There has been no end to the security incident cases caused by the vendors in charge of IT system development and operation. Faced with this threat, the question once again for IT organizations is how to effectively "manage vendors" to address. This session will indicate how security leaders should take measures for vendors from the perspective of Gartner's vendor management framework: risk, relationship, contract and evaluation.