With statistics reaching as high as 66% of organizations significantly utilizing third parties- third-parties accounting for 63% of the exposure for data breaches in 2013- and the monitoring of third-party risk management practices being classified as the least concern for 78% of organizations- it’s time that simply trusting Vendor Security Questionnaires isn’t enough. We will review the evolution of third-party risk evaluations and vendor management programs to highlight the good- the bad- and the insecurity and give insight to some of the compliance drivers that will lead the evolution and need for refinement of these programs in the next few years.