Vendor risk management evaluates third parties across cybersecurity, financial stability, regulatory compliance, operational reliability, and reputational dimensions before engagement and throughout the relationship. Organizations conduct due diligence, require contractual protections, monitor performance, and maintain contingency plans for critical vendors. The 2013 Target data breach originated through a compromised HVAC vendor, demonstrating how third-party access can cascade into major incidents. Risk-based approaches apply deeper scrutiny to vendors with access to sensitive data or supporting critical business functions. Periodic reassessments capture changing vendor risk profiles over time.