Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Third-Party Risk Thought Leadership Discussion with Silicon Valley Tech Guru

3 min read
Featured Image

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best practices, trends and more, I had the opportunity to speak with Keith Koo, Founder and Managing Partner of Guardian Insight Group. Guardian Insight Group is a technology risk advisory firm dedicated to identifying, assessing, controlling and mitigating risks associated with doing business between clients and their third parties.

Keith has an extensive background in third party risk management. He was previously the Managing Director and head of third-party risk management for the Mitsubishi Financial Group where he was responsible for ensuring the bank had the proper framework, policies and controls to meet regulatory standards for effective oversight of third parties and vendors. In addition, Keith is the creator and host of Silicon Valley Insider radio show and podcast.

Keith Koo Interview Highlights

During our time, we covered:

  • Third-party risk management team qualifications
  • Cybersecurity risk
  • Outsourcing risk

Be sure to check out the full interview here.

Qualifications for a Third-Party Risk Management Team: What Do They Look Like?

The opening of our call was surrounding third party risk management team qualifications. Throughout our tenure, Keith and I both concur that we see the following as some of the skills you’re looking for in someone on the team:

  1. A full understanding of SOC reports
  2. Is well-versed in business continuity planning and disaster recovery
  3. Has a strong working knowledge of financial reports and how to perform an analysis 

To be clear, those are just a few of the skills you’d like someone to have. This will make them a strong asset to your team but, as one can imagine, it’d be quite difficult to find one person who has all of this knowledge. For this very reason, you need to hire multiple people with many different skill sets and backgrounds.

Additionally, not only do you want someone on the team who has the educational background in third party risk, but you also want someone who has been in the trenches Keith shares.

“Somebody who can read the regulation around third party oversight, that's all great. But what about somebody who's actually been in the trenches with the vendor on constructing a statement of work and what happens when that complexity arises, and there's 800 statements of work? You really need to have that skill set that somebody who knows how to manage the function itself.”

It’s important that somebody have both the expertise and experience regarding what to do when you come across unanticipated vendor hurdles.

Cybersecurity Risk: Can It Ever Be Defeated?

In short, cyber risk can’t be solved for, says Keith. In his opinion, cybersecurity can’t be defeated because of a few factors but simply put, the financial incentives are too great, and the cost is too inexpensive for hackers to access sensitive data. This makes it extremely important to have strong incident response plans and reporting. Testing and follow through needs to be implemented in order to be as proactive as possible.

Regulatory Reform and Outsourcing Risk

The whole point of why we have third party risk, which was originally vendor risk to begin with, is the regulator is saying very bluntly, that you can outsource the task or activity, but you can't outsource the risk,” said Keith when discussing regulatory reform.

Keith does not feel that there will be any third party risk management relief even if reform occurs. Since you can’t outsource the risk, he feels that the burden will only become higher as the regulations increase.

A Thought to Take With You

Keith ended our discussion with a conundrum that I’d like to share with you. His question for all third party risk individuals is this, “With the introduction of decentralized technology, like blockchain, how do you account for third party risk?” It’s an interesting challenge that will only continue to get more complex.

On behalf of Venminder, I would like to extend a thank you to Keith for his time and participation in this series. It was a very impactful conversation.

Stay on top of the State of Third-Party Risk Management. Download the whitepaper now.


Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo