By the rules of ethics and our own engagement letters, attorneys commit to, and are responsible for, keeping their clients' data confidential. Further, the rules of ethics require attorneys to be up-to-date on technology and to make appropriate decisions to avoid selecting technology that could compromise the confidentiality of client information. When making these decisions, attorneys need to take into consideration what vendors they are using to assist in their delivery and/or performance of legal services, whether it is the vendor used to stamp documents prior to discovery production, or the office cleaning service that may have unfettered and unsupervised access to offices. If attorneys fail to assess vendors properly and to identify and manage the potential risks they may create, attorneys fail in their ethical obligations to their clients and do disservice to their own personnel too. This article will discuss appropriate processes to manage supplier risk and to document those programs accordingly from vendor selection to onboarding, during the relationship, and offboarding.