Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


New State Privacy Laws: Preparation for You and Your Vendors

3 min read
Featured Image

With a rise in data breaches, both cybersecurity and data protection should be top of mind for every organization. Additionally, as concerns around data protection continue, privacy initiatives will be a focus and expectations and requirements will only increase. If you’re in one of the states considering legislation like the CCPA, or a subset of it, what steps should you take?

4 Steps to Help You Prepare for State Privacy Laws

1. Research proposed laws.

On January 1st of 2020 the California Consumer Privacy Act went into effect requiring companies with its scope to make significant changes to their privacy and personal information management by July 1, 2020. Some of these changes will require organizations who fall within its provisions to not only provide detailed mapping of how an organization identifies, tracks and stores personal information within a network, but to update both online and offline procedures to reflect CCPA compliance; and to respond accordingly to consumers with privacy requests covered under the measure. Some of these requests will include the right to delete a consumer’s personal information and provide opt-out measures.

However, California is not the only state to consider these kinds of protective actions. Notable bills in both Washington and New York did not pass but are expected to be reintroduced in future sessions. Additionally, New Hampshire, Virginia, New Jersey, Florida, Nebraska, Illinois, Arizona, and Vermont have all drafted similar measures. Meanwhile, Maine and Nevada have passed privacy laws with very narrow applicability: Maine for Internet service providers (ISPs) and Nevada for data brokers.

Although New York’s privacy act did not pass, New York did pass the SHIELD (Stop Hacks and Improve Electronic Data Security Act) Act which became effective March 21, 2020. This is not a privacy law. The SHIELD Act expands on data breach requirements and outlines recommended reasonable security practices.

2. Weigh your internal systems against the new laws.

It’s important that you understand the provisions and stay ahead of the curve. Once you have a solid handle on the requirements, take a good look at where your organization’s cyber and information security systems lie against your state’s proposed laws.

Consider the following: 

  • Is the definition of PII that your organization uses changing alongside new and proposed privacy and data security laws?
  • Have you implemented a control environment that your security and privacy professionals as well as legal advisors feel covers the industry’s expectations based on types of data held and potential threats?
  • What kind of personally identifying information are you currently storing, and where?

Tip: It’s important to consider information well beyond social security numbers. There are so many other types of data that may possibly be tied to an individual. These include a simple name, email address or phone number. You’ll also want to look at IP addresses, biometric data and location data, to name just a few!

3. Lean on your community.

We’re all in this together! As a community, we should try to help one another better understand and prepare for these new laws. As long as data breaches and selling data remain an issue, privacy concerns are here to stay… and so are the laws to maintain reasonable levels of security. Vetting vendor security to ensure reasonableness is a part of this process.

4. Invest in education and training.

Alongside your community, it’s never a bad idea to commit to continued learning. Conferences and webinars are fantastic resources to help you stay up to speed with best practices and industry analysis. These are also safe environments to share research or connect with local privacy and security groups. You can often find resources to develop better training protocols for departments who work face-to-face with vendors every day and help improve and streamline gaps between vendors and third-party risk management efforts. And as you invest in education and training, ask yourself, are you vendors doing the same for their staff?

There’s no avoiding it — more state privacy laws are coming, so don’t let them sneak up on you. Make sure to review the recent enforcement actions and look for elements that may be present in your own practices. We can all hope for a federal privacy law to standardize citizen rights and protections, but will those rights and protections be enough for all states, or will a federal privacy law further complicate compliance?

Protect yourself from the rising vendor cyber risks with these 7 steps. Download the infographic.


Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo