Target’s Data Breach and its Impact on Technology Procurement

From the C suite down to the help desk, everyone will remember the Target data breach. However, many organizations think about security last when procuring software. They’re more concerned about speed to market, not whether they’ll be facing millions of dollars in penalties for a data breach. In an article entitled “Marrying IT Risk Management with Enterprise Procurement”, Ericka Chickowski details the need for vendor risk to be evaluated during the procurement or contracting phase.

I agree with Ericka’s article and wish that more organizations would see the value in conducting vendor risk assessments in the procurement or contracting phase of an engagement, instead of attempting to clean up after a data breach or other security issue. An older article written by Tim Burt prophetically explores the sensitive data involved in cloud computing and it’s effect on Procurement.

In the race to purchase software from a vendor, organizations should temper that speed with sound vendor and risk analysis in the procurement or contracting phase of an engagement.  It shouldn’t take a data breach for organizations to remember that, but sometimes it does.

Below is a great video on assessing technology vendor risk and security from Monte Ratzlaff, Security Manager, at UC Davis Health System, as he presents “Vendor Risks: Evaluating the Security of New Technology”:


Do you have a technology vendor management question?

question mark The reason I started this blog was to provide a toolkit for those of you working with technology vendors, as there isn’t much out there on this topic, especially as it relates to vendor management, project management, contract management and procurement. If you have a question on any of these topics, just contact me using the form below and I’ll post my answer on this blog, along with your question (you’re welcome to post your question anonymously).

I really enjoy discussing these topics and think that this approach would be a great way to create a helpful community of folks that have experienced similar issues.  If your vendor isn’t in the technology space, that’s fine too, I’ve worked with plenty of vendors outside of technology and would be happy to answer your questions as well. Please remember that I’m not an attorney, so I can’t provide legal advice, but I do have many years of experience in the technology vendor management, project management, contract management and procurement / strategic sourcing areas.

Looking forward to your feedback and some great discussions!