.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
| Professional | Enterprise | |
|---|---|---|
|
Designed for organizations who need all the key capabilities to run their vendor risk management program and the ability to add on new capabilities as they grow. 0 |
Designed for organizations with a mature or complex vendor risk management program. 7 |
|
| General | ||
| Implementation Support | ||
| Customer Support & Training | ||
| Software | ||
| Unlimited users, vendors and contracts | ||
| Unlimited custom fields | ||
| Contract Management Secure storage for unlimited contracts; Venminder Paralegals extract key information; notifications of upcoming renewals and expirations; Multiple contracts per vendor product; Unlimited custom reportable data fields; Push modifications to contract at any time (statements of work / addendums / amendments etc.) ; Track Contract Pricing |
||
| Standard Risk Assessment Inherent Risk Assessment; Residual Risk Assessment; Template library; Configurable risk levels; Team collaboration; Unlimited questions and areas of risk; Custom section and question weightings; Approval workflow; Prevailing sections and questions; Create executive summary; Comment tracking; Storage of all historical risk ratings |
||
| Standard Questionnaires Unlimited Questionnaire Library; Questionnaire Templates (RFP, SIG Core, SIG Lite, InfoSec, Pandemic etc.); Import SIG and Other Existing Questionnaires; Monitor completion status; Answer formats (free form, yes/no, dropdown select, multi dropdown select); Question controls (example: preferred responses, required questions, required attachments); Tiered questions; Secure portal for recipient; Flag questions for vendor remediation; Send prior questionnaires for a vendor refresh; Send questionnaires to multiple recipients |
||
| Oversight Management Enable oversight requirements to schedule tasks; Create and assign tasks to any user; Record results of tasks/review; Create oversight status reports for senior management, the board and examiners |
||
| Reports & Dashboards Reports are fully configurable, downloadable to data (Excel) or visual (PDF); enable tracking of status, trends and exceptions, and custom reports can be created. Dashboards |
||
| New Vendor Onboarding Customizable forms; Capture vendor information; Perform initial risk and criticality assessment; Collect contract documentation and review due diligence requirements; Reference tracking; Side by side vendor comparison |
||
| Offboarding Workspace Customizable forms; Ability to send offboarding questionnaire requests; Complete vendor risk assessments; Execute offboarding due diligence requirements; View and create vendor issues; Identify approvers |
||
| Advanced Risk Assessment Unlimited custom mitigation questions; Additional risk level thresholds; Identify prevailing contributors; Visibility into scoring algorithms; Detailed comment tracking |
||
| Advanced Questionnaires Configurable scoring, unlimited multi-tiered questions |
||
| Advanced Workflows Create custom workflows; One-time or recurring; New vendor product trigger; Vendor review period trigger; Integrate with activities |
||
| Oversight Automation Define minimum oversight requirements; Include criticality and/or NPI access as variables in risk pairing method; Define frequency of oversight based on vendor product characteristics; Auto-assign tasks to users, product managers, or user roles |
||
| SLA Management Create SLAs; Prioritize by severity levels, what's overdue and who to contact; Attach performance evidence to compare actual performance against contractual obligation; Identify escalation points; Remediate SLAs; Defined cure periods; Report on SLA activity |
||
| Issue Management Open and manage issues; Identify severity levels; Create follow-up procedures; Team collaboration; Track progress; Create approval workflows; Reporting. Module can also be used for Exception Tracking. |
||
| Business Unit Permissions Define business units; User permissions by vendor product |
||
| Single Sign On (SSO) | ||
| API-Integration Options | ||
| Control Assessments | ||
| Initial Vetting Packages of a Third Party We research, collect, review and verify your vendor's key information and that it's all accurate and up-to-date and provide a summarization of findings. Easily order one-time assessments or create annual flex package spend. |
||
| Vendor Financial Health Assessment We assess the vendor's financial data and create a comprehensive report that includes risk indicators and monitoring recommendations. Easily order one-time assessments or create annual flex package spend. |
||
| SOC Assessment We assess the vendor's SOC reports to provide an overall risk rating and call out areas of concern that may need attention. Easily order one-time assessments or create annual flex package spend. |
||
| Business Continuity/Disaster Recovery Assessment We assess the vendor's plans to verify that they are adequate, identify any gaps and confirm that they have actually tested those plans. Easily order one-time assessments or create annual flex package spend. |
||
| Point-in-Time Cybersecurity Assessment We assess the four main areas of cybersecurity risk to provide an overall risk rating and informed next steps. Easily order one-time assessments or create annual flex package spend. |
||
| Data Protection Assessment We assess and provide a ranking on your vendor’s preparedness for data protection laws in six critical areas to ensure you meet the law’s requirements for vendor risk management and consumer rights. Easily order one-time assessments or create annual flex package spend. |
||
| Information Security and Privacy Assessment We assess the vendor's information security, cybersecurity, physical security, resiliency, privacy, and business continuity risks, to identify areas of weakness and ensure they meet data protection laws. Easily order one-time assessments or create annual flex package spend. |
||
| Contract Compliance Assessment We provide a comprehensive assessment calling out provisions that you (and the regulators) will care about. Easily order one-time assessments or create annual flex package spend. |
||
| Regulatory Compliance & Operational Assessment We assess your vendor’s consumer impacting practices against regulatory requirements and identify areas of strength and weakness. Easily order one-time assessments or create annual flex package spend. |
||
| CAIQ Assessment We assess your vendor’s completed Cloud Security Alliance (CSA) CAIQ and risk-rate the sixteen categories of controls to provide you assurance that the cloud vendor has a robust control environment. Easily order one-time assessments or create annual flex package spend. |
||
| SIG Lite Assessment We assess your vendor’s completed SIG Lite questionnaire and risk-rates the 18 categories of controls to provide you insight into their implementation of those industry standard controls. Easily order one-time assessments or create annual flex package spend. |
||
| Managed Services & Ongoing Monitoring | ||
| Document Collection | ||
| Virtual Vendor Management Office | ||
| Vendor Site Audit | ||
| Business Health Ongoing Monitoring | ||
| Cybersecurity Ongoing Monitoring | ||
 |
|
|
Pricing & Packaging
Scale your vendor risk management program with Venminder.
Designed for growth and scale.
Flexible capability-rich packages to elevate your vendor risk management program and drive key efficiencies.
Frequently Asked Questions
Here are some of the most commonly asked questions.
-
Is Venminder a SaaS model?
Yes, Venminder is a SaaS platform. It is ready out of the box, code-free, and enables you to do "all things vendor" in the cloud. You can configure many areas within the platform to suit your needs.
-
Does the platform come with templates?
Yes, Venminder has many templates and example processes built in to help you get ramped up quickly.
-
Is support included?
Venminder comes with unlimited customer support and product training via audio/video conference. Current support hours are 8am ET-8pm ET Monday to Friday.
-
How long is implementation?
We work to suit your needs and availability. Implementation typically takes between 30 and 90 days.
-
Who do you integrate with?
Venminder offers API and SSO integration options. Venminder has pre-built integrations in place with RSA Archer Third-Party Risk Governance, SecurityScorecard, and ArgosRisk AR Intelligence.
Ready to Get Started?
Schedule a personalized solution demonstration to see if Venminder is a fit for you.