Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

Three Qs You Must Ask to Find Out if a Vendor is Critical

3 min read
Featured Image

You need to know the business impact risk of your vendors. Once you know that, you can figure out how they play into your financial institution’s business continuity plan. A way to start is to know which of your vendors are critical.  

What is a critical vendor? 

A critical vendor is a third party on whom your institution is so reliant that, if they suddenly disappeared for some reason, you’d have a huge problem on your hands.  Business would stop in its tracks and you’d be scrambling to recover.   

Think of your core processor and another Superstorm Sandy type of incident. The storm is far worse than expected and their processing has stopped for the time being. Complete chaos ensues. It happens – but, fortunately, with a little preparation and rigorous testing, you can minimize the impact. 

3 Questions to Ask to Determine If They're Critical 

Ask yourself these questions about each of your vendors to determine if they are critical to your institution: 

  1. Would a sudden and unexpected loss of this vendor cause a material disruption to your institution? 
  2. Would that loss impact your institution’s customers? 
  3. Would the time to recover be greater than one business day or 24 hours (timing could vary based on service provided)? 

What to Do Next With Your Critical Vendors 

If the answer to any of these is “YES” – this is a Critical vendor. You should then do a few things: 

  1. Ensure your disaster recovery plan is up-to-date 
  2. Ensure your due diligence analysis, risk assessment and your own disaster recovery planning include a thorough review of their business continuity plans and the results of testing around both plans (yours and theirs)
  3. Ensure you have a comprehensive and actionable exit strategy, contemplating both a sudden disappearance and a gradual unwind of the relationship 
  4. Develop and maintain an adequate notification and escalation plan 
  5. Contractually commit them to provide reporting and notification in the event anything changes  

Examples of Critical Vendors 

  • Your call center provider (unless you have multiple ones and can easily re-route calls)  
  • Your core processor is critical
  • The electric company is critical
  • The internet banking provider is critical

Examples of Non Critical Vendors  

  • Your shred vendor is not critical; they can easily be replaced.  
  • Your landscaper is not critical 
  • Your marketing agencies are not critical 
 

Spending a few minutes to ask 3 simple questions with each vendor can save you HUGE headaches down the road. The best time to prepare is NOW. 

To learn more about differences between your high risk and critical vendors, download our free infographic. 

differences between a high risk vendor and critical risk vendor

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo