Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Vendor Risk Management When We're Past Pandemic Planning

3 min read
Featured Image

Right about now, many organizations are dusting off their Business Continuity and Disaster recovery (BC/DR) plans, looking at the section on “Pandemic Planning,” and realizing they have a lot of blanks to fill in.

In my career, I’ve reviewed a lot of BC/DR plans. I’ve stood on my "soap box" many times and explained to my vendors that influenza/pandemic planning does not mean making sure your employees have their flu shots and an adequate cleaning service. I would ask them a few main questions:

  1. Do you have redundancy and/or desk-level procedures built into your key operations so that if people are out sick, business can run smoothly? (i.e., help eliminate single points of failure)
  2. Are you capable of continuing operations if many people need to stay home? (i.e., remote work)
  3. Do you have an idea of how you would operate in a 'minimum manning' scenario?

I always looked at pandemic planning as part of a robust and mature BC/DR program. I’m personally guilty for not taking it seriously enough. My own words are echoing in my head, telling countless companies, “It’s a ‘nice-to-have’, but not a show-stopper”… Well, the show stopped. And it’s safe to say I won’t be on that same soap box any time soon.

So, we’re in a predicament. We’re past the Preparation stage. It’s time to identify and contain any damage that might come of all this, taking notes for “lessons learned” along the way. Whether you’ve had a good preparation plan or not, no one could have fully accounted for the true gravity our current situation. Of course, we can’t fix everything at once, so we need to prioritize.

Let's Take a Look at the Business Impact Analysis

The Business Impact Analysis (BIA) should help you see what the most critical parts of your business are, and subsequently, the associated vendors. Whether or not you have a mature vendor/third-party risk management program, I strongly recommend that every organization circle back on their BIA and do a little “COVID Checkup” on their critical services and vendors.

Tip: If you don’t have a BIA in place, take this opportunity to go the “quick and dirty” route. Use your best judgement to identify the vendors you rely on the most. These are the ones who are involved in your daily operations, and whose stability has a direct impact on your own.

I Know Who My Critical Vendors Are - What's Next?

  1. Review their remote operations. Have you evaluated your vendors’ remote capabilities and security? Pay attention to vendors that may have mentioned that they don’t generally work from home, because right now, assume they are. If they’ve had to stand up this operation quickly, there’s a strong chance some important security measures are being bypassed.
  2. Review their Financial Security. Even though an organization looked okay on paper a month ago, many companies have come to a standstill, may have had to make cuts, and might not be gaining revenue. Do some research, and make sure you have a redundancy plan (i.e. another vendor in mind) for services you can’t live without.
  3. Communicate with them. You’ve probably gotten an email from everyone you’ve ever done business with about how they’re responding to this pandemic, but it wouldn’t hurt to send a “How-Ya-Doin?” to your vendor contacts. Not only is this important to make sure they’re able to maintain their commitments to you, but it’s also a great way to enhance your business relationships. From an auditing perspective, I stand by the fact that it’s easier to catch a fly with honey than with vinegar. You might just find out ways you can help each other out in these unprecedented times.

Of course, no vendor management program is a “one size fits all”. Every organization is as unique as the vendors that serve them. Just make sure that any changes to their operations are consistent with your expectations, and remember:

No matter the business continuity or pandemic plan, always use your best judgement to mitigate vendor risk, and document everything!

Once things go back to normal, or as I like to say, the “new normal”, we’ll have learned a lot, and we’ll make our BC/DR plans and BIAs better than they’ve ever been. In the meantime, lets ride this wave of collective altruism and incorporate it into our day-to-day operations, and business relationships. The more we help each other out, the more can come out of this stronger than before.

Protect your organization by thoroughly reviewing your vendor's pandemic plan. Download the infographic.

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo