not Just at Onboarding Suparna Goswami (gsuparna) • June 10, 2025

As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront questionnaires of vendors and fail to track how their risk profiles may change over time.

See Also: Merging Without Mayhem: PAM Strategies that Work

"There needs to be a mindset shift from episodic reviews to continuous oversight," said Lance Mueller, president of The Digital Trust Ecosystem. "You cannot just assess a vendor once and assume you are covered. Threat landscapes evolve, vendors change operations and new risks emerge mid-contract. It is the failure to keep watch between the onboarding and offboarding that leaves organizations exposed."

The challenge is operationalize continuous monitoring of risk without overburdening vendors or internal teams, said Mohammad ...