Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


August 2022 Vendor Management News

7 min read
Featured Image

Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

Recently Added Articles as of August 4

Read up on articles from the week below about more cyberattacks that have happened, unethical practices in supply chain, TPRM for healthcare, cyber risk in educational institutions, and more. 

Cyberattacks target victims by posing as trusted applications: Researchers at Google have found a new way that hackers have been targeting victims. By posing as trusted and popular applications, the cybercriminals have been able to deceive their victims into downloading malware. This method can evade standard education and knowledge on avoiding illegitimate applications and highlights the importance of verifying data protection and security measures.

Hackers gain access to cloud applications: Experts have identified a weakness present in Golang-based apps, which has allowed hackers the ability to gain access to cloud applications and exposed data. Fortunately, these issues have been quickly addressed and patched accordingly.

How to stop unethical practices in the supply chain: We all know that it's impossible to monitor each and every activity that our fourth-party vendors perform, let alone vendors even further down the supply chain. However, as consumers and regulatory offices call for more increased transparency and ethically sourced services, you need to be sure that your vendors follow compliance and guidelines, or your organization could face reputational and financial damages. By knowing the signs of unethical practices, you'll be able to identify exploitative vendors and take action to protect your organization and the greater community.

Why the number of cyberattacks continues to rise: Is your organization doing enough to stop cyberattacks? And, what more can be done to decrease the number of cyberattacks across the board? As we continue to hear about cyberattacks each week, it may make you wonder what more can be done to make a difference. Within your own organization, you should issue training for all employees, create effective communication channels for identifying and addressing attacks, and staying updated with best security practices within your organization and with your third-party vendors.

Cyberattack method uses social engineering to pressure targets: A new method created by cyber criminals uses a countdown clock to make their intended targets feel pressured, leading to quick decision-making. This type of attack forces a target to feel as though they need to act quickly and without thinking, which could lead to a poor choice and compromise their data. More than ever, it's important to keep your employees educated on ways to identify and avoid phishing attacks and to protect the organization.

Apple fixes bugs and improves iPhone security: In response to vulnerabilities on the iPhone, Apple has released patched security updates. The patches include remedies to flaws such as CVE-2022-32832, which cybercriminals exploited to gain access to Apple devices. This patch is one more in a line of patches released by Apple, Microsoft, and Google over the past several weeks.

Third-party risk management practices for healthcare organizations: Healthcare organizations deal with a large volume of sensitive data and information. When engaging in relationships with third-party vendors, it's important to understand how your vendors might make your data vulnerable to cyberattacks and how you can manage the risks associated with your vendors. While vendors are essential, healthcare organizations, just as with other businesses, need to be aware of the risks and how to protect their organization or they'll suffer from data breaches, reputational damages, and costly fines.

OCC invites authors to research impacts of fintech on the financial sector: How have fintech vendors changed the banking and financial industry? In its effort to answer this question, the OCC has asked for authors and researchers to submit their findings. The research will, in turn, fuel academic and regulatory discussions regarding recent changes in the industry. Meanwhile, the Commodity Futures Trading Commission (CFTC) has also called for research on the impact climate change has had on financial institutions.

FCC identifies a recent phishing campaign: Recently, the FCC warned Americans of a rise in SMS phishing campaigns in which hackers have tricked their victims into giving sensitive information, which was then exploited. The hackers have lured victims by using deceiving text messages and links impersonating delivery services, banks, and law enforcement. Individuals should not click on unknown links and should report suspected activity to law enforcement and service providers.

Hackers compromise apps in the Google Play Store: Several malicious apps have been identified as malware on Android’s Google Play Store. Thankfully, the apps have since been removed, but experts warn that cyber criminals are continuing to create new methods for hacking and retrieving personal data.

Data breaches target healthcare organizations: Several healthcare organizations have been targeted by data breaches, leading to unauthorized access of data. The lasting impact of these breaches has led organizations to reconsider cybersecurity as a top priority moving forward, to protect their patients’ data and improve both monitoring and reporting capacities.

How to handle the aftermath of cyberattacks: In today’s world, where cyberattacks have become more aggressive and a more daily occurrence, it's important to ensure that your organization has disaster recovery plans in place. By looking at the latest trends and expert advice, you can plan for the worst and be prepared in the case your organization ever falls victim to a cyberattack.

Steps for effective vendor contract management: When selecting a vendor, you want to ensure that the vendor is capable of serving your organization’s needs and that the vendor will meet your performance expectations. During the contract stage of your relationship, you'll need to determine if this vendor is right for you. As a vendor risk manager, it's up to you to effectively assess the vendor, gather proper due diligence documentation, and identify potential risks. It can be overwhelming, but by creating an efficient vendor contract management process and following these best practice tips, you can start off on the best foot.

Banks are adopting new technology: As many banks have considered switching their core platforms, it's important to understand the risks that may be associated with adjusting to new technologies. During the transition stage, these banks will need to consider what processes are in place to mitigate third-party risks. Experts suggest making third-party risk management a higher priority for banks looking to transition to new vendors to effectively assess risks and ensure that proper security measures are in place to protect sensitive data.

The importance of TPRM for navigating vendor relationships: It can be challenging to take on new relationships with third-party vendors. By implementing effective third-party risk management programs and strategies, organizations can build secure relationships and overcome the obstacles that may make these relationships challenging. This article goes over the importance of vendor vetting, a few key considerations during the due diligence process, and how to navigate issues that may arise when considering a possible vendor.

Third-party cybersecurity risks remain in educational institutions: In a recent study, experts found that many educational institutions continue to struggle with managing third-party cybersecurity risks. The study found that nearly half of those who responded said that they don't assess security risks and processes of their third-party vendors, which is an alarming number. To protect your organization, it's important to ensure that your vendors have the capabilities to identify risks, notify organizations of breaches, and provide detailed risk assessments.

Bank pays massive fine after accessing customer accounts: Do you know how organizations are using your sensitive information? U.S. Bank was fined $37.5 million after an investigation by the Consumer Financial Protection Bureau discovered it had been accessing and opening accounts without permission. The CFPB noted that the bank didn't have the capability to detect misuse of information and has since worked to improve oversight processes and compliance.

BECU suffers third-party data breach: In a recent data breach, Boeing Employee’s Credit Union fell victim to a cyberattack, in which sensitive information was compromised. This serves as another reminder of the importance of third-party risk management, as this attack was successful because of a vulnerability in a vendor’s system. All organizations should make cybersecurity and third-party risk management a top priority, to protect against third-party data breaches.

Understanding the importance of TPRM: When dealing with vendors, you want peace of mind that your vendor will perform well, meet your expectations, and protect any sensitive data that they may access. Throughout the course of your relationship with a vendor, from pre-contract stages, all the way to offboarding, you need to identify any risks and understand the best ways to mitigate these risks. This article goes over the basics of vendor risk management, from its importance, to how you can perform effective due diligence, and the most common obstacles facing third-party risk managers.

Microsoft addresses issues with recent patch: Microsoft has recently announced an issue with a patch in its software, KB5015807, alongside remedies for users experiencing issues with the program.

Healthcare organization suffers $100 million loss following a cyberattack: Third-party risk management is crucial when it comes to mitigating risks and protecting your organization from detrimental data breaches and damages to your revenue and reputation. A healthcare company suffered a massive loss in April, including $100 million in revenue. The attack caused large-scale disruptions to its operation, which led to a drastic decrease in admissions and subsequent legal action.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo