Some of the biggest cybersecurity headlines point to suppliers as the root cause of the most damaging breaches. This highlights the importance of carefully vetting and monitoring vendors as part of a strong cybersecurity program. At a recent panel at IAPP’s Global Privacy Summit, counsel from Under Armour, AOL and Unisys provided practical guidance on how to implement a comprehensive vendor management program and mitigate data security and privacy risks third-party vendors present. This first article in our series includes the panelists’ discussion of nine questions to ask vendors during the due diligence process and factors to consider before contract negotiations. The second installment in our coverage of the panel will include fourteen key cybersecurity provisions to include in vendor contracts. See also “Learning From the Target Data Breach About Effective Third-Party Risk Management”: Part One (Sep. 16, 2015); Part Two (Sep. 30, 2015).