XYZ Corporation is developing a supply chain risk management plan for its IT infrastructure. The plan includes a risk assessment of all third-party suppliers and vendors. What is the most important factor to consider when conducting this risk assessment?