Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

How to Inventory Your Third Parties

4 min read
Featured Image

A third-party inventory is a critical tool to effectively manage third-party risks. Creating an inventory ensures your organization has visibility into its third parties and outsourced products and services. Your organization will be better positioned to identify, assess, manage, and mitigate third-party risks. This blog covers how to create and manage a third-party inventory. 

Why a Third-Party Inventory Is Important 

A third-party inventory provides invaluable insights into your organization’s external relationships, giving you better third-party risk management and protecting your organization from unknown risks. 

Here’s three reasons why a third-party inventory is important: 

  • Provides a comprehensive view of third-party risks – You can’t manage third parties or their risks if you don’t know a third party exists. A third-party inventory provides information on your organization’s business relationships and the risks they pose. A detailed inventory identifies all third parties and their potential risks so you can address them more quickly. It prevents forgotten third parties from slipping through the cracks. 

    Related: 10 Types of Vendor Risks to Monitor  
  • Protects your organization from unknown risks – If your organization isn’t aware of third-party risks, you might be caught off guard when an issue or incident arises. A comprehensive third-party inventory uncovers these hidden risks and helps protect your organization. You can’t guard against a threat you don’t know about.  
  • Prevents shadow purchasing – Shadow purchasing is when an employee or department engages a third party without proper vetting and oversight. This can result in unmitigated risk, costly duplicate vendors, unmitigated risk, and compliance and ethics concerns. A third-party inventory provides a clear and accessible record of your third parties and ensures all third-party relationships are authorized and approved.  

How to Create a Third-Party Inventory 

Creating a comprehensive and accurate third-party inventory requires collaboration between different stakeholders and departments and a clearly defined process.  

Let’s look at the steps to create a third-party inventory:  

  • Define third party – Before building a third-party inventory, define the term third party. Many organizations limit the definition of a third party to vendors, suppliers, and service providers that provide traditional products or services. However, banking regulators recently expanded the definition to “any business arrangement” with or without a contract. Even if your organization doesn’t fall under this regulation, using the term “third party” to refer to all business arrangements is a good starting point.  
  • Identify all third parties – Depending on the size of your organization, this might seem like an overwhelming task. Start with your accounts payable department. They can provide a list of products or services your organization has paid for and any third party your organization has a business relationship with. You may also want to request a list of any contractual relationships your organization has. Look for third-party software tools, as these can bypass your organization’s onboarding or procurement process.  

    Note: Don’t worry about which third parties should be in or out of scope for your third-party risk management program. As you create your inventory, all third parties should be included.  

    Related: Determining Third Parties or Vendors That Are In Scope and Out of Scope 
  • Gather key data points – A comprehensive third-party inventory includes details about the third party and its product or service. Tools and technology like third-party risk management software for data collection and management are helpful as you create the inventory. Here’s some data to consider adding:
    • Contact details
    • Products or services provided
    • Contract terms
    • Third party’s location
    • Department or employee that owns the third-party relationship
    • Inherent risk rating, if third party is in scope for TPRM
    • Residual risk rating, if third party is in scope for TPRM
    • Critical fourth parties, if third party is in scope for TPRM 
  • Categorize third parties – Not every third party in your inventory will be in-scope for third-party risk management activities. However, your scope typically includes most of your vendors, suppliers, and service providers. For in-scope third parties, categorize them in your inventory based on risk. This is typically on a scale of low, moderate, and high. Consider the third party’s criticality, which reflects the impact a third party would have on your business if it were to suddenly cease to exist or experience operational disruptions. Including this information in your third-party inventory helps you know what to prioritize. 
  • Keep the inventory updated – Your third-party inventory should never be a static document. Consistently update it to add new third parties and remove terminated relationships. Update for any changes in third-party relationships like new contracts, changes in products or services, and updates in risk ratings. Consider creating a review schedule to ensure the information remains current. This could be quarterly, bi-annually, or annually, depending on the size and complexity of your third-party relationships.

A third-party inventory is a critical part of effectively identifying, assessing, managing, and mitigating third-party risks. By creating and regularly updating the inventory, you can build stronger, more transparent third-party relationships.

What’s next after creating a third-party inventory? It’s time to identify and assess the risks with a vendor risk assessment.  

Learn about the steps and elements in the process in this complementary eBook. 

DOWNLOAD NOW
 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo