Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Concentration Risk: Understanding the Pros and Cons of Having a Smaller Vendor Inventory

5 min read
Featured Image

In some situations, it can be preferable to utilize a generalist who can complete many different tasks. For example, imagine that you need to replace your car’s battery, brake pads, and tires. It would be much more convenient to take your car to a single auto mechanic rather than taking it to multiple specialty shops that only perform one function.

Now, imagine a similar situation with an organization’s vendors. For an organization that has a large vendor inventory, it might seem appealing to consolidate its vendors for more efficient operations. However, relying too heavily on a single vendor to perform several, or all critical and/or high-risk functions can expose an organization to vendor concentration risk. 

Note: Vendor concentration risk can also refer to geographical concentration, in which a significant number of vendors are in the same area. This could lead to additional business continuity or disaster recovery risk if that area is affected by a significant event like a natural disaster. This blog will focus on concentration risk as it relates to the quantity of vendors.

The Pros and Cons of Vendor Concentration Risk 


PRO: Concentrating or limiting the vendor pool might lead to volume pricing discounts resulting from bundled services. Rather than pay five separate vendors for different services, a single vendor may offer an attractive discount if you bundle everything together.

CON: Bundled pricing may seem appealing at first, but this is often revealed to be a pricing strategy that benefits the vendor. The main product could be a loss leader so the vendor will upcharge the additional products or services to make up the difference. A savvy vendor manager or executive will be able to identify this strategy and understand what the true market pricing is on each product or service. 

Example: A potential new vendor offers a 10% discount when you bundle three products together, but you discover that two products are priced much higher than the standard market rate. The alternative would be to purchase those products from three separate vendors at a more affordable price.


PRO: Some vendors may have genuine talent in their specialized areas, which would be beneficial for your organization that needs to fill in certain knowledge gaps. 

CON: Beware of vendors that are always claiming to be experts on the latest trends and technologies. There’s a risk that the vendor lacks the necessary experience and simply wants to portray themselves as a leader in their field. It’s easier to spot the amateurs if you understand the following: 

  • The specific purpose for each product or service
  • Realistic and industry-standard performance metrics
  • Real-life users of the product or service

Example: One of your vendors provides two specialized products for your organization, and they just announced a brand-new offering that uses a different technology. This vendor doesn’t have much experience with this technology, so it would be wise to consider seeking out a different vendor who is a leader in this field. 

Performance Tracking

PRO: A concentrated vendor pool often means you can track performance more easily.

CON: Efficiency within your organization is important, but also consider the efficiency of your vendor if its capabilities are spread too thin. The turnaround time and quality of the product or service should be given considerable weight when selecting a vendor.

Example: Vendor A is $2 cheaper than Vendor B, but Vendor B has a faster delivery time. If you were only concerned with cost and easier performance tracking, you would be overlooking a vendor who can provide a more efficient service. The saying “time is money” might be cliché, but it’s a good rule to work with in most business operations. 

Level of Oversight

PRO: Fewer vendors mean less oversight, which translates into savings for both time and costs. Bundling products and/or services with a single vendor would logically reduce your risk assessment and due diligence workload. You may even find costs savings in site visit and full-time employee (FTE) requirements. 

CON: In the past, the OCC has cautioned that vendor consolidation may place an increased burden on the vendor to perform. They specifically highlight an increase in vendor operational risk, which continues to challenge organizations because of the following reasons:

  • Disruption from increasing cyber threats and potential exposure to natural disasters
  • Reliance on concentrations in significant third-party vendors
  • The need for sound governance over product service and delivery
  • Inability to retain talent
  • Failure to periodically test business continuity and disaster recovery plans

Example: Your organization is vetting a new vendor that would provide 70% of your critical services. The risk assessment and due diligence processes are easier to manage with this single vendor, as opposed to diversifying the services to multiple providers. Contracting with the single vendor may require less oversight, but a single cyberattack on this vendor may be catastrophic for your organization, as most of your critical services would be impacted.      

Critical Vendors and Concentration Risk

If you bundle multiple products or services into a single vendor and fail to have a reliable back up vendor in place, you may have inadvertently elevated a high-risk vendor into the critical rating. Remember that critical and high risk do NOT mean the same thing. A critical vendor would cause significant business operation challenges in the event of an outage, so it’s especially important that you have an alternate vendor.

A sound vendor management strategy should be balanced and make good business sense for your organization’s needs. While there is focus on the increasing costs of vendor services, lower costs won’t drive value if the vendor fails in terms of quality and service. Communicate with the first line of business to better understand how third parties are used within your organization. This will offer more insight than simply looking to bundle and reduce your vendor inventory.

While your organization’s executive leadership or board of directors is rightly concerned with cost containment, few are willing to sacrifice excellent customer service. A short-sighted vendor management strategy, including vendor procurement, can make it more challenging to reach your overall goals. For this reason, it’s critical that the board and senior management clearly communicate business goals and objectives so you can approach your third-party risk management activities in a more unified way. 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo