Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Vendor Data Breach Notifications: Is Your Organization Left in the Dark?

3 min read
Featured Image

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 organizations and found, startingly, that nearly 1 in 3 of the banks surveyed don’t require their third-party vendors to notify them in the event of an information security breach or other cybersecurity breach. This is a huge problem for obvious reasons, but let’s take a closer look at the potential fallout and why it’s important to require vendor notification in data breach scenarios.

Reasons to Require Vendor Data Breach Notifications

  1. Increased regulatory scrutiny. If your organization suffers a breach, you should expect your regulators to show up looking for answers. You’re expected to be able to address an unauthorized access incident to customer information in systems maintained by your service providers. However, you can’t adequately address something you don’t know about.
  2. It helps to protect your reputation risk. Reputational risk is risk arising from negative public opinion. Security breaches resulting in the disclosure of customer information and violations of law and regulation could harm your organization’s reputation. It’s much better to notify your customers directly regarding a breach and your plan of action to resolve the issue instead of them finding out through the vendor or a public news source.

The implications of a data breach aren’t limited to the reputational fallout. Nearly all states now have a data breach notification law, and while each state has different requirements, it’s important for both the organization and the third-party vendor to be aware of each regulation.

How to Require Vendor Data Breach Notifications: Your Next Step

There’s no way to anticipate all breaches that may impact your vendor. The best you can do is take the proper steps to protect your own personal data.

The first way to accomplish this is to write the breach notification requirement directly into your vendor contract. Defining what that looks like is often harder than we think, so here’s a list of what a breach notification clause should include:

  • A defined notification timeline
  • A designated point of contact for all questions and status updates regarding the breach
  • Public disclosure provisions
  • Parameters for investigating, remedying and taking any other action deemed necessary regarding the breach and any dispute, inquiry or claim that concerns the breach
  • Defined instructions relating to the handling of any confidential information affected or potentially affected by the breach
  • Ability to define actions that need to be taken to prevent future breaches
  • Defined contract repercussions in light of a breach (contract cancellation, suspension, etc.)

Incidents and breaches happen. It’s inevitable. The key to minimizing the impact is discovering them quickly and having a plan to address them quickly and effectively. Ensuring your vendors are able to demonstrate what they do if an incident occurs, how follow up and resolution is performed including notification steps, is crucial from the very start of your relationship.

Learn how to protect your organization from third-party cyber risk. Download the infographic.


Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo