Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Board Third-Party Risk Management Reporting Essentials

2 min read
Featured Image

Regulatory guidance is clear – you must keep your senior management team and the board informed on developments in the third-party risk management program, particularly on activities related to your critical third parties.

But what does board third-party risk management reporting actually look like in the real world?

Board Vendor Management Meetings

For starters, you should carefully evaluate which meetings need to be established or which ones you should regularly attend. You need to establish a sustainable, repeatable circuit of meetings – perhaps...

  • update your risk committee monthly
  • update your board quarterly
  • if something dramatic occurs, know which group of people to update on those details

You should make sure that all of this is captured in writing – the guidelines should be spelled out in your third-party risk management program and clear in your company’s enterprise risk policy. It’s not enough to simply submit a packet of reports, you should have evidence of the discussion in the minutes of the meeting.

Vendor Management Reports for the Board

You'll want to submit particular reports to the board to make sure they are kept in the loop and involved. Examples of reports/information to share include:

  • Total inventory of third parties. It's important to make sure you've got all of the ones you need to actively manage.
  • Listed new vetted and approved third parties. Include newly approved parties, proposed new parties and their relative risk.
  • Listed terminations of third parties. Whether it's a recommendation to terminate or recent actions, be sure to include.
  • Describing any significant changes of third parties. Focus on high-risk third parties or ones with significant changes.
  • Number of critical vs non-critical third parties and any changes. When things change, it means that there is an issue demanding your attention to see if it changes your feeling on the overall relationship.
  • Risk assessment ratings of the third parties – how many high, medium, or low? And changes. Report out how many are critical or not; how many are high risk.
  • Number on active monitoring programs and some relevant statistics. Tailored ongoing monitoring is crucial to stay abreast of potential concerns.
  • Contracts up for renewal/non-renewal in next 12 months. Be sure you have plenty of time to review before a contract renews.
  • Any new enforcement actions or relevant news on your third parties. Who's in the headlines and why?

Make sure you are able to discuss all of this information. Again, besides being a regulatory requirement, one of the best ways of getting the full support of your board and senior management is to keep them regularly updated.

Download our infographic to learn more about preparing board report packages.

Regulatory Developments Impact Your Next Vendor Management Exam eBook

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo