Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


7 Key Vendor Risk Management Items Your Examiner Will Care About

2 min read
Featured Image

When you get notice of an upcoming exam it can be a time of frantic scrambling – but it doesn’t necessarily have to be. There are specific items your examiner is going to care about. The best way to know what they’re looking for is to truly understand the scope of the audit. Once you understand the audit scope, you’ll already be off to a great start.

7 Key Items Your Examiners Will Care About

Let’s discuss seven vendor risk management items your examiner is almost always going to request:

  1. Your vendor risk management program and all associated documentation. Your examiner will want to see that the policy, program and procedures documentation are all current – meaning updated at least annually or periodically as changes occur – and any documentation that is referenced within the documents are available to review. Examiners will verify your work product matches what is set out in your policy (e.g., SOC reviews, financial reviews, etc.).
  2. A vendor risk management/third party risk organization chart. This will help them better understand who is actively involved.
  3. A job description and bio for your key organizational members. Examiners will use this to verify adequate training and their level of expertise.
  4. Your active vendor inventory. With this, be sure to identify every vendor and their correlated risk level – critical/non-critical and high, moderate or low risk. In addition, identify the vendors you’ve written out of scope and indicate why. Quick tip: Typically, you can request an updated vendor list from Accounts Payable. Comb through the list to make sure you didn’t accidentally leave out a vendor.
  5. Evidence of ongoing monitoring. You probably have relevant due diligence on file from when you vetted the vendor, and that’s fantastic. However, examiners want to see that you’re continuing to keep the due diligence up-to-date, even after you’ve contracted with the vendor. They’ll want to see the most current due diligence and new analyses that have been performed by subject matter experts.
  6. Active involvement by senior management and the board. Regulatory guidance requires it. Provide the reports you typically share with them and any meeting minutes to prove their involvement.
  7. Documentation proving that prior exam findings have been resolved. This is a big one! Don’t fall victim to repeat findings.

Doing these seven things upon notice of an exam is a proactive approach. It’ll make the exam go much more smoothly if you’ve organized these items beforehand and are prepared.

Be as prepared as possible for your examination. Download this eBook for further information.New Call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo