Vendor risk: Due diligence, scaling, analysis, and ongoing oversight