Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Legal Insight: White House Issues New Cybersecurity Executive Order

5 min read
Featured Image

If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through hundreds of pages, there are some terrific law firms out there who quickly digest and dissect the new regulations into a couple of pages of meaningful information that you can easily understand. One of my absolute favorite firms is Ballard Spahr, a very well respected and long time industry expert. On staff they have numerous former regulators and real financial services experts. 

We thought you might like to see some of their work so they have kindly agreed that we can share it with you here – it’s helpful to get their perspective on important issues shaping our industry. Today, we’re featuring the tone from the top – in this case the executive branch – on the important national cybersecurity focus. And with this, it should also make you think specifically about vendor management cybersecurity. It’s a timely topic and one that I know causes all of us great concern. Enjoy the Ballard Spahr piece and, if you’d ever like to learn more about them, I’d be happy to introduce you to some friends and former colleagues who work there."

White House Issues New Cybersecurity Executive Order

The following publication was written by members of Ballard Spahr’s Privacy and Data Security Group

President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (Order). The Order sets forth the Trump Administration's policy for cybersecurity of federal networks and calls for executive departments and agencies (Agencies) to secure their information technology and data using "all United States Government capabilities." The Order also describes how agencies will be expected to support the cybersecurity risk management efforts of critical infrastructure entities, including the financial services sector, and take steps to protect against cyber threats that could result in catastrophic regional or national effects to the nation's economic security and other critical sectors. Industry experts have generally been supportive of the Order, noting that it builds on President Obama's 2013 Executive Order.

U.S. policy has focused on protecting critical infrastructure since the Commission on Critical Infrastructure Protection was established by President Clinton in 1996. In 2013, President Obama identified 16 critical infrastructure sectors in Presidential Policy Directive 21, including financial services, energy, health care, and communications. President Trump's Order directs the Secretaries of Homeland Security and Defense, the Directors of National Intelligence, and the Federal Bureau of Investigation, and the heads of all appropriate Agencies to take the following steps to help support the owners and operators of critical infrastructure:

  • Increased Support: Agency heads will identify "authorities and capabilities" that could be employed to support cybersecurity risk management of critical infrastructure entities. The Order requires agencies to engage such entities and solicit their input on how best to support their cybersecurity risk management.  
  • Market Transparency: Within 90 days, President Trump will receive a report that examines the sufficiency of existing federal policies and practices to promote appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities.
  • Resilience Against Threats: The Secretaries of Commerce and Homeland Security will identify and promote action by the appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration, with the goal of reducing threats perpetrated by botnets and other automated and distributed attacks. A preliminary report on this effort will be made publicly available within 240 days of the Order.

The Order also addresses how agencies will ensure that cybersecurity threats to the internet and the American people are mitigated, while respecting privacy and guarding against disruption, fraud, and theft. Among other measures, the Order requires:

  • Deterrence and Protection: The Order directs the Secretaries of State, Treasury, Defense, Commerce and Homeland Security, along with the Attorney General, the U.S. Trade Representative and the Director of National Intelligence to submit a report to the President on strategic options for "deterring adversaries and better protecting the American people from cyber threats."
  • International Cooperation: The Order also directs agencies to foster international cooperation in countering cyber threats. The President will receive a report within 45 days that outlines international cybersecurity priorities, including those concerning cyber threat information sharing, capacity building and cooperation, and, in 90 days, a report that documents an engagement strategy for international cooperation on cybersecurity.
  • Cybersecurity Workforce: To ensure that the United States maintains a cybersecurity advantage long term, the Order tasks the Secretaries of Commerce, Homeland Security, Defense, Labor and Education, and the Director of the Office of Personnel Management with developing a plan to assess and bolster the cybersecurity workforce.

The Order is not intended to interfere with any existing cybersecurity laws, such as the Gramm-Leach-Bliley Act, or authority granted to any other federal agencies.

Ballard Spahr's Privacy and Data Security Group helps clients navigate the many laws designed to safeguard health, financial, and other private information. The Group focuses on financial privacy and security by design—evaluating new products and services and communications channels to ensure that financial institutions are meeting their privacy and data security obligations.

This publication was written by members of Ballard Spahr’s Privacy and Data Security Group.


Ballard Spahr LLP, an Am Law 100 law firm with more than 500 lawyers in 15 offices in the United States, provides a range of services in litigation, business and finance, real estate, intellectual property, and public finance. Our clients include Fortune 500 companies, financial institutions, life sciences and technology companies, health systems, investors and developers, government agencies and sponsored enterprises, educational institutions, and nonprofit organizations. The firm combines a national scope of practice with strong regional market knowledge. For more information, please visit

Download our helpful infographic to learn how to protect your institution from vendor management cybersecurity threats in 2017

Preparing for Vendor Cybersecurity in 2017

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo