1. Benchmarking 2. Multivendor environment and Looking at options both small , mid and large size to distribute the risk 3. Keeping key functions in house is key so that you do not loose control

To navigate third-party IT vendor risks, I prioritize a proactive and structured approach at Saaskart. First, we conduct thorough vetting and due diligence, assessing vendors for reliability, security standards, and alignment with our values. Clear contracts with defined SLAs and risk clauses are essential, setting expectations upfront. Regular audits and performance reviews help us identify potential risks early, while real-time monitoring systems give us transparency over their operations. I also ensure a strong communication loop with our vendors to quickly address any issues, building a partnership based on accountability and mutual growth.

- Identify and assess the criticality and risks of third-party service providers based on the impact of their currently delivered services. - Conduct pre-contract due diligence to ensure mature risk management practices and skills to fulfill regulatory and contractual requirements. - Continuously monitor and oversee third parties incl. subcontractors to ensure compliance with regulations and contracts to maintain resilience within the service community. - Prepare to manage and report incidents related to third parties. - Address potential disruptions caused by third-party service provider incidents through continuity plans and tests. - Develop Exit -strategies and -plans to be prepared for both a planned and unplanned exit.

Keep an eye on their performance regularly, make sure contracts include rules about security and service, and have backup plans in case of any problems. This helps lower risks and keep partnerships strong.

1. The starting point is to analyse the situation and why risk is considered. Establish the reason behind it. 2. If the risk exists, it does not mean nothing has happened. This has to be related to the real issue, and we must try to find or define a solution or how to approach the problem. 3. Start to find the best way to collaborate between teams or organisations to keep the subject urgent and provide polite or concrete ways to resolve the issue.