This capability governs the process to manage vendor relationship including selection, vetting, evaluation, security, compliance. Usually these processes also include risk evaluation, as well a rating against the type of data that the vendor can see (given their maturity on their risk profile, financial, among other areas).