Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

Download Samples

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

Over 800 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

Read Report

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Friday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

Join the thousands of risk and compliance professionals who subscribe to Venminder

FFIEC Includes Monitoring of Vendors’ Pandemic Plans in Interagency Statement

3 min read
Featured Image

This month, FFIEC agencies collectively issued an interagency statement on pandemic planning, supplementing the “Interagency Advisory on Influenza Pandemic Preparedness” and “Letter to Credit Union 06-CU-06 – Influenza Pandemic Preparedness” guidance. The statement is in response to the coronavirus (COVID-19) outbreak rapidly spreading across the United States and is a reminder to organizations that business continuity plans must address the potential threat of a pandemic and the impact it may have on the delivery of critical services.

Within the guidance, FFIEC agencies specifically call out having a business continuity plan (BCP) that addresses pandemics. They list the following 5 areas that should be included in the pandemic plan:

  • A preventative program
  • A documented strategy scaled to the stages of a pandemic outbreak
  • A comprehensive framework to ensure the continuance of critical operations
  • A testing program
  • An oversight program to ensure the plan is reviewed and updated

What Is the Difference Between a BCP and Pandemic Plan?

Pandemic planning is part of a business continuity plan. Hopefully, your organization already had a pandemic plan in place before this statement was released, but if you didn’t or are just curious about the differences, there are two that make pandemic planning clearly unique. Consider the following:

  1. Difficulty determining the impact: In BCP, you’re planning for natural or man-made disasters that tend to be shorter in duration or limited in scope. In pandemic planning, it’s more difficult to know the impact the pandemic will have on the organization because of the varying levels of scale and duration.
  2. The length of time is greater: In BCP, the disasters are usually for a limited time but when a pandemic happens, it can occur in waves and last several months.

Keep the Board and Senior Management Involved

FFIEC agencies also remind organizations that pandemic planning is not only an information technology (IT) concern. It’s a risk to the entire business; therefore, remember to include the board and senior management in pandemic planning. The board must oversee the development and approval of a pandemic plan. Senior management must have sufficient resources to prepare the plan, monitor, communicate and test the plan.

Pandemic Planning in Third-Party Risk Management

According the to the interagency statement, “Management should also monitor its service providers, identify potential weaknesses in the service and supply chains, and develop potential alternatives for obtaining critical services and supplies.”

Don’t take this statement lightly. Not only should you have a pandemic plan in place, but your vendors should, too. It’s your organization’s responsibility to monitor your vendors during this perilous time, especially the critical and high-risk vendors, to determine if their pandemic plan is adequate. If their plan is inadequate, what are your alternatives should they no longer be able to provide the product or service your organization has outsourced to them?

No one saw COVID-19 coming, yet we all need to be ready to react. We’ve been required to have pandemic plans in place for many years so why are we all caught backpedaling rather than instinctively reacting? This is a time to double-down and make sure that we know not only what we have in place but what our third parties have in place.

Over reliance on a product or service is always an exposure point, particularly if they have left themselves in a vulnerable position in terms of their ability to execute a functional pandemic plan. This is the perfect time for third-party risk management, business continuity and information security to put the best foot forward and show what they’re all about.

We’ll leave you with this. Remember, our supply chain is only as strong its weakest link. No matter how resilient your own business continuity and pandemic practices are, you must understand your third parties’ practices as well and make sure they undergo thorough and rigorous testing until they meet your expectations.

It’s just that simple. Expecting the unexpected is the new norm.

Pandemic planning is part of a business continuity plan. Learn what to review in a vendor's business continuity and disaster recovery plans. Download the eBook.

business recovery bcp plan

Sign Up For Our Newsletter

Get expert insights straight to you inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo