Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Top 10 Vendor Management Terms That Every Team Should Know

8 min read
Featured Image

So, you’ve mastered the terms Business Continuity Planning (BCP) and Disaster Recovery (DR) and have a good understanding of what is needed to manage a sound vendor management program. 

Below is a list of 10 key terms that will further help you build out a well-versed program and provide an additional layer to your vendor management sophistication.

The 10 Vendor Management Terms

  1. MRA - Matters Requiring Attention: This is a term that you don’t want to run into very often if you are on the opposite side of the examination table. MRAs are used when a deficiency is identified and requires some form of corrective action. Use this in your vendor management arsenal when performing your own assessments on your vendor panel. 

  2. Right to Audit Provision: This is critical language in your vendor contracts. Without this key item included, you’ll run into difficulties at your annual audit reviews. Without this provision, the vendor can decline to cooperate in sharing due diligence material with you. 

  3. RTO - Recovery Time Objective: This is the measurement of time that is needed for a system to return to operating after going down. An example would be that the vendor determines they require the systems to be back up and operational within four hours. It would be prudent to check when the vendor last tested a RTO scenario and if they met their RTO SLA. The key here is to obtain the testing results and any remediate action should they have failed to meet the RTO. 

  4. RPO - Recovery Point Objective: Unlike the measurement of time mentioned in the RTO, this term is based on the importance of retrieval of data, the time it would take and your tolerance of such a delay to retrieve lost data. In this example, the RPO would look at how long your vendor can function between back up of data. If the data is critical to the vendor operation, then RPO is an extremely high-risk item and should be viewed as a critical pillar in managing business continuity. The key here is to review RPO times and check for any failures to meet the RPO and the corrective action or re-testing of such an outage. 

  5. Statutory Law: The mortgage industry is awash of law and regulations, and it is easy to bundle everything into one category. However, as vendor management becomes more sophisticated, it doesn’t hurt to understand this key term; especially when dealing with vendors and their own internal compliance and legal teams. Simply put, a statutory law is one that has been passed by state or federal government. The regulatory laws which follow the statute are issued by government agencies such as the CFPB and OCC.  

  6. GLBA: Since we just touched on law; how about GLBA? Short for Gramm-Leach-Bliley Act, this law provides consumers with limited protections against the sale of private financial information. This is extremely important in vendor management considering that vendors of all shapes and sizes may have unfettered access to personal confidential information. 

  7. Evergreen: Believe it or not, this is a key term that every vendor manager should be on the lookout for when reviewing an existing contract or entering into a new one. The term is a contract provision which automatically extends or renews the agreement term after the initial term has been met. If you discover an evergreen provision, check your termination language and escalate to your legal team. While an evergreen provision may make sense for a paper delivery or maintenance type service, you may run into trouble if you have signed up a service which is deemed highly critical to your operation. 

  8. Reputation Risk: It takes years to build a good reputation and only minutes to destroy it. Don't be the victim of reputation risk caused by your vendors. While there is always focus on operational and financial risk that the vendor may expose your organization, making sure that you work with a reputable vendor will go a long way in ensuring that you are not tarred with the same brush should something go wrong. In an age of social media and litigation, any vendor becomes an extension of your brand. 

  9. RFP – Request for Proposal: If you are on the lookout for a new product or third party service provider, a valuable tool at your disposal is the RFP document. This document is shared with a select group of known vendors or could be published on your company website as you attempt to find the correct vendor to meet your specific business needs. Depending on the size of the organizations, RFPs are the only way to manage the procurement process.

  10. Cure Notice: If your vendor fails to meet contractual agreements, a cure notice will help place the vendor on notice. This document should outline very clear and specific detail as to the requirement of curing any service level or product deficiency and set the expectation of next steps in the vendor contractual relationship. Next steps could include monetary refunds up to and including termination of the service. 

This is not an exhaustive list but will help if you are new to vendor management. Good luck! To continue to learn about the foundational elements of vendor management, download this helpful infographic.

6 Pillars of Effective Vendor Management

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo