Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Ransomware Attack on Colonial Pipeline Raises Vendor Cybersecurity Concerns

3 min read
Featured Image

The recent ransomware attack on Colonial Pipeline should serve as a glaring reminder of how easily a single cybersecurity incident can cripple a fragile infrastructure. Despite the government’s appeals for drivers to resist panic buying, many gas stations throughout the Southeast were running dry last week. The issue wasn’t a gas shortage, but rather a problem with distribution.

About the Colonial Pipeline Attack: Key Details

Georgia-based Colonial Pipeline provides nearly half of the east coast’s fuel, with its main pipeline traveling from Houston, TX to Linden, NJ. After the cyber attack was discovered on May 7, Colonial took proactive measures and shut down operations. Details are still emerging about what exactly led to the attack, but it was likely a combination of a few different factors, including poor security practices from users.

The attack has been linked to ransomware group DarkSide which first emerged on Russian hacking forums in August 2020. The group claims that they’re apolitical and only motivated by obtaining money from large companies. They forbid its affiliates from attacking certain industries like healthcare, education, public sector and non-profits.

Colonial Pipeline Attack: Recent Updates

  • Colonial Pipeline has resumed operations after the 5-day shutdown but noted that product delivery will still be delayed for several days.
  • They have reportedly paid the ransom of almost $5 million in cryptocurrency.
  • President Biden signed an executive order on 5/12 which directs the Commerce Department to create new cybersecurity standards for government vendors.
  • The Environmental Protection Agency (EPA) issued a fuel waiver on May 11, and it goes into effect through May 31. This allows some retailers to sell gasoline that burns dirtier than normally allowed.
  • The Department of Transportation (DOT) has also stepped in to help alleviate the distribution problems by considering a temporary waiver of the Jones Act, which prohibits foreign ships from transporting goods between US ports.

3 Tips to Enhance Your Vendor’s Cybersecurity

Although this was a targeted attack, organizations would be wise to brush up on their cybersecurity and vendor due diligence practices to ensure that the proper safeguards are in place to protect against a similar incident. Here are three ways to do this:

  1. Cybersecurity protocols and procedures: Ensure that you collect these documents from your third party, which should also include the results of testing. This will confirm that they have a process to not only detect incidents, but also to properly respond to them.
  2. Shared cybersecurity practices: Your vendor should follow any cybersecurity best practices that your organization has in place, while also ensuring that their third parties (your fourth parties) are performing to your standards.
  3. Include breach notification requirements in your contract: Your requirements and expectations around breach notifications and procedures should be clearly defined in your contract.

Ransomware attacks and other cybersecurity events will always be a part of our interconnected and technology driven world, but there are ways to protect yourself from being a victim. By ensuring that you and your third parties are adhering to these best practices, you can lessen your risk of facing an attack.

Not sure if your vendor's cybersecurity is where it should be? Download our Vendor Cybersecurity Checklist to ensure your organization is protected.

vendor cybersecurity checklist

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo