The cancer research center aimed to improve its risk management processes, particularly for third-party and internal IT applications, while considering the added complexity of fourth-party risks. However, the institution faced significant challenges due to the limitations of its two separate legacy systems, which managed vendor and internal IT risks independently.