Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Differences Between a Vendor's Disaster Recovery and Business Continuity Plans

2 min read
Featured Image

The assumption that disaster recover plans and business continuity plans are the same thing is a common misconception. While they are closely intertwined, they’re not the same.

A business continuity plan (BCP) is an organization’s plan(s) that is developed to ensure key operations, products and services will be delivered at a predetermined or acceptable level of availability should a business disrupting event occur. A disaster recovery plan (DRP) is a subset of business continuity and outlines the organization’s anticipated, immediate response and procedures that they’ll follow if they experience a business disrupting event in order to resume normal operations.

Key Differences Between Vendor’s Disaster Recovery and Business Continuity Plans

Here are six additional key differences:

  1. Strategic Objectives vs. Calculated Plans - BCPs are strategic objectives. DRPs are calculated plans.

  1. Business Resiliency vs. Resuming Operations - BCPs attempt to avoid business interruptions by proactively implementing plans and controls designed to increase the business’s resiliency to potential disaster scenarios outlined in the BCP. DRPs guide disaster recovery personnel in reacting and responding to events that transcend the BCP and in recovering the organization’s people, facilities and systems to normal operations.

  1. BCP Focus - BCPs focus on the following:
    • Risk assessment
    • Preventive controls
    • Succession planning
    • Planning with public entities such as emergency services, local or state disaster relief agencies
    • Communications with identified key vendors, clients, employees and the media

  1. DRP Focus - DRPs focus on the following:
    • Gathering of disaster recovery personnel at the command center
    • Deciding if the incident is a disaster
    • Salvage operations, recovery operations, communications, restoration to normal operations

  1. BCP Components - Your vendor’s BCP should include the following 13 components:
    • Business impact analysis
    • Personnel loss planning
    • Relocations plans
    • Remote access availability
    • Facility loss contingencies
    • Pandemic contingencies
    • Breach/disruption notification procedures
    • Testing procedures
    • Copies of the plan are held off-site in secure locations and available
    • Plan is reviewed, tested and updated regularly
    • Senior management and board approval
    • SLAs and contractual obligations
    • Failover and backup locations

  1. DRP Components - Your vendor’s DRP should include the following six components:
    • Dedicated team and individuals
    • Testing and updates
    • Notification process
    • Backup procedures
    • Procedures for personnel and system recovery to normal operations
    • Senior management/board approval and involvement

As you can see, BCPs and DRPs are closely related but serve distinct purposes. Both are critical to ensuring that a business safeguards its personnel and its ability to meet contractual obligations to customers.

Dive deeper into business continuity planning with your vendors. Download the infographic. 

Vendor Business Continuity for Third Parties

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo