Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

How to Onboard a New Vendor

4 min read
Featured Image

Organizations can’t sustain themselves without vendors. Whether it’s a telephone service provider or outsourced IT provider, vendors help operations run smoothly. Some organizations may only require a handful of vendors, while others need hundreds or thousands. It should come as no surprise that vendor management becomes more complex as the number of vendors increases.

The vendor onboarding process (also known as vendor selection) is a critical step early in the vendor relationship. By taking special care in vendor onboarding, you’ll prevent a lot of headaches down the road. Every potential vendor should be subject to this comprehensive process which will thoroughly vet and ultimately select the best choice for an organization. Let’s review what the process entails.

8 Steps to Onboard a New Vendor

At a minimum, your onboarding process should consist of the following eight steps. Also, keep in mind that the process should be more rigorous for vendors with a higher level of criticality. Let’s dive in:

1. Always research.

Make sure you’re aware of all your vendor options by searching online, listening to sales pitches and asking others for recommendations. Remember that opinions by word of mouth can be very powerful.

2. Issue a Request for Proposal (RFP).

This document can be referenced by both your organization and any potential vendor to clarify exactly what product or service is being sought and how it fits into your business strategy. It’s recommended to send out an RFP to the top 3-5 vendors on your radar. Within the RFP, outline your organization’s business objectives and technical requirements. Make it crystal clear what you need the product/service to accomplish and request the vendor formally responds to every point in the RFP with an affirmation stating whether they can meet each requirement.

3. Begin to compare.

It’s a good idea to list out the features and functions that have been included in the RFP. A simple spreadsheet can be used, but a software platform with a vendor management comparison feature makes this process even easier and helps you see the big picture. You’ll be better prepared to draft a pros and cons list of each vendor, including details such as where each vendor excels or any critical requirements that may be lacking.

4. Complete a vendor risk assessment.

Don’t forget! This important step will determine if the vendor is high, moderate or low risk to your organization, as well as whether they’re critical or non-critical. The results of this assessment will factor into the due diligence you’ll collect.

5. Collect due diligence.

We can’t stress how important this is! Do your due diligence. The due diligence requirements are going to vary depending on the criticality and risk level of the vendor. The more critical or risky the vendor, the more due diligence you will need to perform. For example, you’re going to request a SOC report if you’re looking into a new core system processor, but you won’t request that if you’re seeking new landscaping services.

Here’s the due diligence you should always obtain:

  • Mutual Non-Disclosure Agreement (MNDA) or Confidentiality Agreement
  • Basic Information (i.e., full legal name, address, all physical locations, Website URL)
  • Ownership structure and affiliated companies
  • Tax ID
  • State of Incorporation
  • Articles of Incorporation
  • Secretary of State Check
  • Business license
  • Certificate of Good Standing
  • Credit report
  • OFAC/PEP checks
  • Any “doing business as” or “also/previously known as” (d/b/a, aka, pka)
  • Dun & Bradstreet (D&B) report
  • Vendor complaints research findings
  • Vendor negative news search findings
  • List of subcontractors/fourth parties
  • Picture or Google map view of facility (if required)
  • Conduct check of CFPB Complaint Database and/or Better Business Bureau rating

6. Obtain references.

After narrowing down your list of preferred vendors, ask them for professional references or case study/customer success story documentation. It’s always a best practice to learn about the customer’s firsthand experience by speaking to someone or reading more about the product/service.

7. Develop an exit strategy.

So now that you’ve compared vendors and completed your due diligence, what’s next? Before you sign the contract, you need to consider a backup plan if the vendor relationship strays off course. Yep, even before you enter the contract, you need to think about how to exit the contract because things happen.

You’ll want to know how any data will be returned to you or destroyed, how quickly you can replace the vendor or bring the product/service in-house, etc. This is also the perfect time to figure out who your backup vendor is going to be before you’re ready to move forward with the contract. Don’t forget to write the applicable portions of your exit strategy into the contract.

8. Keep senior management and the board informed.

Throughout the entire onboarding process keep senior management and the board updated. Be sure to present them with a summary of the due diligence, risk assessment, your planned ongoing monitoring and the proposed contract prior to signing on the dotted line.

Using Tools to Ease the Process

As you can see, onboarding a new vendor can be a time-consuming process that requires several, detailed steps. To make the process easier, tools can come into play. Automation of tasks can guide you through workflows. And, for example, you can outsource risk assessments and security ratings for due diligence information, such as on-demand cybersecurity ratings with Venminder’s BitSight Indicator, which can provide the insight necessary to judge the level of risk associated with the vendor, all right at your fingertips.

These eight steps will save you from contracting with the wrong provider. Doing your due diligence right away helps guarantee that you’re selecting the best vendor in the space and best fit for your organization.

 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo