Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

How to Prepare for a Virtual Vendor Site Visit

5 min read
Featured Image

It would be an understatement to say COVID-19 has changed a lot, and you might say the pandemic has altered some facets of our lives indefinitely... from how we live and shop to where and how we work. Like many others, some of us in third-party risk management have gone remote, converted our kitchens or spare bedrooms into offices and learned to do just about everything online. And, when we say everything, we mean everything, including things which were previously unthinkable to do any other way but in person.

In our world, one of those tasks includes conducting vendor site visits. Believe it or not, going on site to “check the tires” of our vendors must now be conducted virtually. So, how can we gain the level of transparency and validation we need on our more high-risk and critical vendors without going on site? How do we actually conduct a virtual “site visit”?

Setting Up an Effective Virtual Review

It might be easy to assume that conducting a virtual “on-site” review would be no different than any other vendor assessment, but that doesn’t have to be the case. If you have vendors who require on-site visits, this means they are a priority, and should continue to be treated as such.

As simple as it may seem, set out to meet with your vendor partners in the same way you would under normal circumstances, but instead of hopping on a plane you’ll gather in a virtual conference room, and get down to business. This will show your key vendors that you haven’t loosened your grip on risk management, nor should they.

Here are a few helpful steps to a successfully remote site visit:

1. Schedule the site visit.

Give your vendor ample time to set up the audit schedule. This is important! Everyone’s extra busy these days, juggling calls and the demands of our family members-turned-office-mates! While setting up the virtual site visit, make sure to discuss the procedure and what method or technologies will be used. If possible, agree to meet via video conferencing, so that the interviews and discussions can be as “in person” as possible. It’s a good idea to inquire if the vendor will allow you to view documents through share screen/video technologies. If not, you will need to discuss further until you’re able to arrive at a mutually agreeable method.

2. Review the vendor’s due diligence. 

As with any vendor assessment, take time to thoroughly understand the vendor relationship, and be especially familiar with their contract, risk profile and current control environment. This means you’ll definitely want to make sure you have current due diligence documentation which includes but is not limited to:

  • Financials
  • Up to date applicable policies, such as an information security, privacy, HR, compliance, etc.
  • Updated or recently validated questionnaires
  • Business continuity/disaster recovery plans and testing details
  • Any of the latest security testing results, if applicable

Pro-tips: You’ll want to send an information request at least three weeks in advance, and make sure you allow yourself ample time to review these documents prior to committing to the scheduled virtual onsite meeting.

3. Plan for the meeting.

Once you have all the details from your remote assessment, work with the business owner to pinpoint any concerns or gaps that need to be addressed “in person”. Make sure to keep these well documented.

Sample issues to address may include:

  • How the organization is handling the new remote work requirements. Is anyone still on site? How was the transition? Have new security measures been put in place? Has equipment been provided? What measures have been taken to ensure employee safety and ongoing business resiliency?
  • Plan to discuss how the organization has been weathering the storm. Have they experienced any setbacks or downsizing due to the pandemic? What affect might this have on services provided (if it hasn’t already)?
  • Any service delivery and/or control gaps
  • Status updates on any open remediation plans from penetration testing, lessons learned, previous vendor assessments, etc.

4. Communicate the meeting details.

Let your vendor know which departments, subject matter experts and/or particular points of contact must take part in the virtual site visit. Be sure to provide a detailed list of evidence that you wish to review, assuming there are things they’re only permitted to share during a live web meeting. Also, provide the vendor with a list of additional topics you would like to discuss, so that they’re prepared to respond with the right people and supporting evidence.

5. Confirm everyone is ready.

As it’s coming close to show-time, make sure all your ducks are in a row, and confirm your vendors are as well. Be flexible where you can, but don’t let the new way of doing things hinder your role in protecting your organization from vendor risk.

You might also want consider these site visit best practices:

  • If you’re using screensharing or video call technology, ensure it is a secure option
  • Draw up a specific audit work program or checklist to follow which covers key areas (e.g., security within a server room, visitor log procedures, BC/DR exercises, etc.)
  • Talk about expectations related to screenshots, screen capture and recording
  • Make sure your vendors that are selected for these virtual site visits are based on risk and criticality
  • Avoid wasting precious meeting time by asking questions they’ve already provided you answers to

While technology has greatly improved our ability to do many things from a distance, virtual site visits are a far cry from a complete replacement.

Keep in mind, virtual site visits are NOT absolute assurance around operational effectiveness, and they’re certainly not a replacement for overall due diligence or thorough insurance or audit reporting. At some point, we’ll have to circle back and to those walk-throughs for our most risky and critical vendors.

The moral of the story here is this: work with what you got, but of course, proceed with caution. With a little bit of planning, a few of these best practices and some luck, your next virtual site visit should go off without a hitch. 

Virtual site  visits are just one of the many industry changes due to the pandemic. Find out what else you should be doing. Download the infographic.

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo