Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Who Is Considered a Third Party or Vendor?

3 min read
Featured Image

When it comes to third-party risk management (TPRM), there is often confusion regarding the terms used to describe the types of relationships that need to be managed. "Third party" and "vendor" are the most common terms used to describe the business entities or individuals that provide products or services directly to an organization or its customers on the organization's behalf.

These days, the terms vendor and third party are often used interchangeably. Most organizations make no meaningful or substantial differentiation between the two terms and that's okay.  How you refer to these relationships is not as important as understanding that third parties/vendors can expose your organization and customers to risk. The identification and management of those risks is the heart of an effective third-party risk management practice.

Examples of Third Parties/Vendors

Here are a few examples of entities that are considered third parties or vendors:

  • Software as a Service (SaaS) providers
  • Outsourced data centers
  • Consultants
  • Office Suppliers
  • Janitorial services
  • Marketing and advertising
  • Computer hardware
  • Software reseller (SaaS)
  • Data centers

It’s also essential to understand that your organization's TPRM or vendor risk management (VRM) team is responsible for managing and mitigating the risk of those relationships. So, it’s important to closely inspect and monitor those business relationships that pose risks to your organization. You can think of this general idea as "knowing your vendor."

who consider third party vendor

How to Know Your Third Party/Vendor

Knowing your vendor isn't just a concept; it’s an important business practice. How do you "know your vendor”? What exactly does this mean? In essence, it means that your organization should assess the vendor's operations and competence in providing prospective services and meeting their contractual obligations. This is especially true if the relationship falls under any regulatory supervision. This process is essential and helps you verify that your vendors don't pose any unnecessary risks to the organization or its customers.

3 Best Practices for Getting to Know Your Third Parties/Vendors

When it comes to knowing your vendors, you should keep these four best practices in mind:

  1. Perform due diligence during the vendor vetting stage. Due diligence involves validating that a vendor is a legitimate business entity with a solid reputation. This usually requires a background and OFAC check, a review of the Articles of Incorporation/business license, a Secretary of State check, etc.

    Due diligence also requires gathering documentation and information from the vendor to verify that they have appropriate and satisfactory risk controls. It’s important to note that your due diligence process should be more rigorous for critical or high-risk vendors.
  2. Establish ongoing monitoring. Ongoing monitoring is often forgotten but is essential to effective third-party risk management. As the relationship progresses, you must periodically conduct risk reviews and perform due diligence.

    While many organizations heavily vet their vendors during the contract stage, failing to perform ongoing monitoring leaves your organization vulnerable to risk resulting from changes in the vendor's environment. These risks can come from leadership changes, internal software enhancements, data center migrations, or changes to regulations or the vendor's industry. These risks and changes can affect your vendor's risk posture and how well they can meet contractual commitments and may significantly impact your organization. Between formal risk reviews, it’s important to monitor the vendor for new or emerging risks

    Signs of new risks may include:
    • A decline in financial condition
    • Proper security controls are no longer in place
    • The third party is receiving many complaints from your customers due to poor service levels
    • The vendor isn't meeting service-level requirements
  3. Check the news. Not surprisingly, the web can be a great resource for your ongoing monitoring efforts. Be sure to schedule web searches on your critical and high-risk vendors. You may be surprised to find how much you can learn about your third party with a simple news search.

It doesn't matter if your organization uses the term third party or vendor to describe the business entities that provide products and services. What is important is understanding and utilizing effective third-party or vendor risk management practices to minimize the risk in those relationships.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo