Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

How to Get Data Back from a Vendor

3 min read
Featured Image

It’s important to retrieve non-public personal information (NPPI) data after a contract has terminated. There’s a significant amount of focus on important issues or concerns when onboarding a new vendor. Emphasis is given to data security around a customer’s non-public and personal information.

How this data is handled and stored while the vendor relationship is active is often a key standard by which vendors are evaluated. However, remember that unless additional precautions are taken, the data could still be accessed by unauthorized users after contract termination.

Verify What Happens to Your Data

If you’re terminating a vendor relationship, you should consider the amount and type of data that the vendor holds on their servers. Since you can’t technically see the data, ask these 3 questions:

  1. Where is it stored?
  2. Is it segregated from their other clients’ data?
  3. Do additional vendors (third or fourth parties) have access to it?

Consider this. Your organization’s data still resides on a vendor’s system who may employ someone who has access to confidential data, or they may give access to another vendor. Can anyone really know if your data is being accessed, used or resold after the event?

Create a Plan to Receive Your Data

Follow these 4 steps to get your data back:

  1. Request digital shred: As you near the termination date of the contract with the vendor, a formal request should be submitted to the vendor asking them to digitally shred your data. An attestation should accompany this stating that the vendor can no longer access the data upon the successful completion of the shred service.

  2. Request for print shred: If the vendor stores NPPI in paper form in addition to the electronic form, then all paper should either be shredded or sent directly to you.

  3. Ensure everything is accounted for: Even after returned, you should store this data one way or another. The returned physical files, back up data tapes and monthly data sent to vendors for quality control audits should all be accounted for. Performing an audit, monthly or quarterly, of data shared is crucial to ensuring where copies of NPPI are currently being stored.

  4. Verify with a certificate: If your vendor has confirmed that your data is destroyed, then request they provide a certificate which confirms this practice. The certificate will verify the status of the data and provides an additional sense of security in your vendor oversight responsibilities. Proof is important!

Misplaced Data Affects Regulatory, Reputation and Financial Risk

There have been several instances reported where vendors have disposed of documents which contain a customer’s confidential information. This makes it easy for someone to locate and steal a customer’s information.

In this scenario, the regulatory and reputational risk for the organization and third party vendor is very serious as it can lead to a significant physical data security breach.

Hopefully You Get Your Data Back

Regardless of the size of the vendor, always take the appropriate actions to trust but verify your vendor relationships. Initial due diligence is important, but you should also include a termination and exit strategy in the contract, as this is necessary to think about upfront too.

Never just assume the vendor will handle the data as you expect. Always verify that each vendor is committing in the contract that they will destroy and return all data in a satisfactory and compliant manner.

Are you prepared to handle it if your vendor suffers a data breach? Check out this infographic to help. 

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo