For enterprises and their service providers alike, due-diligence efforts have become expensive and un-enlightening. It's time to call this process broken and find a solution. We'll review real-world contract failures and assessments gone bad, discuss how this security make-work is dangerously distracting from information protection goals, and look at ways to improve these partnerships to more efficiently manage risk.