Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

podcast

9 Tips to Prepare for a Third-Party Risk Examination

CPE Credit Eligible

Preparing for third-party risk exams aren't a walk in the park - but it can be.

Don’t panic about the notification of a third party risk exam - we can help you be ready. Three to four months in advance of the examiner's arrival, you should prepare or fine-tune the 9 following documentation items. Listen to this vendor risk management podcast to learn more.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg

 

Podcast Transcript

alicia-thomas-new-headshot-circle-100Hi Everyone and thank you for joining me today for our Third Party Thursday podcast. I’m Alicia Thomas, Senior Relationship Manager here at Venminder.

Today’s topic is regarding tips for preparing for a vendor management or third party risk examination. I hope you find this information to be beneficial as you prepare for your next one. These are the pointers I’ve found to be very helpful for a smooth exam.

Ideally, 3-4 months in advance of the examiner's arrival, you should prepare or fine-tune the 9 following documentation items:

  1. Your vendor management program and supporting documentation. Make sure the documents are board approved, that they can contain regulatory guidance citations and align with the actual work product being produced.

  2. Prepare an organization chart and bios of key organization members involved in third party risk management. The examiners will likely want to see their qualifications and experience.

  3. Pull a complete inventory of your third parties. Be prepared to include samples of the due diligence being performed, risk assessments and ongoing monitoring activities. It’s recommended to take a risk-based approach to prepare the inventory.

  4. Have complete critical and high risk third party samples on file.

  5. Be sure to have adequate reviews of reports such as SOCs, business continuity plans and financials. Make sure these due diligence documents are the most current and that the analyses are on file too.

  6. Have evidence that you’ve been keeping senior management and the board informed. Have copies of the reports themselves as well as minutes of the meetings on hand.

  7. Show that there is a process in place to alert you of key dates. Examples include upcoming contract renewal notice periods or termination dates.

  8. Begin preparing for any pre-examination requests or initial document requests. If the examiners gave you a pre-arrival request list, be sure you’re ready with the items you know they are going to request. It’s always a good idea to have an additional person in your institution, perhaps someone in compliance, audit or risk management review the list as well to ensure that the requests are fully understood and the items you are handing over are the correct ones to be responsive to the request. If you’re unsure, it’s always better to clarify than to hand over something hoping that it meets the needs.

  9. Be sure to have documentation showing how you remediated prior exam findings.

Don’t panic about the notification of the exam. As long as you and your team are doing your best to prepare the above documentation in a thorough, efficient and timely manner, you’ll be ready to go by the time the examiners arrive. In order to prepare for their arrival day, be sure you let them know you’ve received their notification and are prepared for their arrival. Also, be sure to schedule an agreed upon time of arrival and give them instructions on where to go.

Internally, make sure your organization knows what to expect and where the examiners will be. This will help to set the overall ground rules for colleagues. While it may seem like a given, still let them know it’s important to always be professional, polite and encourage that they do not have impromptu meetings alone with the examiners.

Now relax! You’ve done a lot of work and research to prepare for the exam.

I hope you found this podcast helpful. Again, I’m Alicia Thomas, Senior Relationship Manager here at Venminder. If you haven’t already done so, please subscribe to our Third Party Thursday series.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo