5 tips for managing IT vendor risk