Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Standard Questions to Determine if a Vendor Is Critical

5 min read
Featured Image

Vendors come in all shapes and sizes, and the risks they pose to your organization are as varied as the products and services they provide. Your organization and its customers are most at risk from vendors who can seriously impact your operations if they fail or experience a prolonged outage. We refer to these vendors as critical vendors.

Because the stakes are high, these vendors always require careful consideration and management. Auditors and regulatory examiners will often focus on an organization's risk identification, assessment, management, and monitoring of critical vendors. So, knowing who they are and how to manage them is extremely important. 

What Is a Critical Vendor?

Those third parties whose failure or prolonged outage would have severe consequences for your business operations are considered critical vendors. Without your critical vendors, your organization would be unable to conduct business as usual, if at all. Your organization depends on critical vendors to provide products and services essential to your day-to-day operations. 

Depending on your industry and organization, different vendor types may be essential to your operations or customers.

Some examples of critical vendors' products and services include:

  • Core processing systems
  • Payment processing systems
  • Customer service call centers
  • Backup power generation
  • Network security provider
  • Fire suppression and life safety systems
  • Data centers
  • Personal Protection Equipment (PPE)
  • Raw materials


After seeing examples of potentially critical vendors, it's time to find out which ones are critical to your organization. 

Questions to Identify Critical Vendors

When identifying which vendors are critical to your operation, creating a standard set of criteria that can be universally applied to all the vendors in your inventory is important. That means evaluating the criticality of each vendor using the same standards every time. 

To keep this process simple, you can ask the following three questions.

  1. If we abruptly lost this vendor, would there be a significant disruption to our operations?
  2. Would the sudden loss of this vendor impact our customers?
  3. If the time to restore service required more than 24 hours, would there be a negative impact on our organization?

If you answer "yes" to one or more of these questions, you're likely dealing with a critical vendor. 

Now, while those three questions work well in most cases, you may also consider the following depending on your organization:

  • If we need to engage a different vendor to provide the products or services or bring the outsourced activity in-house, will this require a significant amount of finances, resources, or time?
  • If this vendor failed to provide its products or services, would our organization be subject to increased regulatory scrutiny, enforcement actions, or fines?
  • Would this vendor's failure cause significant harm to our organization's brand or reputation?

Remember that critical vendors are essential to the organization's operations, not just to an individual business line or department. 

vendor criticality

The Importance of Identifying Critical Vendors

Knowing which vendors are critical to your organization and its customers is important for many reasons, including:

  • Identification of critical vendors is a regulatory requirement for many industries. Several regulations require an organization to identify and manage its critical vendors. It’s also crucial that the board of directors and senior management stay informed about critical vendor performance and ensure that any required issue remediation takes place as soon as possible.
  • To minimize risk, critical vendors require the most third-party risk management. Third-party risk management activities should always be in proportion to the risk presented. That means that the highest-risk vendor engagements receive the most thorough and frequent risk identification, assessment, management, and monitoring. Due to their extreme risk to your operations, it’s imperative that critical vendors undergo comprehensive due diligence, careful contract structuring and negotiation, and continual risk and performance monitoring
  • Critical vendors are essential to your organization's business continuity planning. Because of the impact your critical vendors can have on your organization's operations, they must be included in your organization's business continuity and disaster recovery planning, testing, and reviews. It's also essential that your critical vendors have their own business continuity and disaster recovery plans. Review your critical vendor's plans and testing results to ensure they meet your organization's requirements.

Critical vendors provide products and services essential to your organization's operations. Without them, business as usual may not be possible, or your customers may be negatively impacted. This is why it’s important to know who they are and manage them with the highest level of risk management possible. Don't forget auditors and examiners will focus on your critical vendors. And your board and senior management are accountable for ensuring that critical vendors are properly identified and managed. 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo