Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


10 Ways to Verify Your Vendors Are Prepared for a Disaster

4 min read
Featured Image

If 2020 proved anything, it was that like it or not, business impacting events can – will – happen. No organization is immune. Of course, the pandemic we’re experiencing today is a worst-case scenario, but these can be unexpected natural or man-made disasters such as a hurricane, power outage, flood or fire.

It’s critical to understand the importance of business continuity and disaster recovery planning and to verify your vendor is implementing strong business continuity and disaster recovery practices that align with your own plans.

Why Is Reviewing Your Vendor’s Disaster Recovery Plan Important?

First and foremost, before digging further into the bones of a disaster recovery plans, let’s understand why reviewing a vendor’s business continuity and disaster recovery plan is so important. What can go awry if you don’t? It’s important to remember: no organization is immune to widespread business effects of a disaster.

Typically, disaster recovery​ plans cover short-term events including fire, floods or large-scale accidents such as gas leaks or chemical explosions, and the absence of comprehensive disaster recovery plan can lead to long-term problems. Some which may include:

  • Unprepared vendors
  • Operational delays
  • Data loss
  • Reputational hits

With a proper plan in place, you’re better able to protect yourself from the above by ensuring there are:

  • Preventative measures in place to reduce the risk of an accident, and plans for natural events which are unavoidable
  • Defined measures and protocols for quickly uncovering and mitigating controllable elements
  • Tested data/operational recovery plans which will allow operations to resume in the aftermath of a disaster

The bottom line is the absence of necessary infrastructure and planning for critical situations can lead to a cascade of failures, resulting in a breakdown of processes and an interruption of supplies and services. Additionally, knowing your vendors, especially your high-risk and critical vendors, have a disaster recovery plan in place is crucial for protecting your employees, customers and your overall business operations. ​

How to Ensure Your Vendor’s Disaster Recovery Plan Is Adequate and They’re Prepared

To reiterate, disaster recovery planning keeps your organization informed regarding what the appropriate response to a business impacting event should be based on the event type that occurred.

So, what steps should you take to ensure your vendors are prepared for a disaster?

The following 10 ways will help you verify vendors are prepared:

  1. Verify an overall plan is in place. Make sure the vendor has a disaster recovery plan in place that is readily available to staff in the event of a disaster and addresses data loss and system availability.
  1. Ensure there’s a strategy for addressing personnel loss. This is considered a succession plan and should account for cross training, staffing agencies, etc.
  1. Check whether criteria is defined and in place for declaring a disaster. Without defined internal communication and an incident management program, employees may not know when a disaster has been formally declared. You want your business units to be attempting to fix the business impacting event and have a coordinated communications channel and plan instead of simply being heads down fixing the problem.
  1. Verify loss coverage. Consider if the plans cover availability and potential loss of equipment, data and the data center/server room. Does their plan fit your cybersecurity and availability requirements? Look at how their data is stored, the location and status of the recovery information systems.
  1. Check if the plan accounts for a secondary data center. Is it readily available in the event of a disaster? Then, ensure it’s sufficiently geographically separated so that a regional impacting event won’t affect the vendor’s production and recovery sites simultaneously. 
  1. Review data center configuration. Analyze the vendor’s data center recovery locations to assess the adequacy of recovery capacity to meet your business needs.
  1. Ensure there’s a communication plan. Determine if there’s a set client notification processes in place and that these processes meet your organization’s requirements. When disaster incidents or cybersecurity incidents occur, communication can save a relationship. Verify that the vendor’s notification timeline meets any requirements you have, including regulatory requirements.
  1. Review critical IT functions. Does your vendor outsource to another third party? If they do, ensure communication plans exist with subcontractors (aka your fourth parties).
  1. Look at the vendor’s testing procedures. Make sure the testing is at least annual and ask to see the actual or redacted test results. Has the vendor successfully performed a full disaster recovery test? If not, why not? Any testing results showing room for growth should be followed up on.
  1. Analyze the vendor’s ongoing disaster recovery maintenance. Plans should be reviewed annually and after any significant organization changes as part of the vendor’s routine policy maintenance.

As you review and ensure your vendors are prepared, don’t be afraid to reach out to the vendor to discuss any findings and next steps.

Implementing practices around vendor disaster recovery review isn’t necessarily difficult, but it does require a lot of work. However, the hard work pays off by protecting your organization, operations, customers and reputation... Something we could all make sure we do.

Dive deeper into how to review both your vendor's business continuity and disaster recovery plans. Download the eBook.  

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo