Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

Over 800 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

Join the thousands of risk and compliance professionals who subscribe to Venminder

Differences Between a Vendor's Disaster Recovery and Business Continuity Plans

2 min read
Featured Image

The assumption that disaster recover plans and business continuity plans are the same thing is a common misconception. While they are closely intertwined, they’re not the same.

A business continuity plan (BCP) is an organization’s plan(s) that is developed to ensure key operations, products and services will be delivered at a predetermined or acceptable level of availability should a business disrupting event occur. A disaster recovery plan (DRP) is a subset of business continuity and outlines the organization’s anticipated, immediate response and procedures that they’ll follow if they experience a business disrupting event in order to resume normal operations.

Key Differences Between Vendor’s Disaster Recovery and Business Continuity Plans

Here are six additional key differences:

  1. Strategic Objectives vs. Calculated Plans - BCPs are strategic objectives. DRPs are calculated plans.

  1. Business Resiliency vs. Resuming Operations - BCPs attempt to avoid business interruptions by proactively implementing plans and controls designed to increase the business’s resiliency to potential disaster scenarios outlined in the BCP. DRPs guide disaster recovery personnel in reacting and responding to events that transcend the BCP and in recovering the organization’s people, facilities and systems to normal operations.

  1. BCP Focus - BCPs focus on the following:
    • Risk assessment
    • Preventive controls
    • Succession planning
    • Planning with public entities such as emergency services, local or state disaster relief agencies
    • Communications with identified key vendors, clients, employees and the media

  1. DRP Focus - DRPs focus on the following:
    • Gathering of disaster recovery personnel at the command center
    • Deciding if the incident is a disaster
    • Salvage operations, recovery operations, communications, restoration to normal operations

  1. BCP Components - Your vendor’s BCP should include the following 13 components:
    • Business impact analysis
    • Personnel loss planning
    • Relocations plans
    • Remote access availability
    • Facility loss contingencies
    • Pandemic contingencies
    • Breach/disruption notification procedures
    • Testing procedures
    • Copies of the plan are held off-site in secure locations and available
    • Plan is reviewed, tested and updated regularly
    • Senior management and board approval
    • SLAs and contractual obligations
    • Failover and backup locations

  1. DRP Components - Your vendor’s DRP should include the following six components:
    • Dedicated team and individuals
    • Testing and updates
    • Notification process
    • Backup procedures
    • Procedures for personnel and system recovery to normal operations
    • Senior management/board approval and involvement

As you can see, BCPs and DRPs are closely related but serve distinct purposes. Both are critical to ensuring that a business safeguards its personnel and its ability to meet contractual obligations to customers.

Dive deeper into business continuity planning with your vendors. Download the infographic. 

Vendor Business Continuity for Third Parties

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo