Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Top 10 Vendor Risk Management Best Practices to Take into 2019

3 min read
Featured Image

It’s the last month of the year! When you leave behind 2018, don’t leave behind third-party risk management best practices though. We have the top 10 vendor risk management best practices to take with you into 2019. Check them out below!

Vendor Risk Management Best Practices for 2019

  1. Develop and document a firm set of third party risk management practices – policy, program and procedures. Be sure to revisit the documentation as guidance changes.
  2. Require that your third party risk policy and program receive annual approval from the board of directors. Your examiner will likely want to see the approval date and any discussion of it in the meeting minutes.
  3. Define standards for selecting a new third party and ensure the business units understand their vital role. Have a list of due diligence requirements that must be obtained and reviewed when vetting a vendor during the selection phase. Keep the business units informed at all times by outlining their roles in the procedures, continuing education and inviting them to meetings that can affect their roles and responsibilities.
  4. Review your vendor list. Understand your current vendor profile by requesting your vendor list from Accounts Payable and reviewing it on a regular basis. Ensure you have a firm understanding of who is actively managed and who is not – and note any reasons for exclusions – and who your critical, high, medium and low risk vendors are.
  5. Create a robust set of due diligence procedures, coupled with well-documented analyses. Ensure that your document collection is comprehensive and that the artifacts gathered are thoroughly analyzed by experienced subject matter experts (SMEs).
  6. Involve SMEs from around the organization, or even externally, to help with the review of complex matters like business continuity plans and cybersecurity initiatives. If you don’t have a SME at your organization who can perform a thorough, well-developed review of a vendor’s due diligence when necessary, outsourcing to a third party expert can often save time and guarantee work product that is high quality.
  7. Assess the risk of doing business with each vendor, paying close attention to both the business impact risk and the regulatory risk implications. The business impact analysis will determine if the vendor is critical or non-critical to the organization. The regulatory risk analysis determines if the vendor is low, medium or high risk based on criteria such as strategic, transactional, operational risk and more. It’s important to understand both levels for each vendor.
  8. Implement strong vendor contract management practices. A good practice is to keep it centralized with accurate tracking of key dates and terms so that a renewal/termination notice period or important date is not missed.
  9. Establish manageable and sustainable ongoing monitoring techniques tailored to the risk associated with the product or service. Not all vendors are created equal. Due to this, it’s imperative to no longer have a “check-the-box” mentality. Establish guidelines to monitor each vendor relationship that are unique to the product/service and the level of risk posed.
  10. Update all vendor documentation on a regular basis along with internal reports. Ensure that the frequency of updates is dictated by the level of risk represented by the specific product or service. Establish scalable processes for conducting a new risk assessment, ongoing monitoring/due diligence and contract structuring so that you can more easily make these updates.

These top 10 best practices will help you get the right foot forward when heading into 2019.

Understand the state of vendor risk management in 2019. Download the whitepaper now.



Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo