Corporate environmental, social and governance (ESG) research and ratings firms measure companies’ performance across a wide array of topics, such as greenhouse gas (GHG) emissions, workforce diversity and executive compensation. Some of these vendors predominantly track companies’ ESG performance to inform and influence equity investors, creditors, bondholders and other participants in the capital markets. These vendors’ products often include a single corporate score to represent a company’s entire performance, simplifying interpretation for end users. This is intended to make it easy for investors to make a more informed decision on potential investments and for other stakeholders to understand how a company is performing relative to its ESG obligations, as well as its peers.
Gartner defines IT vendor risk management (IT VRM) as the discipline of addressing the residual risk that businesses and governments face when working with external service providers, IT vendors and related third parties. The scope typically addresses risks related to data protection, business continuity, security and other risk domains as relevant to laws, regulation and industry practices.