skip to main content


IT vendor risk management (ITVRM) products enable organizations to manage risk relating to the use of IT vendors and external service providers of IT-related services.


  • ITVRM solutions have benefited from renewed focus and investment, as the importance of IT within enterprises has increased (particularly in the context of digitalization strategies) and reliance on external parties for elements of its provision has extended.

Features and Benefits

  • Understand that the ITVRM market is undergoing healthy growth, driven by customers’ digitalization and compliance requirements
  • Understand that solutions are mostly mature, and the risks of adoption are low

Key questions answered

  • Who are the key players in the ITVRM market, and where are they active?
  • What are the relative strengths of the key players in the ITVRM market?
  • What is Ovum's view of how the ITVRM market may develop?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for enterprises
  • Recommendations for service providers
  • Recommendations for vendors

Defining and exploring IT vendor risk management

  • Definition and characteristics
  • Key capabilities
  • Business value and applications

Market landscape and participants

  • Market origin and dynamics
  • Key trends in the ITVRM market
  • Future market development
  • Vendor landscape

Vendors on the Ovum Market Radar in IT Vendor Risk Management

  • On the Radar: 3GRC Platform focuses on providing a single point of view of external-party risk and compliance
  • On the Radar: Third-party specialist Aravo provides a flexible and scalable vendor risk management solution
  • On the Radar: Lockpath's Keylight Platform focuses on support for IT vendor risk management
  • On the Radar: LogicManager suite provides prebuilt governance, risk, and compliance dashboards
  • On the Radar: MetricStream IT Vendor Risk Management offers a holistic approach to VRM
  • On the Radar: OneTrust provides GDPR-aligned incident and breach management
  • On the Radar: RSA Archer Suite standardizes third-party risk and performance management processes
  • On the Radar: Rsam’s Vendor Risk Management solution offers a broad functional range in a mature solution
  • On the Radar: ServiceNow provides unified vendor risk management with its Now Platform


  • On the Radar
  • Further reading
  • Author